{"report_id":"5512a9e2-79e0-4da8-bf70-973f564bfd05","version":0,"status":"done","tags":[],"date":"2026-06-10T20:27:59Z","url":{"schema":"http","addr":"0rsyxwv.am.coinbase.cm/","fqdn":"0rsyxwv.am.coinbase.cm","domain":"coinbase.cm","tld":"cm"},"ip":{"addr":"212.7.194.71","port":0,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"track.quickprosearch.co/aff_c?offer_id=8\u0026aff_id=1147\u0026source=1457194\u0026aff_click_id=24.235797.6659734FOF46725050647648452","fqdn":"track.quickprosearch.co","domain":"quickprosearch.co","tld":"co"},"title":"track.quickprosearch.co/aff_c?offer_id=8\u0026aff_id=1147\u0026source=1457194\u0026aff_click_id=24.235797.6659734FOF46725050647648452","dom":{"size":124,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"2aa4b41ac61853fc9396b181cd104998","sha1":"7298a08a19a7adfeb27c73f3f1b590045578ff8e","sha256":"eb5b8b1e56316bc9be2664e154ca5aad0223703319191dd9eaffaca516528542","sha512":"c4ec0f433391492bc45e9fd33f67b7fcfd368a31d889257d6bf506a9107df2e3b713adc1375e0384e735a7ad23f0896951c6b8670031d54f5fbbda3366a1b3b4","ssdeep":"","tlshash":"94b092bb6509191bf6247ac6ed822218a9845008e02b4c25b78115a8c1d525d849aa95","dom_hash":"domhashc1fec9cafeadbac0b33c1409ff211c3f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"0rsyxwv.am.coinbase.cm/","fqdn":"0rsyxwv.am.coinbase.cm","domain":"coinbase.cm","tld":"cm"},"ip":{"addr":"212.7.194.71","port":0,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-15T20:27:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"0rsyxwv.am.coinbase.cm","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"0rsyxwv.am.coinbase.cm","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"0rsyxwv.am.coinbase.cm","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"sarai-tid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"go.getgreatdeals.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"sarai-tid.com","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-03-19","domain_rank":0,"first_seen":"2026-03-21T12:47:16.399698Z","last_seen":"2026-06-06T10:23:27.005226Z","alert_count":4,"request_count":4,"received_data":4464,"sent_data":2484,"comment":"","tags":null,"fingerprints":null},{"fqdn":"trl.cldtraflink.com","ip":{"addr":"34.90.175.78","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-12-15","domain_rank":0,"first_seen":"2024-01-08T17:04:18Z","last_seen":"2026-05-29T15:28:35.028195Z","alert_count":0,"request_count":1,"received_data":977,"sent_data":552,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"track.quickprosearch.co","ip":{"addr":"104.21.9.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":2090,"sent_data":1208,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"go.getgreatdeals.link","ip":{"addr":"178.162.133.193","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-12-15","domain_rank":0,"first_seen":"2024-09-08T23:07:59Z","last_seen":"2026-03-07T07:32:29.227663Z","alert_count":1,"request_count":1,"received_data":947,"sent_data":924,"comment":"","tags":null,"fingerprints":null},{"fqdn":"track.flexlinkspro.com","ip":{"addr":"104.19.150.