Overview

URLaff.subtec.net/?utm_medium=712049d6c4bc9c2fd466d344eca81dbee8c87b72&utm_campaign=main_mainstream_v1&cid=c6507q5m7a5uq0ef1
IP 67.212.184.149 (United States)
ASN#32475 SINGLEHOP-LLC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-10-26 06:38:04 UTC
StatusLoading report..
IDS alerts0
Blocklist alert3
urlquery alerts No alerts detected
Tags None

Domain Summary (18)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
139.59.49.76 (1) 0 2019-08-01 17:32:12 UTC 2022-10-22 08:45:20 UTC 139.59.49.76 Unknown ranking
surf.ueive.com (1) 199304 2022-06-03 22:26:39 UTC 2022-10-25 23:53:48 UTC 172.67.185.86
d0zi.com (1) 0 2022-06-05 17:32:29 UTC 2022-10-26 05:05:54 UTC 162.55.4.52 Unknown ranking
aff.subtec.net (3) 0 2022-02-14 19:20:41 UTC 2022-10-25 17:14:23 UTC 67.212.184.149 Unknown ranking
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
cdn.addlnk.com (2) 246074 2021-08-24 11:39:04 UTC 2022-10-26 04:44:25 UTC 172.67.191.221
img-getpocket.cdn.mozilla.net (5) 1631 2019-03-04 20:37:34 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.digicert.com (7) 86 2012-06-27 22:09:06 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
www.wewillserv.com (4) 277919 No data No data 51.68.85.158
admoustache.go2affise.com (1) 84756 2018-06-13 07:03:22 UTC 2022-10-25 11:59:35 UTC 34.141.137.168
aditmedia.g2afse.com (1) 61605 2021-04-14 15:59:45 UTC 2022-10-26 06:21:39 UTC 34.141.179.97
myofferplus.com (1) 0 2021-11-06 17:30:32 UTC 2022-10-26 04:28:46 UTC 172.67.217.200 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-26 04:55:04 UTC 34.117.237.239
ocsp.godaddy.com (1) 698 2012-05-20 19:28:57 UTC 2020-05-02 20:58:10 UTC 192.124.249.22
ad.marootrack.co (6) 0 2022-03-13 12:22:16 UTC 2022-10-26 05:05:52 UTC 65.60.58.179 Unknown ranking
cdn.addlnk.com (2) 246074 2021-08-24 11:39:04 UTC 2022-10-26 04:44:25 UTC 104.21.20.70
r3.o.lencr.org (5) 344 No data No data 23.36.77.32
push.services.mozilla.com (1) 2140 2019-05-26 10:52:39 UTC 2020-05-03 10:09:39 UTC 52.89.217.163

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-26 2 ad.marootrack.co/sw.js?v=1666766275276 Malware
2022-10-26 2 ad.marootrack.co/sw.js?v=1666766275276 Malware
2022-10-26 2 ad.marootrack.co/proc.php?056800d1a9f384c55953f24774645833866ab033 Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 67.212.184.149
Date UQ / IDS / BL URL IP
2022-11-25 22:51:09 +0000 0 - 0 - 1 fun.deal-warriors.xyz/?utm_medium=4adaa885086 (...) 67.212.184.149
2022-10-27 06:42:05 +0000 0 - 0 - 3 wvw.blokdtrfkdom.quest/?utm_medium=1df3ea4804 (...) 67.212.184.149
2022-10-26 06:38:04 +0000 0 - 0 - 3 aff.subtec.net/?utm_medium=712049d6c4bc9c2fd4 (...) 67.212.184.149
2022-10-24 06:39:02 +0000 0 - 0 - 3 aff.subtec.net/?utm_medium=712049d6c4bc9c2fd4 (...) 67.212.184.149
2022-10-17 07:33:35 +0000 0 - 0 - 4 aff.subtec.net/?utm_medium=712049d6c4bc9c2fd4 (...) 67.212.184.149


