tracking.alamopublishing.com/campaigns/rv3817elmn36f/track-url/oh836c8gttb4e/a760476f86eeab6e770f67e8b41c305928d2695f
167.86.66.22301 Moved Permanently 0 B URL User Request GET HTTP/1.1 tracking.alamopublishing.com/campaigns/rv3817elmn36f/track-url/oh836c8gttb4e/a760476f86eeab6e770f67e8b41c305928d2695f
IP 167.86.66.22:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /campaigns/rv3817elmn36f/track-url/oh836c8gttb4e/a760476f86eeab6e770f67e8b41c305928d2695f HTTP/1.1
Host: tracking.alamopublishing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Sun, 21 May 2023 23:53:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: mwsid=8a324ebbbb5e8e87debd477abbab84e9; path=/; HttpOnly
Last-Modified: Sun, 21 May 2023 23:53:27 GMT
Location: https://tracking.bluewatersredfish.com/aff_c?offer_id=404&aff_id=5&aff_sub=AP1TCS19&aff_sub2=briank@grovehvac.com&aff_sub3=123&aff_sub4=[CAMPAIGN_ID]&aff_sub5=grovehvac.com
X-Cache: HIT from Backend
X-XSS-Protection: 1; mode=block, 1; mode=block
X-Content-Type-Options: nosniff
ocsp.r2m01.amazontrust.com/
143.204.48.16 471 B URL ocsp.r2m01.amazontrust.com/
IP 143.204.48.16:0
Hash 9897ae42676a08f447424670f40ca411
d1144e367f52ce681e8b9c8611b89c1bed6d0f3a
9f731c150a42a2afa9b64a87dcc33c764e2d9f11fede7360922e3ec5ace94aa7
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=7200'
Date: Sun, 21 May 2023 23:53:27 GMT
Server: ECAcc (dcb/7F0D)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: R0MChyXJQILj0CCZuewUTDk77HffPijuy1oo60RF4TriswQYf3Nx0A==
tracking.bluewatersredfish.com/aff_c?offer_id=404&aff_id=5&aff_sub=AP1TCS19&aff_sub2=briank@grovehvac.com&aff_sub3=123&aff_sub4=[CAMPAIGN_ID]&aff_sub5=grovehvac.com
52.209.186.26302 Found 282 B URL User Request GET HTTP/1.1 tracking.bluewatersredfish.com/aff_c?offer_id=404&aff_id=5&aff_sub=AP1TCS19&aff_sub2=briank@grovehvac.com&aff_sub3=123&aff_sub4=[CAMPAIGN_ID]&aff_sub5=grovehvac.com
IP 52.209.186.26:443
Certificate IssuerAmazon
Subjecttracking.bluewatersredfish.com
Fingerprint97:08:15:71:F9:BF:8B:36:03:58:24:A1:22:CA:AC:0F:FC:34:28:4F
ValidityFri, 10 Feb 2023 00:00:00 GMT - Wed, 09 Aug 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b0bbd969c5df81ef339725c4771913e3
2f70139ca868a1f18535d352e23b3305e7a4d8e2
0aeeca8a072809a46f5e84231a9d4e33a268ff0020ec3412485a1795e3790fc6
GET /aff_c?offer_id=404&aff_id=5&aff_sub=AP1TCS19&aff_sub2=briank@grovehvac.com&aff_sub3=123&aff_sub4=[CAMPAIGN_ID]&aff_sub5=grovehvac.com HTTP/1.1
Host: tracking.bluewatersredfish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 21 May 2023 23:53:27 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 282
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://www.loguq.com/29T6R6/XG274CC4/?sub1=5&sub2=102a585b459de8455905652cf1cd97&sub3=404
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: enc_aff_session_404=ENC03c659eee0421d4a5786f34e5ac4eb92eaaa5e6db4c69d0660314c7bdbd00780005f641523dff4ca31afddd61521031a3229d6e2d0a9e3d62a9225a543c385151ec4a79a5bc5dc17bf13cf04c481ffec84ed7f48db6de4ffe76cad56a1391b8583b04a834ff55fccab1f83d4d989d70dc48969c24fdfb7d0be577ce6e4c249680ea404c1dce9a803061acac02e0283fe80e1e44096220d0008045a8769e564b2ea05469bac; expires=Wed, 21 Jun 2023 23:53:27 GMT; path=/; SameSite=None; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMTEuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCBYODZfNjQ7IFJ2OjEwOS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzExMS4wIiwiYWNjZXB0X2xhbmd1YWdlIjoiZW4tVVMsZW47cT0wLjUiLCJjb25uZWN0aW9uX3NwZWVkIjoiYnJvYWRiYW5kIn0=; expires=Wed, 15 Apr 2026 10:33:27 GMT; path=/; SameSite=None; Secure
Tracking_id: 102a585b459de8455905652cf1cd97
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Origin: *
X-Request-Id: f08825fafb2d5e84270a35f1a6bd3430
Access-Control-Allow-Headers: Tune-SDK-Version
ocsp.starfieldtech.com/
192.124.249.22 1.8 kB IP 192.124.249.22:0
Hash 5adcb631e29c4f6dbbb60bb9b24e2b9b
80ec3e59b663174b991e7124d5b23e112a96c343
70937195056f7c644cc610d9560a83f857bba1ed92a69b53141d90ab483e1149
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 21 May 2023 23:53:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 21 May 2023 22:46:52 GMT
Expires: Mon, 22 May 2023 22:46:52 GMT
ETag: "80ec3e59b663174b991e7124d5b23e112a96c343"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.loguq.com/29T6R6/XG274CC4/?sub1=5&sub2=102a585b459de8455905652cf1cd97&sub3=404
35.227.247.224204 No Content 0 B URL User Request GET HTTP/2 www.loguq.com/29T6R6/XG274CC4/?sub1=5&sub2=102a585b459de8455905652cf1cd97&sub3=404
IP 35.227.247.224:443
Certificate IssuerStarfield Technologies, Inc.
Subjectloguq.com
Fingerprint9B:E1:DA:81:3E:54:D0:A2:6A:1F:6B:3A:AD:FD:DF:74:E3:87:FC:FC
ValidityMon, 24 Apr 2023 16:02:05 GMT - Fri, 19 Jan 2024 16:03:01 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /29T6R6/XG274CC4/?sub1=5&sub2=102a585b459de8455905652cf1cd97&sub3=404 HTTP/1.1
Host: www.loguq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Sun, 21 May 2023 23:53:28 GMT
accept-ch: Sec-Ch-Ua-Platform-Version
vary: Origin
x-eflow-request-id: e610e33e-1194-47aa-9210-fa27f7e9a68f
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24 1.8 kB IP 192.124.249.24:0
Hash 5adcb631e29c4f6dbbb60bb9b24e2b9b
80ec3e59b663174b991e7124d5b23e112a96c343
70937195056f7c644cc610d9560a83f857bba1ed92a69b53141d90ab483e1149
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 21 May 2023 23:53:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 21 May 2023 22:46:52 GMT
Expires: Mon, 22 May 2023 22:46:52 GMT
ETag: "80ec3e59b663174b991e7124d5b23e112a96c343"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"