globalvisitclub.com/cf/r/64706eeb11973600128b359e
104.18.16.6 0 B URL globalvisitclub.com/cf/r/64706eeb11973600128b359e
IP 104.18.16.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /cf/r/64706eeb11973600128b359e HTTP/1.1
Host: globalvisitclub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 27 May 2023 17:58:39 GMT
content-length: 0
location: https://lessgo.saegumous.xyz/?utm_medium=b77cfaff5cdfb941f46e2fe91368a45387cfcb05&utm_campaign=target_NG_fbd095_Clickflare&cid=ee0e1c3f-f60a-4598-a137-b3da6594da53
cache-control: no-cache
set-cookie: worker_cookie=N4Igdgpg7g+gFgSwC4wQExALhBCAGCARgGMBmAMwFpyA2PAQ0oBYBWATgA5L7DSB2SgCNSaejXZNRLUiAA0IAG4IAzslQZsxAoT4RShShHIQazDoJaUObYl0FMane6Rpo8HOYpVqkCALYQykj0fgAOWCAATHiRpJR4lpF8ACo6mCwcmKQcAHRs+gBankqqSAD2AE7qESYZHDqClFrkVExshGxWYmiULGhsfMT0HGJ4goSeQ2H0CADmYNXYNEx8eDS44x18Lnh4hJHmpOwQnmBlaBCLIHgwkafnl0gAnqEn2ADyLRAV9xcwxHAZmAsABta63EAAXXkoQqgQgABsIMQkBA0DAzhcsKBnq8Ip9jD95MEKrMICh0BEaPxCIRBHhWGMOHgtHs2JF6KQeCd5JjLpTsDc7ryIAAPJBYMAAVwRCIAvvIAUCYKEyqUEGVgZhQMQpRU4WAkAA5B4ASTAF1FWDw8kEFXoYAB5rQCGIgVBkIVIBUMDhLrhKKwSAqUog8gAjspwtqvT7IFAsOR6AjlBA5UA==; Expires=Sun, 28 May 2023 17:58:39 GMT; Domain=globalvisitclub.com; Path=/; SameSite=None; Secure
__cf_bm=k9D14uyl5EkuM6BL8ibEFG7xDa7cnRhW3Uv4MxrOvP0-1685210319-0-ASfihaHZKXnh+FE9wVQllh81GhlIC6/MgB5yGuafjIHz+I2HRAbTVuPgJLPIchz5CspPBwlgoz5y5z+RA87O678=; path=/; expires=Sat, 27-May-23 18:28:39 GMT; domain=.globalvisitclub.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ce025ad4bef1c02-OSL
X-Firefox-Spdy: h2
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
51.68.82.147 5.2 kB URL www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
IP 51.68.82.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3763)
Hash 07c9a2af7bcc52f6f3def47e3f996aca
932e80ff1d87b490141a4780091d0af34fbaecf6
6182f40c0f44e76eb198023c2b3b30040f27e52010d17254cb9356919923e702
GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70 HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lessgo.saegumous.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 27 May 2023 17:58:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Accept-CH: Sec-CH-UA-Platform-Version
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=1b0ba295e79e42a985c716417a6aec46&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz
51.68.82.147302 Found 0 B URL User Request GET HTTP/1.1 www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=1b0ba295e79e42a985c716417a6aec46&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz
IP 51.68.82.147:443
Certificate IssuerLet's Encrypt
Subjectwww.turbotrck.art
FingerprintB8:B3:F5:BB:F2:79:20:03:44:44:EB:78:0E:2B:D2:FB:D3:A0:C1:F2
ValiditySat, 29 Apr 2023 22:11:09 GMT - Fri, 28 Jul 2023 22:11:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=1b0ba295e79e42a985c716417a6aec46&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 27 May 2023 17:58:40 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz
51.68.82.147302 Found 0 B URL User Request GET HTTP/1.1 www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz
IP 51.68.82.147:443
Certificate IssuerLet's Encrypt
Subjectwww.turbotrck.art
FingerprintB8:B3:F5:BB:F2:79:20:03:44:44:EB:78:0E:2B:D2:FB:D3:A0:C1:F2
ValiditySat, 29 Apr 2023 22:11:09 GMT - Fri, 28 Jul 2023 22:11:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 27 May 2023 17:58:40 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230001b7a5b525beea73027bd72bd9221e0820527-202305-flb*5564921-b2be6*M7237923207003504692*sl_5564921-b2be6*2dd2cdddfe255e4d0b224e976337cb0a4366ad5f*14988-5d08108z*14988
www.turbotrck.art/favicon.ico
51.68.82.147 0 B URL www.turbotrck.art/favicon.ico
IP 51.68.82.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Date: Sat, 27 May 2023 17:58:40 GMT
Connection: keep-alive
harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230001b7a5b525beea73027bd72bd9221e0820527-202305-flb*5564921-b2be6*M7237923207003504692*sl_5564921-b2be6*2dd2cdddfe255e4d0b224e976337cb0a4366ad5f*14988-5d08108z*14988