Last 5 reports on ASN: SINGLEHOP-LLC
Date UQ / IDS / BL URL IP
2023-02-03 10:06:51 +0000 0 - 0 - 2 m.lepetitdiary.com/?utm_medium=efbbdd747f282d (...) 184.154.10.250
2023-02-03 09:21:38 +0000 0 - 0 - 2 aff.zabady.xyz/adsecure-test.html 67.212.184.148
2023-02-03 08:51:10 +0000 0 - 4 - 3 playingwithfire.biz/justarius.com/gallery/ist (...) 184.154.194.130
2023-02-03 08:20:43 +0000 0 - 0 - 2 app2.trckxflow.xyz/?utm_medium=6593a91e648f0f (...) 65.60.9.238
2023-02-03 06:59:10 +0000 0 - 0 - 2 m.lepetitdiary.com/?utm_medium=efbbdd747f282d (...) 184.154.10.250


Last 4 reports on domain: subtec.net
Date UQ / IDS / BL URL IP
2022-10-26 06:38:04 +0000 0 - 0 - 3 aff.subtec.net/?utm_medium=712049d6c4bc9c2fd4 (...) 67.212.184.149
2022-10-24 06:39:02 +0000 0 - 0 - 3 aff.subtec.net/?utm_medium=712049d6c4bc9c2fd4 (...) 67.212.184.149
2022-10-17 07:33:35 +0000 0 - 0 - 4 aff.subtec.net/?utm_medium=712049d6c4bc9c2fd4 (...) 67.212.184.149
2022-10-10 08:16:07 +0000 0 - 0 - 11 aff.subtec.net/?utm_medium=712049d6c4bc9c2fd4 (...) 67.212.184.149


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-10-26 14:54:41 +0000 0 - 0 - 1 rose.hiapodit.digital/?utm_medium=fab2ef6230a (...) 173.236.118.101
2022-10-24 16:27:35 +0000 0 - 0 - 1 live.clicktodeal.live/?utm_medium=31dfe921414 (...) 173.236.35.188
2022-10-23 23:58:36 +0000 0 - 0 - 1 690.novitrk3.com/smartlink?mongo_id=6355d50b6 (...) 188.240.52.20
2022-10-23 23:48:59 +0000 0 - 0 - 1 695.novitrk4.com/smartlink?mongo_id=6355d2cbb (...) 188.240.52.20
2022-10-23 06:04:21 +0000 0 - 0 - 4 bbtl-glo.safetechhost.com/t/clk 52.28.59.112

JavaScript

Executed Scripts (16)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (42)


Request Response
                                        
                                            GET /?utm_medium=712049d6c4bc9c2fd466d344eca81dbee8c87b72&utm_campaign=main_mainstream_v1&cid=c6507q5m7a5uq0ef1 HTTP/1.1 
Host: aff.subtec.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         67.212.184.149
HTTP/1.1 200 Let's rock
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 26 Oct 2022 06:37:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: u=78ca2f7777594e1643ac2490a8fa54f4; expires=Thu, 26-Oct-2023 06:37:53 GMT; Max-Age=31536000; path=/
Location: http://aff.subtec.net/?utm_term=7158706632627585029&ver=4viyaptcjo
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3320), with no line terminators
Size:   1473
Md5:    14350f475b3c149bb57325511c7208e9
Sha1:   ea7b295fa4bb4897ba24bc9de7be2019a7dd20eb
Sha256: 046da2b97e24589697d6c90d4a9657bb69d4be1963467bd9fd0fd906cdb33746
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "52A721168D0C41CB0854FF8C730FCE3B79DB2E804B383238E95FF1401922BD74"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10311
Expires: Wed, 26 Oct 2022 09:29:44 GMT
Date: Wed, 26 Oct 2022 06:37:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5541
Cache-Control: max-age=102339
Date: Wed, 26 Oct 2022 06:37:53 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 11:03:32 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D9D95319013D64BC2EF6D9870F4ADBA902EE970B6F9E96279C9ED86F556E0001"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4261
Expires: Wed, 26 Oct 2022 07:48:54 GMT
Date: Wed, 26 Oct 2022 06:37:53 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: ZDzOgMnQzWg46YE7AmeiUJmW8OPUw3oymH8zklp2Y09J0M0h2nsEthyWK4ljekCXuvDw2P7HdVY=
x-amz-request-id: TA53YS08DNEPN0K8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 26 Oct 2022 06:09:15 GMT
age: 1718
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 26 Oct 2022 06:37:53 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /?utm_term=7158706632627585029&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b580b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191353 HTTP/1.1 
Host: aff.subtec.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aff.subtec.net/?utm_medium=712049d6c4bc9c2fd466d344eca81dbee8c87b72&utm_campaign=main_mainstream_v1&cid=c6507q5m7a5uq0ef1
Cookie: u=78ca2f7777594e1643ac2490a8fa54f4
Upgrade-Insecure-Requests: 1

search
                                         67.212.184.149
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Wed, 26 Oct 2022 06:37:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4711)
Size:   3143
Md5:    a2c49ff33a75757d933f7f15ff6094fb
Sha1:   e84ccfd318b973515852bd44d03c2a2f2fe55d95
Sha256: 640814212a9c778fb203228b34872cdf1b580e822c81e1efbc39fba294f73984
                                        
                                            GET /proc.php?2e167cd8fb46a90b70be3421e4b03588fc1edb2e HTTP/1.1 
Host: aff.subtec.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aff.subtec.net/?utm_term=7158706632627585029&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b580b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191353
Cookie: u=78ca2f7777594e1643ac2490a8fa54f4
Upgrade-Insecure-Requests: 1

search
                                         67.212.184.149
HTTP/1.1 200 Let's rock
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 26 Oct 2022 06:37:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158706632627585029&website=23431-8ba4a04z&placement=23431
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3592), with no line terminators
Size:   1549
Md5:    eacf7e84290c30436def00cef610d648
Sha1:   4afea1535a846c022a67b80a6aa876a969966f12
Sha256: 7b29ae4432249cc2584143de505885d295dff693e702927c941883d86e4caec0
                                        
                                            GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158706632627585029&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266 HTTP/1.1 
Host: www.wewillserv.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aff.subtec.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         51.68.85.158
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 26 Oct 2022 06:37:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3751)
Size:   5160
Md5:    ed3c5e98e2a8d9b9b6ac3f0d20f985a2
Sha1:   5af07ffb1eca4a84c12214658b2dec58f333fcc6
Sha256: 6f89f719d693e531080173bf1111d1b5b7c554025c27116ba6804057238bacdb
                                        
                                            GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158706632627585029&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=0ec55bb33331f7d5faa42f5b25f217c4&eyer=0.9366797331090871&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net HTTP/1.1 
Host: www.wewillserv.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

search
                                         51.68.85.158
HTTP/1.1 302 Found
                                        
Date: Wed, 26 Oct 2022 06:37:54 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158706632627585029&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.9366797331090871&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net

                                        
                                            GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158706632627585029&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.9366797331090871&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net HTTP/1.1 
Host: www.wewillserv.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

search
                                         51.68.85.158
HTTP/1.1 302 Found
                                        
Date: Wed, 26 Oct 2022 06:37:54 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000ae522fc9ecadd23ea63f2dec3fecc4091026-202210-flb*5467509-4538f*M7158706632627585029*sl_5467509-4538f*d858d625689ddabb7a017e9e545bae2b38a7eb15*23431-8ba4a04z*23431

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2617
Cache-Control: max-age=94351
Date: Wed, 26 Oct 2022 06:37:54 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 08:50:25 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.wewillserv.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         51.68.85.158
HTTP/1.1 204 No Content
                                        
