Report - tracking.alamopublishing.com/campaigns/rv3817elmn36f/track-url/oh836c8gttb4e/a760476f86eeab6e770f67e8b41c305928d2695f

Report Overview

Submitted URL
tracking.alamopublishing.com/campaigns/rv3817elmn36f/track-url/oh836c8gttb4e/a760476f86eeab6e770f67e8b41c305928d2695f
IP
167.86.66.22
ASN
#51167 Contabo GmbH
Submitted
2023-05-21 23:53:44
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-05-21	340 B	865 B	143.204.48.16
tracking.bluewatersredfish.com	unknown	2019-08-02	2021-08-11	2023-05-20	620 B	1.9 kB	52.209.186.26
ocsp.starfieldtech.com	6616	2003-03-06	2012-06-22	2023-05-21	672 B	4.7 kB	192.124.249.22
www.loguq.com	unknown	2021-10-11	2021-10-15	2023-05-20	538 B	280 B	35.227.247.224
tracking.alamopublishing.com	unknown	2019-03-11	2022-06-22	2023-04-21	489 B	752 B	167.86.66.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-21	medium	tracking.alamopublishing.com/campaigns/rv3817elmn36f/track-url/oh836c8gttb4e/a760476f86eeab6e770f67e8b41c305928d2695f

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

tracking.alamopublishing.com/campaigns/rv3817elmn36f/track-url/oh836c8gttb4e/a760476f86eeab6e770f67e8b41c305928d2695f

167.86.66.22

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
tracking.alamopublishing.com/campaigns/rv3817elmn36f/track-url/oh836c8gttb4e/a760476f86eeab6e770f67e8b41c305928d2695f
IP
167.86.66.22:80
ASN
#51167 Contabo GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /campaigns/rv3817elmn36f/track-url/oh836c8gttb4e/a760476f86eeab6e770f67e8b41c305928d2695f HTTP/1.1
Host: tracking.alamopublishing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Sun, 21 May 2023 23:53:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: mwsid=8a324ebbbb5e8e87debd477abbab84e9; path=/; HttpOnly
Last-Modified: Sun, 21 May 2023 23:53:27 GMT
Location: https://tracking.bluewatersredfish.com/aff_c?offer_id=404&aff_id=5&aff_sub=AP1TCS19&aff_sub2=briank@grovehvac.com&aff_sub3=123&aff_sub4=[CAMPAIGN_ID]&aff_sub5=grovehvac.com
X-Cache: HIT from Backend
X-XSS-Protection: 1; mode=block, 1; mode=block
X-Content-Type-Options: nosniff

ocsp.r2m01.amazontrust.com/

143.204.48.16

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
9897ae42676a08f447424670f40ca411
d1144e367f52ce681e8b9c8611b89c1bed6d0f3a
9f731c150a42a2afa9b64a87dcc33c764e2d9f11fede7360922e3ec5ace94aa7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=7200'
Date: Sun, 21 May 2023 23:53:27 GMT
Server: ECAcc (dcb/7F0D)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: R0MChyXJQILj0CCZuewUTDk77HffPijuy1oo60RF4TriswQYf3Nx0A==

tracking.bluewatersredfish.com/aff_c?offer_id=404&aff_id=5&aff_sub=AP1TCS19&aff_sub2=briank@grovehvac.com&aff_sub3=123&aff_sub4=[CAMPAIGN_ID]&aff_sub5=grovehvac.com

52.209.186.26

302 Found

282 B

URL User Request GET HTTP/1.1
tracking.bluewatersredfish.com/aff_c?offer_id=404&aff_id=5&aff_sub=AP1TCS19&aff_sub2=briank@grovehvac.com&aff_sub3=123&aff_sub4=[CAMPAIGN_ID]&aff_sub5=grovehvac.com
IP
52.209.186.26:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjecttracking.bluewatersredfish.com
Fingerprint97:08:15:71:F9:BF:8B:36:03:58:24:A1:22:CA:AC:0F:FC:34:28:4F
ValidityFri, 10 Feb 2023 00:00:00 GMT - Wed, 09 Aug 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
282 B (282 bytes)
Hash
b0bbd969c5df81ef339725c4771913e3
2f70139ca868a1f18535d352e23b3305e7a4d8e2
0aeeca8a072809a46f5e84231a9d4e33a268ff0020ec3412485a1795e3790fc6

HTTP Headers

GET /aff_c?offer_id=404&aff_id=5&aff_sub=AP1TCS19&aff_sub2=briank@grovehvac.com&aff_sub3=123&aff_sub4=[CAMPAIGN_ID]&aff_sub5=grovehvac.com HTTP/1.1
Host: tracking.bluewatersredfish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 21 May 2023 23:53:27 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 282
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://www.loguq.com/29T6R6/XG274CC4/?sub1=5&sub2=102a585b459de8455905652cf1cd97&sub3=404
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: enc_aff_session_404=ENC03c659eee0421d4a5786f34e5ac4eb92eaaa5e6db4c69d0660314c7bdbd00780005f641523dff4ca31afddd61521031a3229d6e2d0a9e3d62a9225a543c385151ec4a79a5bc5dc17bf13cf04c481ffec84ed7f48db6de4ffe76cad56a1391b8583b04a834ff55fccab1f83d4d989d70dc48969c24fdfb7d0be577ce6e4c249680ea404c1dce9a803061acac02e0283fe80e1e44096220d0008045a8769e564b2ea05469bac; expires=Wed, 21 Jun 2023 23:53:27 GMT; path=/; SameSite=None; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMTEuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCBYODZfNjQ7IFJ2OjEwOS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzExMS4wIiwiYWNjZXB0X2xhbmd1YWdlIjoiZW4tVVMsZW47cT0wLjUiLCJjb25uZWN0aW9uX3NwZWVkIjoiYnJvYWRiYW5kIn0=; expires=Wed, 15 Apr 2026 10:33:27 GMT; path=/; SameSite=None; Secure
Tracking_id: 102a585b459de8455905652cf1cd97
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Origin: *
X-Request-Id: f08825fafb2d5e84270a35f1a6bd3430
Access-Control-Allow-Headers: Tune-SDK-Version

ocsp.starfieldtech.com/

192.124.249.22

1.8 kB

URL
ocsp.starfieldtech.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1846 bytes)
Hash
5adcb631e29c4f6dbbb60bb9b24e2b9b
80ec3e59b663174b991e7124d5b23e112a96c343
70937195056f7c644cc610d9560a83f857bba1ed92a69b53141d90ab483e1149

HTTP Headers

POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 21 May 2023 23:53:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 21 May 2023 22:46:52 GMT
Expires: Mon, 22 May 2023 22:46:52 GMT
ETag: "80ec3e59b663174b991e7124d5b23e112a96c343"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

www.loguq.com/29T6R6/XG274CC4/?sub1=5&sub2=102a585b459de8455905652cf1cd97&sub3=404

35.227.247.224

204 No Content

0 B

URL User Request GET HTTP/2
www.loguq.com/29T6R6/XG274CC4/?sub1=5&sub2=102a585b459de8455905652cf1cd97&sub3=404
IP
35.227.247.224:443
ASN
#15169 GOOGLE

Certificate
IssuerStarfield Technologies, Inc.
Subjectloguq.com
Fingerprint9B:E1:DA:81:3E:54:D0:A2:6A:1F:6B:3A:AD:FD:DF:74:E3:87:FC:FC
ValidityMon, 24 Apr 2023 16:02:05 GMT - Fri, 19 Jan 2024 16:03:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /29T6R6/XG274CC4/?sub1=5&sub2=102a585b459de8455905652cf1cd97&sub3=404 HTTP/1.1
Host: www.loguq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 21 May 2023 23:53:28 GMT
accept-ch: Sec-Ch-Ua-Platform-Version
vary: Origin
x-eflow-request-id: e610e33e-1194-47aa-9210-fa27f7e9a68f
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.starfieldtech.com/

192.124.249.24

1.8 kB

URL
ocsp.starfieldtech.com/
IP
192.124.249.24:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1846 bytes)
Hash
5adcb631e29c4f6dbbb60bb9b24e2b9b
80ec3e59b663174b991e7124d5b23e112a96c343
70937195056f7c644cc610d9560a83f857bba1ed92a69b53141d90ab483e1149

HTTP Headers

POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 21 May 2023 23:53:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 21 May 2023 22:46:52 GMT
Expires: Mon, 22 May 2023 22:46:52 GMT
ETag: "80ec3e59b663174b991e7124d5b23e112a96c343"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers