Overview

URL guproxyz.tk/cBApjXuqCM/GuProPBFREE.vmp.dll
IP54.72.9.51
ASNAS16509 Amazon.com, Inc.
Location Ireland
Report completed2019-01-12 15:17:50 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-01-12 2 parkingcrew.net/assets/scripts/js3.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 54.72.9.51

Date UQ / IDS / BL URL IP
2019-03-24 13:28:38 +0100
0 - 0 - 1 cpa-on1ne-smslink-re-activ2t-acc03747847423.c (...) 54.72.9.51
2019-03-24 12:12:56 +0100
0 - 0 - 1 thejsscripts.com/viewmydata/1.0.3.801/inethnf (...) 54.72.9.51
2019-03-24 12:07:44 +0100
0 - 0 - 1 thejsscripts.com/viewmydata/1.0.2.313/inethnf (...) 54.72.9.51
2019-03-24 12:02:31 +0100
0 - 0 - 1 thejsscripts.com/viewmydata/1.0.4.211/inethnf (...) 54.72.9.51
2019-03-24 11:42:54 +0100
0 - 0 - 1 dhgsakasg.kiaayartenuaram.com/document/filess (...) 54.72.9.51
2019-03-24 11:40:35 +0100
0 - 0 - 1 placebeau.nl/downloads/RemoveWAT22.zip 54.72.9.51
2019-03-24 11:16:24 +0100
0 - 0 - 1 resolutioncenter-login.updateinformations.info/pjj 54.72.9.51
2019-03-24 09:50:26 +0100
0 - 0 - 1 acc1t-v3rif1-sms-reco-ver-at7283387.com/jdd 54.72.9.51
2019-03-24 07:23:48 +0100
0 - 0 - 1 nez-xyz.com/interjishu 54.72.9.51
2019-03-24 05:36:53 +0100
0 - 0 - 1 expertjutttaiz.com/rlz 54.72.9.51

Last 10 reports on ASN: AS16509 Amazon.com, Inc.

Date UQ / IDS / BL URL IP
2019-03-24 14:58:04 +0100
0 - 0 - 0 https://qiita.com/spostshdtv247/items/5f88bf6 (...) 54.199.202.240
2019-03-24 14:37:30 +0100
0 - 0 - 1 rp.dadafarada.com/?pcrc=481753417 54.194.149.175
2019-03-24 13:55:02 +0100
0 - 0 - 0 https://qiita.com/jpskysports78/items/7341187 (...) 54.92.94.201
2019-03-24 13:28:38 +0100
0 - 0 - 1 cpa-on1ne-smslink-re-activ2t-acc03747847423.c (...) 54.72.9.51
2019-03-24 13:23:53 +0100
0 - 0 - 0 https://qiita.com/msm42196/items/d6bdc592ddd3 (...) 54.199.202.240
2019-03-24 13:20:28 +0100
0 - 0 - 0 https://qiita.com/jpskysports78/items/e61aa8f (...) 54.199.202.240
2019-03-24 13:16:02 +0100
0 - 0 - 0 https://qiita.com/dfdsfdfd/items/ce4008cebf96 (...) 54.92.94.201
2019-03-24 13:12:07 +0100
0 - 0 - 0 https://qiita.com/MsnITi2/items/a494b96227cda (...) 54.199.202.240
2019-03-24 12:12:56 +0100
0 - 0 - 1 thejsscripts.com/viewmydata/1.0.3.801/inethnf (...) 54.72.9.51
2019-03-24 12:07:44 +0100
0 - 0 - 1 thejsscripts.com/viewmydata/1.0.2.313/inethnf (...) 54.72.9.51

Last 10 reports on domain: guproxyz.tk

Date UQ / IDS / BL URL IP
2019-03-23 12:10:08 +0100
0 - 0 - 1 guproxyz.tk/JLCIfiSxzr/v13.exe 185.53.178.9
2019-03-17 19:34:42 +0100
0 - 0 - 1 guproxyz.tk/QistGHBlqA/v53.exe 185.53.178.9
2019-03-07 06:35:19 +0100
0 - 0 - 1 guproxyz.tk/IGCsYnoSlI/win10/ddraw32b.exe 185.53.178.9
2019-02-13 00:12:03 +0100
0 - 0 - 1 guproxyz.tk/txekzjh2me/win10/ddraw32b.exe 185.53.178.9
2019-02-12 19:31:57 +0100
0 - 0 - 1 guproxyz.tk/txekzjh2me/win10/ddraw32b.exe 185.53.178.9
2019-02-12 08:01:21 +0100
0 - 0 - 1 guproxyz.tk/tzovzrgcos/lbjgkkrjta.exe 185.53.178.9
2019-01-28 23:43:01 +0100
0 - 0 - 1 guproxyz.tk/QistGHBlqA/v53.exe 185.53.178.9
2019-01-28 21:19:44 +0100
0 - 4 - 1 guproxyz.tk/QistGHBlqA/v53.exe 185.53.178.9
2019-01-22 15:33:32 +0100
0 - 0 - 1 guproxyz.tk/IGCsYnoSlI/win10/ddraw32b.exe 185.53.178.9
2018-12-12 00:43:31 +0100
0 - 3 - 0 guproxyz.tk/IGCsYnoSlI/win10/ddraw32b.exe 103.224.182.250


JavaScript

Executed Scripts (7)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (19)


Request Response
                                        
                                            GET /cBApjXuqCM/GuProPBFREE.vmp.dll HTTP/1.1 
Host: guproxyz.tk
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.72.9.51
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 12 Jan 2019 14:14:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
X-Check: 3c12dc4d54f8e22d666785b733b0052100c53444
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1056
Md5:    d194389a691a73c4e377434658e26a37
Sha1:   ec1cd3724a476792e3c0973d827264c547b3ca83
Sha256: ef7f9eb9fd7f01fc706f4718ff38cb98d23791219e06a928522860692e410bf9
                                        
                                            GET /assets/scripts/js3.js HTTP/1.1 
Host: parkingcrew.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://guproxyz.tk/cBApjXuqCM/GuProPBFREE.vmp.dll

                                         
                                         185.53.179.29
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 12 Jan 2019 14:14:18 GMT
Content-Length: 17915
Connection: keep-alive
Last-Modified: Mon, 07 Jan 2019 10:07:22 GMT
Etag: "5c3324da-45fb"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C++ program text, with very long lines
Size:   17915
Md5:    db3cacfb57ba35d3fcfdbbcf7d46bd42
Sha1:   64034a7b579d0fb46cc71417ff038da23886d6c8
Sha256: a606134e35db97024d04789609660c94f87f660dc259d91db5180e32787d4dad

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /track.php?domain=guproxyz.tk&toggle=browserjs&uid=MTU0NzMwMjQ1Ny41NTk6YjA0NTY4ZGI0NjhlNzI2NTlmNDdlMThlNmZiNWY2ZGYxZmJhN2JhNzMyYmVlMDkxM2ZlMDBlNjQyM2E3NmQ4MDo1YzM5ZjYzOTg4N2Zk HTTP/1.1 
Host: guproxyz.tk
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://guproxyz.tk/cBApjXuqCM/GuProPBFREE.vmp.dll

                                         
                                         54.72.9.51
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 12 Jan 2019 14:14:18 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Custom-Track: browserjs
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   20
Md5:    7029066c27ac6f5ef18d660d5741979a
Sha1:   46c6643f07aa7f6bfe7118de926b86defc5087c4
Sha256: 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
                                        
                                            GET /track.php?click=5b53ccd02792a79936184954fc4d1abe5dbbc818&domain=guproxyz.tk&uid=MTU0NzMwMjQ1Ny41NTk6YjA0NTY4ZGI0NjhlNzI2NTlmNDdlMThlNmZiNWY2ZGYxZmJhN2JhNzMyYmVlMDkxM2ZlMDBlNjQyM2E3NmQ4MDo1YzM5ZjYzOTg4N2Zk&ts=fHx8ZDQxZDh8fHxidWNrZXQwNTB8fHx8NWMzOWY2Mzk4ODFmYnx8fDE1NDczMDI0NTguMDA5N3xjNWUxN2EzNDBmZmI4ZjRlZWFlNGZhMGNmMjEyYmM2YzU0ZTIzNjhifHx8fHwxfHx8MHw1YzM5ZjYzYWFhZmZiZTFhNjA4YjRjYTJ8fHwwfHx8fHwwfDB8fHx8fHx8fHx8MHwxfDVjMzlmNjNhYWFmZmJlMWE2MDhiNGNhMnwwfDB8MXwwfDB8VzEwPQ%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1 
Host: guproxyz.tk
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://guproxyz.tk/cBApjXuqCM/GuProPBFREE.vmp.dll

                                         
                                         54.72.9.51
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 12 Jan 2019 14:14:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
X-Click-Track: '5b53ccd02792a79936184954fc4d1abe5dbbc818'
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   20
Md5:    7029066c27ac6f5ef18d660d5741979a
Sha1:   46c6643f07aa7f6bfe7118de926b86defc5087c4
Sha256: 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: guproxyz.tk
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.72.9.51
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Sat, 12 Jan 2019 14:14:19 GMT
Content-Length: 0
Connection: close
Last-Modified: Mon, 07 Jan 2019 10:07:22 GMT
Etag: "5c3324da-0"
Accept-Ranges: bytes


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         143.204.51.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=153650
Date: Sat, 12 Jan 2019 14:14:19 GMT
Etag: "5c3999d5-1d7"
Expires: Mon, 14 Jan 2019 08:55:09 GMT
Last-Modified: Sat, 12 Jan 2019 07:40:05 GMT
Server: ECS (phd/FD69)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fbb.cloudfront.net (CloudFront)
X-Amz-Cf-Id: LEm0mgiE5GAYqET4lg71Mb4UClPu4G-xE410jUcYM-9Prcu3poVylg==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    3e2571e2a6275716ec1dfc452a162e78
Sha1:   ecbc054d90404359726e10d11008b849422fb123
Sha256: 73fcda6ed196f4fe4aecf16eeb4643832118375c383f824f5d77052aebff397a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.rootca1.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 118
Content-Type: application/ocsp-request

                                         
                                         143.204.51.72
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 1426
Connection: keep-alive
Date: Sat, 12 Jan 2019 14:14:19 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.7/2018-03-28)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fbb.cloudfront.net (CloudFront)
X-Amz-Cf-Id: EEB80fgvVOUyw-h9QbRwlzYF4an1HaruWgJT6XYbylrwySD6IJvq2g==


--- Additional Info ---
Magic:  data
Size:   1426
Md5:    f06ca870f76446a4d0776b2037b38a9e
Sha1:   3497c947ab015200b4769f872bf16b3b1560c5fc
Sha256: 630eda5adf104a89717151b4f4220bbdb110835d3935753ded7e0de8f984d939
                                        
                                            GET /tr?id=01e02363d296c6c195db2d2b4a9e97bd429c247a67.r&tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MDVjNmI4MTcxMzIwNDAyNTc1YjFkNmUiLCJ0cyI6IjAxMTIxNDE0IiwiZCI6Imd1cHJveHl6LnRrIn0.9Ma69qsafhCtU1FAX8GijeVkzAh_dKxKDb0bog62WjI HTTP/1.1 
Host: katie.runtnc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://guproxyz.tk/cBApjXuqCM/GuProPBFREE.vmp.dll

                                         
                                         52.73.238.91
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 12 Jan 2019 14:14:20 GMT
Content-Length: 2190
Connection: keep-alive
P3P: CP="CUR NOI NID STA STP"
X-Robots-Tag: noindex, nofollow
Set-Cookie: checkme=2522645df4885395ae99ddbad90bc0fdb789; Path=/


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   2190
Md5:    953cdbeac911db7dd4bead5b8cf58556
Sha1:   aa4ae6adba18b1384fd344bc2ea0074af85e8b6a
Sha256: 5562822d27a36dc9d1a1cb54184abd6c5424cf6f617d8dcb7b2104dccac61e2d
                                        
                                            GET /trx?id=01e02363d296c6c195db2d2b4a9e97bd429c247a67.r&confirm=2522645df4885395ae99ddbad90bc0fd&size=886704&noframe=1&tnc_ref=http%3A%2F%2Fguproxyz.tk%2FcBApjXuqCM%2FGuProPBFREE.vmp.dll&reftaken=feed&refEqual=true HTTP/1.1 
Host: katie.runtnc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://katie.runtnc.net/tr?id=01e02363d296c6c195db2d2b4a9e97bd429c247a67.r&tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MDVjNmI4MTcxMzIwNDAyNTc1YjFkNmUiLCJ0cyI6IjAxMTIxNDE0IiwiZCI6Imd1cHJveHl6LnRrIn0.9Ma69qsafhCtU1FAX8GijeVkzAh_dKxKDb0bog62WjI
Cookie: checkme=2522645df4885395ae99ddbad90bc0fdb789

                                         
                                         52.73.238.91
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 12 Jan 2019 14:14:20 GMT
Content-Length: 245
Connection: keep-alive
P3P: CP="CUR NOI NID STA STP"
X-Robots-Tag: noindex, nofollow
Referrer-Policy: no-referrer


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   245
Md5:    5503da478fde7be894e142400137b8df
Sha1:   067b2d63edf178b9d7bdbf049c9743f3f9c9f10b
Sha256: e45991865b2b1452aecca8ac0669a5f84dfc89d6b2b0aa4930d10847c49449ba
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "D8EB9FD2DFF6D779C430862154031A8B61280E7D5C09BB66AC06BF8F01291552"
Last-Modified: Thu, 10 Jan 2019 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=29786
Expires: Sat, 12 Jan 2019 22:30:46 GMT
Date: Sat, 12 Jan 2019 14:14:20 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    d815d97900fc77e76c313c0f9f1bc548
Sha1:   06027526f8ff2af6313ff243b449c1f9e017e975
Sha256: d8eb9fd2dff6d779c430862154031a8b61280e7d5c09bb66ac06bf8f01291552
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.121
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Thu, 10 Jan 2019 22:29:10 GMT
Etag: "bf3c1239e78777b28969ff52cde8c9c84e994ba9"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=12414
Expires: Sat, 12 Jan 2019 17:41:14 GMT
Date: Sat, 12 Jan 2019 14:14:20 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    5d24bb2128ea34f4050ed8dac5b313a8
Sha1:   bf3c1239e78777b28969ff52cde8c9c84e994ba9
Sha256: 90c42e06752a4b6ddf8a9060b3d67b718e5aa3e13e9a26e0c1087ede00c8046f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: katie.runtnc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: checkme=2522645df4885395ae99ddbad90bc0fdb789

                                         
                                         52.73.238.91
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 12 Jan 2019 14:14:20 GMT
Content-Length: 150
Connection: keep-alive
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   150
Md5:    84241342d84ac29592a5d9516f8edf7f
Sha1:   03c53980e18e17625f439c20e7d438f066202428
Sha256: 6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
                                        
                                            GET /click.php?key=1r0bs6gz98tf0285o2iy&clickid=01e02363d296c6c195db2d2b4a9e97bd429c247a67.r.1547302457.729a51f7c2ff7eafa5236a76b4d1bd85&cpc=0.0083&sourceid=59ead1dbf0a75d05ea9092a2&match=ron&carrier=wifi&mob_pf=windows&country=NO HTTP/1.1 
Host: hcliips.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://katie.runtnc.net/tr?id=01e02363d296c6c195db2d2b4a9e97bd429c247a67.r&tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MDVjNmI4MTcxMzIwNDAyNTc1YjFkNmUiLCJ0cyI6IjAxMTIxNDE0IiwiZCI6Imd1cHJveHl6LnRrIn0.9Ma69qsafhCtU1FAX8GijeVkzAh_dKxKDb0bog62WjI

                                         
                                         136.243.73.30
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.14.0
Date: Sat, 12 Jan 2019 14:14:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=bzir3vci; expires=Sun, 13-Jan-2019 14:14:20 GMT; Max-Age=86400; path=/
Location: https://cld4r.com/?a=47161&c=171975&s1=39&s2=c55cebzir3vcib81
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         143.204.51.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=155241
Date: Sat, 12 Jan 2019 14:14:20 GMT
Etag: "5c39063a-1d7"
Expires: Mon, 14 Jan 2019 09:21:41 GMT
Last-Modified: Fri, 11 Jan 2019 21:10:18 GMT
Server: ECS (phd/FD6D)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fbb.cloudfront.net (CloudFront)
X-Amz-Cf-Id: DpiX4pfRLrMTeDe2HXwG60XxAjfbXJJbY-4CjOxDS_-cMvKWrCDdBw==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    0d1de4cf6a91bc1b850d15ee96c30a2a
Sha1:   9ace60478f4b87aeca3c6e1ed867bc35453da58f
Sha256: 1066c870752f3e2bcdb0b9f52032b632cf049e1306d280190848ac1d471ddd68
                                        
                                            GET /?a=47161&c=171975&s1=39&s2=c55cebzir3vcib81 HTTP/1.1 
Host: cld4r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://katie.runtnc.net/tr?id=01e02363d296c6c195db2d2b4a9e97bd429c247a67.r&tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MDVjNmI4MTcxMzIwNDAyNTc1YjFkNmUiLCJ0cyI6IjAxMTIxNDE0IiwiZCI6Imd1cHJveHl6LnRrIn0.9Ma69qsafhCtU1FAX8GijeVkzAh_dKxKDb0bog62WjI

                                         
                                         63.32.246.29
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
                                        
Date: Sat, 12 Jan 2019 14:14:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding, Accept-Encoding
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Sat, 1 May 2020 12:00:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   955
Md5:    23773e8e68e111b6682d340e7f8dcba9
Sha1:   a976d9f02e3d8cb942bd996202c9d1b5b3dfb93d
Sha256: 9f485cb088054872a8dbfca05b2d5294f514f6a26ac9d70e053761659f3d6f39
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         143.204.51.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=172735
Date: Sat, 12 Jan 2019 14:14:21 GMT
Etag: "5c3918e9-1d7"
Expires: Mon, 14 Jan 2019 14:13:16 GMT
Last-Modified: Fri, 11 Jan 2019 22:30:01 GMT
Server: ECS (phd/FD58)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fbb.cloudfront.net (CloudFront)
X-Amz-Cf-Id: uq4uerZ64SicNVk-P_c-XM9zdcbbuCsDrWSRSSLyjXHJ8WvjpUpdfQ==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    8f5a7c908d8624709a83a2f0dbd30032
Sha1:   592e1c35913338dd038ca337bf3dfbc58caf75df
Sha256: 5e15dedaa405349a55be5db89db7353d6f4a34aea3431be75949201219d9871f
                                        
                                            GET /trck HTTP/1.1 
Host: gdmconvtrck.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://cld4r.com/?a=47161&c=171975&s1=39&s2=c55cebzir3vcib81

                                         
                                         54.77.242.150
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=utf-8
                                        
Date: Sat, 12 Jan 2019 14:14:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Set-Cookie: gdm_suid_v1_1_001=FokX1ckUdgfXlaN+t+z8ZvwWndd0+qO0d8uVPXxt4pXaBGwo4/B0OLLhBA2fJZ+d; Expires=Fri, 12-Apr-2019 14:14:21 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Sat, 1 May 2020 12:00:00 GMT
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   553
Md5:    7e211e70f5d5a46345a8816f30beb419
Sha1:   9387543505d37f8a66d8bd76bf93d316db4dc1c8
Sha256: 271a0e2dd825dbcd43f03ac084e95b8e4ea4796658a1069900877a370f5f7f5e
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: cld4r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         63.32.246.29
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sat, 12 Jan 2019 14:14:21 GMT
Content-Length: 43
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: katie.runtnc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: checkme=2522645df4885395ae99ddbad90bc0fdb789

                                         
                                         52.73.238.91
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 12 Jan 2019 14:14:22 GMT
Content-Length: 150
Connection: keep-alive
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   150
Md5:    84241342d84ac29592a5d9516f8edf7f
Sha1:   03c53980e18e17625f439c20e7d438f066202428
Sha256: 6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c