Server: openresty
Date: Wed, 26 Oct 2022 06:37:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.22
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Wed, 26 Oct 2022 06:37:54 GMT
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 26 Oct 2022 00:18:20 GMT
Expires: Thu, 27 Oct 2022 00:18:20 GMT
ETag: "d1275234c2bfb97d65c01f695c8e7fb19876dc6a"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1777
Md5:    c29b1972982c4c2bfa2cebb9823e61d7
Sha1:   d1275234c2bfb97d65c01f695c8e7fb19876dc6a
Sha256: f06a1f21dafb38fcce8fc494667409a2a22a11c401753f4d92465228030e64d6
                                        
                                            GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000ae522fc9ecadd23ea63f2dec3fecc4091026-202210-flb*5467509-4538f*M7158706632627585029*sl_5467509-4538f*d858d625689ddabb7a017e9e545bae2b38a7eb15*23431-8ba4a04z*23431 HTTP/1.1 
Host: admoustache.go2affise.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         34.141.137.168
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 26 Oct 2022 06:37:54 GMT
content-length: 0
location: https://myofferplus.com/rc/a91581ead4?affclick=6358d5c233512b00019ac490&pubid=503
set-cookie: afclick=6358d5c233512b00019ac490; expires=Thu, 26 Oct 2023 06:37:54 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: o/+QgVicu+9Tx/fqQCbgfg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.89.217.163
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QkZsOIP8qnR0XYXWJ8zgQdv+OCE=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 976
Cache-Control: max-age=167602
Date: Wed, 26 Oct 2022 06:37:54 GMT
Etag: "6358bda4-118"
Expires: Fri, 28 Oct 2022 05:11:16 GMT
Last-Modified: Wed, 26 Oct 2022 04:55:00 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /redirect.css HTTP/1.1 
Host: cdn.addlnk.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myofferplus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.191.221
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 26 Oct 2022 06:37:54 GMT
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 5674
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVJwaU7KuvqIbS7bYIPiV6pUM9Wk3JZ25UpVzDIJ1eZaHTQ%2BRUXgSv7imSpWJ2Ik6fJNGETx%2FeYnKF2VYho2Il%2BaHghwwux7maYIsT2fuCCV0YNHdP2Sw5%2BiM7RN664R1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76012fa1bfd5b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1242), with no line terminators
Size:   676
Md5:    b5a5b4dbc7ac9c596375ff485da46a32
Sha1:   eb21eb0df362bf5aac45714e529b8be7493754a3
Sha256: 6d71a41a53f3b77944d3386739cffe6bae3b3f7fa5bd750d7c065237ae4717d2
                                        
                                            GET /34363?click=pub3a7adef2fba249188fd5df514c9ab41b&pubid=f31e77b4 HTTP/1.1 
Host: 139.59.49.76
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         139.59.49.76
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
                                        
x-powered-by: Express
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
location: https://surf.ueive.com/rc/736006a179?affclick=22J26120755A034363012829XWyhK&pubid=34363
vary: Accept, Accept-Encoding
content-length: 226
date: Wed, 26 Oct 2022 06:37:55 GMT