34.91.234.242302 Found 0 B URL User Request GET HTTP/2 harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230001b7a5b525beea73027bd72bd9221e0820527-202305-flb*5564921-b2be6*M7237923207003504692*sl_5564921-b2be6*2dd2cdddfe255e4d0b224e976337cb0a4366ad5f*14988-5d08108z*14988
IP 34.91.234.242:443
ASN #396982 GOOGLE-CLOUD-PLATFORM
Certificate IssuerDigiCert Inc
Subject*.g2afse.com
Fingerprint05:E8:53:3D:EC:5A:B4:A2:96:51:8B:FA:36:78:78:2D:91:35:41:C3
ValidityThu, 04 Aug 2022 00:00:00 GMT - Mon, 04 Sep 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230001b7a5b525beea73027bd72bd9221e0820527-202305-flb*5564921-b2be6*M7237923207003504692*sl_5564921-b2be6*2dd2cdddfe255e4d0b224e976337cb0a4366ad5f*14988-5d08108z*14988 HTTP/1.1
Host: harrenmedia.g2afse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 27 May 2023 17:58:40 GMT
content-length: 0
location: https://armorads.aftrad-visit.com/track/click?offer_id=5943&publisher_id=106&network_id=1&click_id=647244d0e79eb000011be005&source=228&subsource=
x-adjust-use-original-forwarded-for: 1
referer:
referrer-policy: no-referrer
set-cookie: afclick=647244d0e79eb000011be005; expires=Sun, 26 May 2024 17:58:40 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
103.4.144.218200 OK 599 B URL User Request GET HTTP/1.1 103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
IP 103.4.144.218:9803
ASN #9441 Next Online Limited.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 20edccd3d6fc7562efe0d9ccf496d9c1
5b48be14391692456c05dda0391a53d8a678c889
d52ea6a4110622b740b6f1a39bc80adba3f032423b46dcbc151ceced09f9bbd6
Analyzer Verdict Alert quad9 Sinkholed
GET /1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads HTTP/1.1
Host: 103.4.144.218:9803
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 27 May 2023 17:58:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"406-W0i+FDkWkkVsBd2gORpT2KZ4yIk"
Content-Encoding: gzip
lessgo.saegumous.xyz/?utm_term=7237923207003504692&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
108.178.23.117 3.6 kB URL lessgo.saegumous.xyz/?utm_term=7237923207003504692&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
IP 108.178.23.117:0
File type gzip compressed data, from Unix\012- data
Hash d1d684802e60c9172af5610236b0fb8a
3725f58f21e894094d052f2af87a477e3d797e8d
2292ebafaac6bb01e43fc04b4ad259716d66ccb3d9ca817dd167d79a21ffe336
GET /?utm_term=7237923207003504692&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70 HTTP/1.1
Host: lessgo.saegumous.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lessgo.saegumous.xyz/?utm_medium=b77cfaff5cdfb941f46e2fe91368a45387cfcb05&utm_campaign=target_NG_fbd095_Clickflare&cid=ee0e1c3f-f60a-4598-a137-b3da6594da53
Cookie: u=5b6bf9c91a567d768227ca3158714e23; split=b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 27 May 2023 17:58:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.0
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
content-encoding: gzip
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-127081483-1
142.250.74.168200 OK 47 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-127081483-1
IP 142.250.74.168:443
Requested by http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type ASCII text, with very long lines (2271)
Hash 9dc17780667987e44bc961759ae2b03d
cb3628e25f6f320676e74ad8190f137343adbb5d
3d7b2a26266597cdb1b52675ad734865ff06bd3ee81618ee92709a9b854ec346
GET /gtag/js?id=UA-127081483-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://103.4.144.218:9803/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 27 May 2023 17:58:41 GMT
expires: Sat, 27 May 2023 17:58:41 GMT
cache-control: private, max-age=900
last-modified: Sat, 27 May 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46897
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash b9a762a1e577f4b078f4ad3de865303f
87d0f23fd6fc8378d53f72301c4444b362e4f3c9
44773657e91b7a1facdbc5538fea70b8dea0e1cdc850f4ee3eaee0d84bb02088
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 27 May 2023 17:58:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
103.4.144.218:9803/favicon.ico
103.4.144.218404 Not Found 44 B URL GET HTTP/1.1 103.4.144.218:9803/favicon.ico
IP 103.4.144.218:9803
ASN #9441 Next Online Limited.
Requested by http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
File type JSON data\012- , ASCII text, with no line terminators
Hash 80440c4b0220413b9de21aa83e8064f0
1296d18cc16a9039920d592769f6188d1a73a440
61b6f2399d5cd9251af376fddf2243e9ea802fbcda179698437c344ef6db8b32
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 103.4.144.218:9803
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 27 May 2023 17:58:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 44
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
ETag: W/"2c-EpbRjMFqkDmSDVknafYYjRpzpEA"
103.4.144.218:9803/1552416562021332/thematic-banner-with-play.png
103.4.144.218200 OK 5.7 MB URL GET HTTP/1.1 103.4.144.218:9803/1552416562021332/thematic-banner-with-play.png
IP 103.4.144.218:9803
ASN #9441 Next Online Limited.
Requested by http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
File type PNG image data, 2368 x 4228, 8-bit/color RGBA, non-interlaced\012- data
Size 5.7 MB (5720133 bytes)
Hash 23fa2de0288caad0ac0c2dc1cd6fee15
10360ae237b9a1943eb6b38149aadde3219f44b9
92309a1cf00885c6b663a57dfb04fa130c90a512343b0762613d4c2d10a3462e
Analyzer Verdict Alert quad9 Sinkholed
GET /1552416562021332/thematic-banner-with-play.png HTTP/1.1
Host: 103.4.144.218:9803
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 27 May 2023 17:58:41 GMT
Content-Type: image/png
Content-Length: 5720133
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 18 Apr 2023 10:54:21 GMT
ETag: W/"574845-18794004f5b"
armorads.aftrad-visit.com/track/click?offer_id=5943&publisher_id=106&network_id=1&click_id=647244d0e79eb000011be005&source=228&subsource=
188.114.97.1302 Found 1.0 kB URL User Request GET HTTP/2 armorads.aftrad-visit.com/track/click?offer_id=5943&publisher_id=106&network_id=1&click_id=647244d0e79eb000011be005&source=228&subsource=
IP 188.114.97.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectaftrad-visit.com
Fingerprint5A:99:10:33:2F:52:2C:29:72:6C:8E:B4:09:77:04:16:88:8E:E1:A0
ValiditySun, 16 Apr 2023 11:30:50 GMT - Sat, 15 Jul 2023 11:30:49 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track/click?offer_id=5943&publisher_id=106&network_id=1&click_id=647244d0e79eb000011be005&source=228&subsource= HTTP/1.1
Host: armorads.aftrad-visit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 27 May 2023 17:58:40 GMT
content-type: text/html; charset=utf-8
location: http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=74AGWoOTFy6rhw2aTHhICNAhG6jKyeGozAAJLCCVR4wl4ObvUvf%2FspBNj1m1byK4xT6GkkVtJrK67iNKURJH6XiYD4gkVaS1vhUNlMwJe7UKuIZgZ%2FyPb7LpDrTKl%2BUqseaDN59VAkAIhvEK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce025b88d4ab505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2