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-08-24","domain_rank":1648553,"first_seen":"2016-09-30T18:41:16Z","last_seen":"2026-06-01T15:05:48.201427Z","alert_count":0,"request_count":1,"received_data":669,"sent_data":609,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"0rsyxwv.am.coinbase.cm","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-05-12","domain_rank":0,"first_seen":"2025-11-04T10:44:08.655554Z","last_seen":"2025-11-04T10:44:08.655554Z","alert_count":6,"request_count":2,"received_data":483,"sent_data":898,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"0rsyxwv.am.coinbase.cm/","fqdn":"0rsyxwv.am.coinbase.cm","domain":"coinbase.cm","tld":"cm"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T20:27:36.833Z","timestamp":1781123256833,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 0rsyxwv.am.coinbase.cm\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"0rsyxwv.am.coinbase.cm","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"0rsyxwv.am.coinbase.cm","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"0rsyxwv.am.coinbase.cm","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"0rsyxwv.am.coinbase.cm/","fqdn":"0rsyxwv.am.coinbase.cm","domain":"coinbase.cm","tld":"cm"},"ip":{"addr":"212.7.194.71","port":80,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T20:27:37.299Z","timestamp":1781123257299,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 0rsyxwv.am.coinbase.cm\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\ncache-control: max-age=0, private, must-revalidate\r\nconnection: close\r\ncontent-length: 11\r\ndate: Wed, 10 Jun 2026 20:27:36 GMT\r\nlocation: http://sarai-tid.com/zclkvisitor/d23b0e40-650a-11f1-b092-1235434c135d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=dbe48d50-3e3a-11f1-aed5-0affca77bc6b\r\nserver: nginx\r\nset-cookie: sid=d2300051-650a-11f1-8657-b788c84fcb39; path=/; domain=.coinbase.cm; expires=Mon, 28 Jun 2094 23:41:44 GMT; max-age=2147483647; HttpOnly\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":631,"timings":{"blocked":-1,"dns":230,"connect":22,"send":0,"wait":378,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"0rsyxwv.am.coinbase.cm","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"0rsyxwv.am.coinbase.cm","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"0rsyxwv.am.coinbase.cm","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sarai-tid.com/zclkvisitor/d23b0e40-650a-11f1-b092-1235434c135d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=dbe48d50-3e3a-11f1-aed5-0affca77bc6b","fqdn":"sarai-tid.com","domain":"sarai-tid.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T20:27:37.939Z","timestamp":1781123257939,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /zclkvisitor/d23b0e40-650a-11f1-b092-1235434c135d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=dbe48d50-3e3a-11f1-aed5-0affca77bc6b HTTP/1.1\r\nHost: sarai-tid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"sarai-tid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"sarai-tid.com/zclkvisitor/d23b0e40-650a-11f1-b092-1235434c135d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=dbe48d50-3e3a-11f1-aed5-0affca77bc6b","fqdn":"sarai-tid.com","domain":"sarai-tid.com","tld":"com"},"ip":{"addr":"44.208.210.191","port":80,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T20:27:38.481Z","timestamp":1781123258481,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /zclkvisitor/d23b0e40-650a-11f1-b092-1235434c135d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=dbe48d50-3e3a-11f1-aed5-0affca77bc6b HTTP/1.1\r\nHost: sarai-tid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Wed, 10 Jun 2026 20:27:38 GMT\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 3086\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, pre-check=0, post-check=0\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET,POST,OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,Content-Type\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":3086,"size_decoded":3508,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (408)","md5":"1aeb9c7e949e32a1e8db9ed4a11d07ac","sha1":"45be423bd9d41996a1441fa7a41fd0fda0cfbc98","sha256":"fb7b51b169db4f3b737ebcd72b7466cec4cc2c652ee491725508449e457a7f1c","sha512":"cb9769398e63730d841d9d0aeba3929ce9533c72f3155da09e0cdc9c51590a91db3a25de15a26b232eb87d47b15d38fc09b3b0ce41a10a9a9da0870441c086a5","ssdeep":"","tlshash":"03511f785a7224706d2f240db73ae20a72774223290bd4417cae99184fb0e97665f7ed","first_seen":"2026-06-10T20:28:03.803506Z","last_seen":"2026-06-10T20:28:03.803506Z","times_seen":1,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":3,"connect":94,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"sarai-tid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trl.cldtraflink.com/click?pid=2005\u0026offer_id=3175\u0026sub1=6a29c8bb82919b74d083db84","fqdn":"trl.cldtraflink.com","domain":"cldtraflink.com","tld":"com"},"ip":{"addr":"34.90.175.78","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T20:27:39.317Z","timestamp":1781123259317,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trl.cldtraflink.com","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Fri, 26 Dec 2025 12:19:50 GMT","end":"Fri, 25 Dec 2026 12:14:25 GMT"},"fingerprint":{"sha1":"37:0A:85:B4:9F:EA:9D:6B:CF:2B:1B:62:FD:A4:87:65:7B:C0:7F:34","sha256":"CA:55:93:BF:E3:3E:57:02:AA:FC:8F:C0:CF:F8:51:A6:89:BC:09:79:6B:4F:7F:1A:3E:48:78:A1:B3:C7:BB:B1"}}},"request":{"raw":"GET /click?pid=2005\u0026offer_id=3175\u0026sub1=6a29c8bb82919b74d083db84 HTTP/1.1\r\nHost: trl.cldtraflink.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 \r\nserver: nginx\r\ndate: Wed, 10 Jun 2026 20:27:39 GMT\r\ncontent-length: 0\r\nlocation: https://track.flexlinkspro.com/g.ashx?foid=24.235797.6659734\u0026trid=1457194.235797\u0026foc=16\u0026fot=9999\u0026fos=6\u0026fobs=6a29c8bbb0c5030001bf8c8e\u0026fobs2=2005\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64\r\nvary: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nreferer: \r\nreferrer-policy: no-referrer\r\nset-cookie: afclick=6a29c8bbb0c5030001bf8c8e; expires=Thu, 10 Jun 2027 20:27:39 GMT; secure; SameSite=None\nafoffers={\"3175\":[1781123259,1]}; expires=Thu, 10 Jun 2027 20:27:39 GMT; secure; SameSite=None\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":200,"timings":{"blocked":0,"dns":73,"connect":25,"send":0,"wait":44,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"track.quickprosearch.co/aff_c?offer_id=8\u0026aff_id=1147\u0026source=1457194\u0026aff_click_id=24.235797.6659734FOF46725050647648452","fqdn":"track.quickprosearch.co","domain":"quickprosearch.co","tld":"co"},"ip":{"addr":"104.21.9.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T20:27:39.721Z","timestamp":1781123259721,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"quickprosearch.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 02 May 2026 01:39:16 GMT","end":"Fri, 31 Jul 2026 02:39:15 GMT"},"fingerprint":{"sha1":"36:BA:CF:2E:E5:F1:B5:B7:CE:EF:EE:BC:4E:81:BE:9B:DE:BC:42:E7","sha256":"03:00:C9:49:82:F2:F3:82:88:26:D5:A7:9E:89:AE:12:1E:DD:6A:6B:E2:7A:B0:EA:F4:93:BC:82:E2:55:5D:6B"}}},"request":{"raw":"GET /aff_c?offer_id=8\u0026aff_id=1147\u0026source=1457194\u0026aff_click_id=24.235797.6659734FOF46725050647648452 HTTP/1.1\r\nHost: track.quickprosearch.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 10 Jun 2026 20:27:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=0,i\r\naccept-ch: Sec-Ch-Ua-Model, Sec-Ch-Dpr, Dpr, Sec-Ch-Ua-Platform-Version, Sec-Ch-Ua-Full-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Bitness, Sec-Ch-Ua-Wow64\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sat, 26 Jul 1997 05:00:00 GMT\r\npragma: no-cache\r\ntracking_id: 10253c677ebec27fefb5e90045e6d6\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Tune-SDK-Version\r\nx-request-id: 3b2948ec1b5519c9d4256d685f6c456a\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lrye6lNT6Oqija2sGOqJ3v%2FsUdqLTspfsgG8h9t02I8HuIq7bTasByFaYiVB3TByrAoCOdzw5%2B%2FHOq1PoKxNZGzAaQjZJMXSvAK0kfsWaDQE4ttx%2BWJlfGExGUNZi67KpDUcINpTJr8mzA%3D%3D\"}]}\r\ncf-ray: a09b1e35fb90a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":1000,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":92,"connect":17,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sarai-tid.com/favicon.ico","fqdn":"sarai-tid.com","domain":"sarai-tid.com","tld":"com"},"ip":{"addr":"44.208.210.191","port":80,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://sarai-tid.com/zclkvisitor/d23b0e40-650a-11f1-b092-1235434c135d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=dbe48d50-3e3a-11f1-aed5-0affca77bc6b","date":"2026-06-10T20:27:38.882Z","timestamp":1781123258882,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sarai-tid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://sarai-tid.com/zclkvisitor/d23b0e40-650a-11f1-b092-1235434c135d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=dbe48d50-3e3a-11f1-aed5-0affca77bc6b\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 \r\nDate: Wed, 10 Jun 2026 20:27:38 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"sarai-tid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"sarai-tid.com/zclkredirect?visitid=d23b0e40-650a-11f1-b092-1235434c135d\u0026type=js\u0026browserWidth=1280\u0026browserHeight=1024\u0026iframeDetected=false\u0026webdriverDetected=false\u0026gpu=Mesa%3B%20llvmpipe%2C%20or%20similar\u0026timezone=UTC%2B00%3A00\u0026timezoneName=UTC","fqdn":"sarai-tid.com","domain":"sarai-tid.com","tld":"com"},"ip":{"addr":"44.208.210.191","port":80,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T20:27:38.996Z","timestamp":1781123258996,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /zclkredirect?visitid=d23b0e40-650a-11f1-b092-1235434c135d\u0026type=js\u0026browserWidth=1280\u0026browserHeight=1024\u0026iframeDetected=false\u0026webdriverDetected=false\u0026gpu=Mesa%3B%20llvmpipe%2C%20or%20similar\u0026timezone=UTC%2B00%3A00\u0026timezoneName=UTC HTTP/1.1\r\nHost: sarai-tid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://sarai-tid.com/zclkvisitor/d23b0e40-650a-11f1-b092-1235434c135d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=dbe48d50-3e3a-11f1-aed5-0affca77bc6b\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 \r\nDate: Wed, 10 Jun 2026 20:27:39 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, pre-check=0, post-check=0\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET,POST,OPTIONS\r\nAccess-Control-Allow-Headers: X-Requested-With,Content-Type\r\nLocation: https://go.getgreatdeals.link/69e8a3d6d5fdb34ceff6f12a?sub1=juliet-ebb-1wz9lw2e9q\u0026sub2=coinbase%2Ccoinbase.cm\u0026sub3=DOMAIN\u0026sub4=coinbase\u0026sub5=\u0026sub6=dbe48d50-3e3a-11f1-aed5-0affca77bc6b\u0026sub7=unknown\u0026sub8=NO\u0026sub9=NON-ADULT\u0026sub10=0\u0026sub11=Firefox\u0026sub12=Mysen\u0026sub13=\u0026sub14=exact\u0026sub15=Windows\u0026sub16=VIKEN\u0026sub17=badious-buzzard\u0026ref_id=zrd23b0e40650a11f1b0921235434c135d72985939e1794ddd82a7963d913782c31002926599c4149602\u0026cost=0.005000\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"sarai-tid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.getgreatdeals.link/69e8a3d6d5fdb34ceff6f12a?sub1=juliet-ebb-1wz9lw2e9q\u0026sub2=coinbase%2Ccoinbase.cm\u0026sub3=DOMAIN\u0026sub4=coinbase\u0026sub5=\u0026sub6=dbe48d50-3e3a-11f1-aed5-0affca77bc6b\u0026sub7=unknown\u0026sub8=NO\u0026sub9=NON-ADULT\u0026sub10=0\u0026sub11=Firefox\u0026sub12=Mysen\u0026sub13=\u0026sub14=exact\u0026sub15=Windows\u0026sub16=VIKEN\u0026sub17=badious-buzzard\u0026ref_id=zrd23b0e40650a11f1b0921235434c135d72985939e1794ddd82a7963d913782c31002926599c4149602\u0026cost=0.005000","fqdn":"go.getgreatdeals.link","domain":"getgreatdeals.link","tld":"link"},"ip":{"addr":"178.162.133.193","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T20:27:39.098Z","timestamp":1781123259098,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"go.getgreatdeals.link","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 23:22:17 GMT","end":"Mon, 13 Jul 2026 23:22:16 GMT"},"fingerprint":{"sha1":"A6:D7:6A:4C:99:96:40:31:BD:D0:E1:F1:CB:F1:3A:76:37:4A:93:76","sha256":"50:44:D7:C7:C5:4C:EA:3E:C2:54:D1:EA:26:B2:0F:CE:1F:92:13:4D:DF:85:B4:67:49:2E:65:11:29:04:9A:DA"}}},"request":{"raw":"GET /69e8a3d6d5fdb34ceff6f12a?sub1=juliet-ebb-1wz9lw2e9q\u0026sub2=coinbase%2Ccoinbase.cm\u0026sub3=DOMAIN\u0026sub4=coinbase\u0026sub5=\u0026sub6=dbe48d50-3e3a-11f1-aed5-0affca77bc6b\u0026sub7=unknown\u0026sub8=NO\u0026sub9=NON-ADULT\u0026sub10=0\u0026sub11=Firefox\u0026sub12=Mysen\u0026sub13=\u0026sub14=exact\u0026sub15=Windows\u0026sub16=VIKEN\u0026sub17=badious-buzzard\u0026ref_id=zrd23b0e40650a11f1b0921235434c135d72985939e1794ddd82a7963d913782c31002926599c4149602\u0026cost=0.005000 HTTP/1.1\r\nHost: go.getgreatdeals.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://sarai-tid.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 117\r\nConnection: keep-alive\r\nLocation: https://trl.cldtraflink.com/click?pid=2005\u0026offer_id=3175\u0026sub1=6a29c8bb82919b74d083db84\r\nReferer: \r\nReferrer-Policy: no-referrer\r\nSet-Cookie: redcmps=W3siaWQiOiI2OWU4YTNkNmQ1ZmRiMzRjZWZmNmYxMmEiLCJ0IjoiMjAyNi0wNi0xMFQyMDoyNzozOS4yOTI0OTU5MTVaIn1d; Path=/; Domain=go.getgreatdeals.link; Expires=Thu, 11 Jun 2026 20:27:39 GMT; Secure; SameSite=None\nredhash=NmEyOWM4YmI4MjkxOWI3NGQwODNkYjg0fDB8NjllOGEzZDZkNWZkYjM0Y2VmZjZmMTJhfHwxODE3ZTU5Ni0zMTc5LTRhMzItYThmMi1mNTczYzMzOTgwZjV8MTc4MTEyMzI1OQ==; Path=/; Domain=go.getgreatdeals.link; Expires=Thu, 10 Jun 2027 20:27:39 GMT; Secure; SameSite=None\r\nDate: Wed, 10 Jun 2026 20:27:39 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\nX-Kong-Upstream-Latency: 25\r\nX-Kong-Proxy-Latency: 22\r\nX-Kong-Request-Id: 17c5357b4a6f25422dc57a7910558e74\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":0,"dns":55,"connect":23,"send":0,"wait":71,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"go.getgreatdeals.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"track.flexlinkspro.com/g.ashx?foid=24.235797.6659734\u0026trid=1457194.235797\u0026foc=16\u0026fot=9999\u0026fos=6\u0026fobs=6a29c8bbb0c5030001bf8c8e\u0026fobs2=2005","fqdn":"track.flexlinkspro.com","domain":"flexlinkspro.com","tld":"com"},"ip":{"addr":"104.19.150.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T20:27:39.523Z","timestamp":1781123259523,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flexlinkspro.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 22 May 2026 22:12:09 GMT","end":"Thu, 20 Aug 2026 23:12:06 GMT"},"fingerprint":{"sha1":"A8:54:80:36:C4:A6:12:0C:06:59:CC:1D:42:54:5F:54:D4:8A:C1:56","sha256":"86:3A:7F:E5:81:CE:40:EB:AE:EF:C3:C8:7E:46:A6:FD:DB:04:EB:3B:0A:98:6B:36:AA:0C:16:CD:C9:65:02:31"}}},"request":{"raw":"GET /g.ashx?foid=24.235797.6659734\u0026trid=1457194.235797\u0026foc=16\u0026fot=9999\u0026fos=6\u0026fobs=6a29c8bbb0c5030001bf8c8e\u0026fobs2=2005 HTTP/1.1\r\nHost: track.flexlinkspro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 \r\ndate: Wed, 10 Jun 2026 20:27:39 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://track.quickprosearch.co:443/aff_c?offer_id=8\u0026aff_id=1147\u0026source=1457194\u0026aff_click_id=24.235797.6659734FOF46725050647648452\r\ncache-control: private\r\nserver: cloudflare\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=129,cfOrigin;dur=39\r\ncf-cache-status: DYNAMIC\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: a09b1e342c52a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":194,"timings":{"blocked":0,"dns":3,"connect":1,"send":0,"wait":173,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"track.quickprosearch.co/favicon.ico","fqdn":"track.quickprosearch.co","domain":"quickprosearch.co","tld":"co"},"ip":{"addr":"104.21.9.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://track.quickprosearch.co/aff_c?offer_id=8\u0026aff_id=1147\u0026source=1457194\u0026aff_click_id=24.235797.6659734FOF46725050647648452","date":"2026-06-10T20:27:40.297Z","timestamp":1781123260297,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"quickprosearch.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 02 May 2026 01:39:16 GMT","end":"Fri, 31 Jul 2026 02:39:15 GMT"},"fingerprint":{"sha1":"36:BA:CF:2E:E5:F1:B5:B7:CE:EF:EE:BC:4E:81:BE:9B:DE:BC:42:E7","sha256":"03:00:C9:49:82:F2:F3:82:88:26:D5:A7:9E:89:AE:12:1E:DD:6A:6B:E2:7A:B0:EA:F4:93:BC:82:E2:55:5D:6B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: track.quickprosearch.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://track.quickprosearch.co/aff_c?offer_id=8\u0026aff_id=1147\u0026source=1457194\u0026aff_click_id=24.235797.6659734FOF46725050647648452\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 10 Jun 2026 20:27:40 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\naccept-ch: Sec-Ch-Ua-Model, Sec-Ch-Dpr, Dpr, Sec-Ch-Ua-Platform-Version, Sec-Ch-Ua-Full-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Bitness, Sec-Ch-Ua-Wow64\r\naccept-ranges: bytes\r\ncache-control: no-cache, no-store, must-revalidate\r\netag: \"0-650774ee191c0\"\r\nexpires: Sat, 26 Jul 1997 05:00:00 GMT\r\nlast-modified: Mon, 27 Apr 2026 20:53:35 GMT\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Tune-SDK-Version\r\nx-request-id: 797f7a9eff2d941c00920d66ff1a6c34\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vZyFHJ8I9CCTXB2K%2FcvyV3YWNQYG1dvA1hnTtJiq5pvGrt9Zi1H4fc33%2Fdkq5BTemiFlX8aNoL4jVTsaX5YhCMDJrpcGuc11qAxU6IvroB%2FnVVrcFrS52fUJav%2BLHlfC7TddQr9UrBtYxg%3D%3D\"}]}\r\ncf-ray: a09b1e38dc07a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":1090,"mime_type":"image/vnd.microsoft.icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T02:33:37.675827Z","times_seen":16430512,"resource_available":true,"data":null}},"time_used":139,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":139,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}