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   226
Md5:    ac3a14a008ac9ee1421d4ba0e9ee3278
Sha1:   43289777ef52824fc63ef8c1ea50666fb3b84206
Sha256: 869791ae0212a1de4da3b62371a91ac8b9baeecab3995af106ab1ab9b408e5e4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=104718
Date: Wed, 26 Oct 2022 06:37:55 GMT
Etag: "6357cbd1-118"
Expires: Thu, 27 Oct 2022 11:43:13 GMT
Last-Modified: Tue, 25 Oct 2022 11:43:13 GMT
Server: nginx
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=104718
Date: Wed, 26 Oct 2022 06:37:56 GMT
Etag: "6357cbd1-118"
Expires: Thu, 27 Oct 2022 11:43:14 GMT
Last-Modified: Tue, 25 Oct 2022 11:43:13 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 978
Cache-Control: max-age=167602
Date: Wed, 26 Oct 2022 06:37:56 GMT
Etag: "6358bda4-118"
Expires: Fri, 28 Oct 2022 05:11:18 GMT
Last-Modified: Wed, 26 Oct 2022 04:55:00 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4640
Expires: Wed, 26 Oct 2022 07:55:16 GMT
Date: Wed, 26 Oct 2022 06:37:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4640
Expires: Wed, 26 Oct 2022 07:55:16 GMT
Date: Wed, 26 Oct 2022 06:37:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4640
Expires: Wed, 26 Oct 2022 07:55:16 GMT
Date: Wed, 26 Oct 2022 06:37:56 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F057530b7-f6b8-4f9b-b6fc-8fdc4a101f36.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6831
x-amzn-requestid: cc6f38ff-ab33-4b18-8cae-aa6bc061962f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alKjPH7ToAMFSiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635857ae-3db2790d0e6c5fab6c4bc81f;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:39:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tiWbOUwlRzaT2EnCWIgoFaT_ho55s3tgRxalb7yBbI21Pv0BhfLJOg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 22:05:09 GMT
age: 30767
etag: "324e13ad5c99f628d713e55a2994ad4042ece70e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6831
Md5:    1cc61ad4b1d66ab4bce27288ee690e12
Sha1:   324e13ad5c99f628d713e55a2994ad4042ece70e
Sha256: 62cd88bc19bc1f0be2a37c3e990897158acd3d55aa3ddd299144d4f9596ba34e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F391c9e5f-b9b0-4854-b481-769430b76afa.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11124
x-amzn-requestid: 1bd056c4-37cd-4f45-b94a-cdad9a8b85c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aNnWVFayIAMFqOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634eec28-28116f7063b2a9e235a00b09;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 18:10:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8ak7dKvSkqDEZRGtevSbZ9O9T4zOLdM1nx1geGOP9MNNTV75MAc7lA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 22:07:56 GMT
age: 30600
etag: "bfa4bfc84e8fa8bd421e21123e04477538639981"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11124
Md5:    237f766bae92a9812e7600207b95c632
Sha1:   bfa4bfc84e8fa8bd421e21123e04477538639981
Sha256: 100442fa760bf0b9e9a07a1e68d9321b53a32dd73a9cfbfcc8399f5041db35eb
                                        
                                            GET /rc/736006a179?affclick=22J26120755A034363012829XWyhK&pubid=34363 HTTP/1.1 
Host: surf.ueive.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         172.67.185.86
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Wed, 26 Oct 2022 06:37:55 GMT
set-cookie: AWSALB=CA1zX1fEW6b0p1vnqEATk18cK7csHFWeKAJHEdPi9JLycuc0TaxFAnztQfB4TulrL0hkxAD//TUkh2glw2n57wVaKPt+DDMM4TwvYmryIZecJqIYwMuSdjHOdDVD; Expires=Wed, 02 Nov 2022 06:37:55 GMT; Path=/ AWSALBCORS=CA1zX1fEW6b0p1vnqEATk18cK7csHFWeKAJHEdPi9JLycuc0TaxFAnztQfB4TulrL0hkxAD//TUkh2glw2n57wVaKPt+DDMM4TwvYmryIZecJqIYwMuSdjHOdDVD; Expires=Wed, 02 Nov 2022 06:37:55 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1buMk5UOInQ5gq3eGZERNfa%2B4KIkJhxeAtfXh1XmOiY87L0SDdexcEXhUdDXDrzzv3aUqWdf3Cv2y0qXSngmzDGwBMlPiijuNUPG%2B40RDIzsOm%2BtJ0E%2FC4PhkuparoTvFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76012fa7fda9b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1531)
Size:   9188
Md5:    ed6dfb2440d4efc558cf5bc85e97fad1
Sha1:   693d252cbbb23d4243fa563b80ba7e0348fb8c7f
Sha256: a48b591e78043af6d8a44576a859a91e30391e339f2058cde2e38f8bed3e0de4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13796
x-amzn-requestid: 90b1e032-78c6-499d-b564-f25c15e20304
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2OG0SoAMFx-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568e-599d0f526fc6a01f77b67dcf;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sVS9nFgRyVconkkFTOrCO2zA0cICFNQFB2E1q7SQcVQm5_Dm6khvrA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:48:40 GMT
age: 31756
etag: "c3856686b98e1883133aa1824c496d34512769a0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13796
Md5:    b946c4f2f177828cf7b76c5764e97157
Sha1:   c3856686b98e1883133aa1824c496d34512769a0
Sha256: be818a015fc9c745ea561a0b9c2aca6ba25ade24acd696fa651163d47b195371
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NQJHFIbLMzw0aGwCkVGIEIHOMHprTpvLkLQRKgrGeVj35sk7sW4IUg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 00:36:34 GMT
age: 21682
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4524
Md5:    91ee720c15dc69de45080d0c951353af
Sha1:   5292b31a99d90bcb7071f327b93d52034bdf9dcb
Sha256: 7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feac38eda-2bed-4703-8560-7d07ad90dabc.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3337
x-amzn-requestid: 5a06b710-2b88-435e-8863-3e0e58742e6d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ21FjooAMFp8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585691-2adc1ac2375e087b20ad0e32;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:13 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 02nWxjGUWnLOfCCH-_N91bhvwj9nD2aqZr757DDchdNlHitK7bih4Q==
via: 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 22:12:48 GMT
age: 30308
etag: "3d28f2daeef33f37c91bd26cb527793288635103"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3337
Md5:    494a826ce7609ee5cc8157ea5de5f4f7
Sha1:   3d28f2daeef33f37c91bd26cb527793288635103
Sha256: 09f702f40e29e6b0c27abc5c7bb4605e504453b543c92805ba4045bd3d65c4d0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5513
Cache-Control: max-age=150193
Date: Wed, 26 Oct 2022 06:37:57 GMT
Etag: "635867ed-139"
Expires: Fri, 28 Oct 2022 00:21:10 GMT
Last-Modified: Tue, 25 Oct 2022 22:49:17 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 313

                                        
                                            GET /click?pid=930&offer_id=18720&sub1=pubb2efff37fc8c42d7831ca225bb3b9e7e&sub2=9b1479cf_34363 HTTP/1.1 
Host: aditmedia.g2afse.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         34.141.179.97
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 26 Oct 2022 06:37:57 GMT
content-length: 0
location: https://ad.marootrack.co/?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_9b1479cf_34363&cid=6358d5c592b78b000103cb9b
set-cookie: afclick=6358d5c592b78b000103cb9b; expires=Thu, 26 Oct 2023 06:37:57 GMT; secure; SameSite=None afoffers={"18720":1666766277}; expires=Thu, 26 Oct 2023 06:37:57 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/?utm_term=7158706654102421507&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=9d6ad0151c87775cff485ed67d3c0645
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: image/x-icon
                                        
server: nginx
date: Wed, 26 Oct 2022 06:37:58 GMT
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Thu, 27 Oct 2022 06:37:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size:   1150
Md5:    91abe01116ab422c598e9c8af72cf4da
Sha1:   0f2815fe8e067d48537ad168225ab4674271fa27
Sha256: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
                                        
                                            GET /sw.js?v=1666766275276 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=9d6ad0151c87775cff485ed67d3c0645
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 26 Oct 2022 06:37:58 GMT
content-length: 776
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   776
Md5:    f72a11763f13b05c1f2379d13387dd05
Sha1:   002fbf7672d3f4655b89b6413d160e4185ce9900
Sha256: 70d744bbd19a0cc35c8d9f1d8ba181c6cdc902f95799ac750da4adc3ad987b11

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7158706654102421507&pub=20961&pid=20961-37eddb7e-d856e882&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85 HTTP/1.1 
Host: d0zi.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         162.55.4.52
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.20.1
Date: Wed, 26 Oct 2022 06:37:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (65210), with CRLF line terminators
Size:   745589
Md5:    6ba023703f7011d5fb117529f1454ec1
Sha1:   264bbc9919ed603b55195ea12ff47ee33bc01d8d
Sha256: da15f86e10396469758e1ab3e98e13d3bfa1454df83528f2fc3fb43144f47eef
                                        
                                            GET /redirect.css HTTP/1.1 
Host: cdn.addlnk.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.20.70
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 26 Oct 2022 06:37:56 GMT
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 5676
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OxHynj9QLrj7qJxlAkzkXeSVZ6QUeLMS4CfHd1xFcoJ0Rcs0yy1xInkbxkW8hYYfRQ8Gg6DfV54y9blH1rsKKMrQ%2BDN5M15QqvaWUKemfPQBCf6le82WaLLGZ4%2FLdXnGiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76012fa96c900b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1242), with no line terminators
Size:   13785
Md5:    07680131ed6f659049dc7cb656d2ea7d
Sha1:   0b55ba303bbd03b0c0c3a99a4d00c97babdaa83a
Sha256: a26f91c289303a5df413261783b2f95dc3354c6645b9467ee196a84a572c6828
                                        
                                            GET /sw.js?v=1666766275276 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=9d6ad0151c87775cff485ed67d3c0645
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Mon, 03 Oct 2022 07:40:54 GMT
If-None-Match: "633a9206-308"
Cache-Control: max-age=0
TE: trailers

search
                                         65.60.58.179
HTTP/2 304 Not Modified
                                        
server: nginx
date: Wed, 26 Oct 2022 06:37:59 GMT
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /rc/a91581ead4?affclick=6358d5c233512b00019ac490&pubid=503 HTTP/1.1 
Host: myofferplus.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         172.67.217.200
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Wed, 26 Oct 2022 06:37:54 GMT
set-cookie: AWSALB=LmGOpDMgPRQddfE9WnxA5Ye/BVNjcOUIuAi+83x1RdY2g0KwIP1T//e0n2SdSPqh2763MILARTooSfobs0zoL+ZnZG7C2ZKRjeNRsDqrdrhkfbkh7bdJ5uKGJpQH; Expires=Wed, 02 Nov 2022 06:37:54 GMT; Path=/ AWSALBCORS=LmGOpDMgPRQddfE9WnxA5Ye/BVNjcOUIuAi+83x1RdY2g0KwIP1T//e0n2SdSPqh2763MILARTooSfobs0zoL+ZnZG7C2ZKRjeNRsDqrdrhkfbkh7bdJ5uKGJpQH; Expires=Wed, 02 Nov 2022 06:37:54 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wD9ANaKMV53HNPLIZV6u3QxH3yWWmiisGny6cBtzHzFT%2BbgIkIHvKsmibRvlnXPMtuhy6Fn6Tz1z3Cer1WtMWJNTa7p7cGQ2OPq69ZLvqRgSDZvKHCrAgUQ3WMZR355SfXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76012fa09f86fac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_9b1479cf_34363&cid=6358d5c592b78b000103cb9b HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surf.ueive.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Wed, 26 Oct 2022 06:37:58 GMT
location: https://ad.marootrack.co/?utm_term=7158706654102421507&ver=4viyaptcjo
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=9d6ad0151c87775cff485ed67d3c0645; expires=Thu, 26-Oct-2023 06:37:57 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /?utm_term=7158706654102421507&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_9b1479cf_34363&cid=6358d5c592b78b000103cb9b
Cookie: u=9d6ad0151c87775cff485ed67d3c0645
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Wed, 26 Oct 2022 06:37:58 GMT
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /proc.php?056800d1a9f384c55953f24774645833866ab033 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/?utm_term=7158706654102421507&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=9d6ad0151c87775cff485ed67d3c0645
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Wed, 26 Oct 2022 06:37:58 GMT
location: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7158706654102421507&pub=20961&pid=20961-37eddb7e-d856e882&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware