Overview

URLad.ballista.xyz/click
IP 52.223.45.90 (United States)
ASN#16509 AMAZON-02
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-10-26 05:06:02 UTC
StatusLoading report..
IDS alerts0
Blocklist alert3
urlquery alerts No alerts detected
Tags None

Domain Summary (13)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ad.marootrack.co (5) 0 2022-03-13 12:22:16 UTC 2022-10-26 04:09:43 UTC 65.60.58.179 Unknown ranking
uop.stravaganz.com (1) 0 2022-06-02 19:19:20 UTC 2022-10-25 12:08:32 UTC 172.67.198.198 Domain (stravaganz.com) ranked at: 508941
r3.o.lencr.org (7) 344 No data No data 23.36.76.226
ocsp.digicert.com (6) 86 2012-06-27 22:09:06 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
ad.ballista.xyz (2) 300361 No data No data 52.223.45.90
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
track.gositego.live (1) 0 No data No data 34.91.234.242 Unknown ranking
img-getpocket.cdn.mozilla.net (6) 1631 2019-03-04 20:37:34 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
d0zi.com (2) 0 2022-06-05 17:32:29 UTC 2022-10-26 03:22:14 UTC 162.55.4.52 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-26 04:08:20 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2019-05-26 10:52:39 UTC 2020-05-03 10:09:39 UTC 54.187.71.185
cdn.addlnk.com (1) 246074 2021-08-24 11:39:04 UTC 2022-10-25 11:59:38 UTC 172.67.191.221
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-26 2 ad.ballista.xyz/click Phishing
2022-10-26 2 ad.marootrack.co/sw.js?v=1666760750764 Malware
2022-10-26 2 ad.marootrack.co/proc.php?53e6f321879ed9d9767a1540063806999c0216c8 Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 52.223.45.90
Date UQ / IDS / BL URL IP
2023-02-07 04:34:13 +0000 0 - 2 - 0 tracking.walnutadops.com/click?aff_id=2&offer (...) 52.223.45.90
2023-02-07 04:34:13 +0000 0 - 2 - 0 tracking.walnutadops.com/click?aff_id=2&offer (...) 52.223.45.90
2023-01-07 22:30:03 +0000 0 - 0 - 5 cpalover.go2oh.net/click?aff_id=880&offer_id=97 52.223.45.90
2022-11-30 03:37:23 +0000 0 - 0 - 2 ad.ballista.xyz/click 52.223.45.90
2022-11-08 03:38:23 +0000 0 - 0 - 2 ad.ballista.xyz/click 52.223.45.90


Last 5 reports on ASN: AMAZON-02
Date UQ / IDS / BL URL IP
2023-02-08 11:22:13 +0000 0 - 2 - 0 ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n (...) 54.230.111.74
2023-02-08 11:19:11 +0000 0 - 0 - 5 www.e-serviceparts.info/landingpages/daec0dfa (...) 54.230.111.15
2023-02-08 11:19:09 +0000 0 - 0 - 5 www.e-serviceparts.info/landingpages/daec0dfa (...) 54.230.111.66
2023-02-08 11:18:38 +0000 0 - 0 - 5 www.e-serviceparts.info/landingpages/daec0dfa (...) 54.230.111.15
2023-02-08 11:18:37 +0000 0 - 0 - 5 www.e-serviceparts.info/landingpages/daec0dfa (...) 54.230.111.5


Last 5 reports on domain: ballista.xyz
Date UQ / IDS / BL URL IP
2022-12-08 02:34:04 +0000 0 - 0 - 2 ad.ballista.xyz/click 35.71.157.226
2022-11-30 03:37:23 +0000 0 - 0 - 2 ad.ballista.xyz/click 52.223.45.90
2022-11-08 03:38:23 +0000 0 - 0 - 2 ad.ballista.xyz/click 52.223.45.90
2022-10-26 05:06:02 +0000 0 - 0 - 3 ad.ballista.xyz/click 52.223.45.90
2022-10-22 21:26:41 +0000 0 - 0 - 4 ad.ballista.xyz/click 52.221.129.251


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-10-25 12:31:19 +0000 0 - 0 - 1 wheraredoffocus.com/6a85591d-7bf1-4844-9474-9 (...) 18.192.249.87
2022-10-20 23:36:15 +0000 0 - 0 - 0 photo.1k918.quest/5b9vtTRT 45.87.43.17
2022-09-13 01:39:14 +0000 0 - 0 - 3 acdghiq12jk356ef--loading.qlycki1bar.xyz/spec (...) 172.67.199.252
2022-09-11 14:04:37 +0000 0 - 0 - 5 abcfghq13ik456de--loading.7a0ltxdy8u0p.xyz/sp (...) 172.67.216.215
2022-09-07 18:29:26 +0000 0 - 0 - 5 abcfghq12ik345de--loading.12pl5q8i34sx.xyz/sp (...) 104.21.53.244

JavaScript

Executed Scripts (8)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (35)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DF992311F130F15459739841DE925C7EEC2604D5A68CA6B2A67B6DC8D229212C"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6174
Expires: Wed, 26 Oct 2022 06:48:45 GMT
Date: Wed, 26 Oct 2022 05:05:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3789
Cache-Control: max-age=106109
Date: Wed, 26 Oct 2022 05:05:51 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 10:34:20 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5050
Cache-Control: max-age=107370
Date: Wed, 26 Oct 2022 05:05:51 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 10:55:21 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D9D95319013D64BC2EF6D9870F4ADBA902EE970B6F9E96279C9ED86F556E0001"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5864
Expires: Wed, 26 Oct 2022 06:43:35 GMT
Date: Wed, 26 Oct 2022 05:05:51 GMT
Connection: keep-alive

                                        
                                            GET /click HTTP/1.1 
Host: ad.ballista.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         52.223.45.90
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 26 Oct 2022 05:05:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.3 (Ubuntu)
Cache-Control: no-cache, private
Location: http://ad.ballista.xyz/click?aff_id=107&offer_id=10708&source=_&_ohb_fallback_code=&_ohb_fallback_msg=


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   718
Md5:    336077a4aeb5293d9c4bff927e465eee
Sha1:   0b8df389cccfc14c2e9c945a37ef4e4c80b39d17
Sha256: 0b98908d6fc2714edb7ee624805b18e5cc93a7a2b8c816d7ed3ed085e1dcce66

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: ZJadBJ63HMyhTvA81k5PtIkxSQkBCO5ylcEgAK7jTaUtALeq1eO+WoE/0aqBquK0IDzQHGGCcF8=
x-amz-request-id: M8B1RVBTRKAM6J01
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 26 Oct 2022 04:39:04 GMT
age: 1607
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 26 Oct 2022 05:05:51 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /click?aff_id=107&offer_id=10708&source=_&_ohb_fallback_code=&_ohb_fallback_msg= HTTP/1.1 
Host: ad.ballista.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         52.223.45.90
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 26 Oct 2022 05:05:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.3 (Ubuntu)
Set-Cookie: ohbid=3e8bd3db-a59a-4ac2-a924-b82eabb59129; expires=Thu, 26-Jan-2023 00:00:00 GMT; Max-Age=7930449; path=/ ohb_visitor=f0491fd8-14d9-35b6-a706-8516693c343b; expires=Thu, 26-Jan-2023 00:00:00 GMT; Max-Age=7930449; path=/ oh_ssn_10708=1010bf61ab9dc8f0fb5fabf142e0f37d; expires=Wed, 23-Nov-2022 00:00:00 GMT; Max-Age=2400849; path=/; SameSite=Lax
Cache-Control: no-cache, private
Location: https://uop.stravaganz.com/rc/d967a20b58?affclick=1010bf61ab9dc8f0fb5fabf142e0f37d&pubid=107_10708


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   654
Md5:    b12c769cdb83ee042ad293b74003b675
Sha1:   19ca12fa74851e8adb4daa7f5e2edfc2feabee17
Sha256: 1e42319c0144ef7c92ecfa98ab3a67d1527b65a2f8f7655f06168e988463ecf7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=101577
Date: Wed, 26 Oct 2022 05:05:51 GMT
Etag: "6357a9f8-117"
Expires: Thu, 27 Oct 2022 09:18:48 GMT
Last-Modified: Tue, 25 Oct 2022 09:18:48 GMT
Server: nginx
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4455
Cache-Control: max-age=101712
Date: Wed, 26 Oct 2022 05:05:51 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 09:21:03 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=101577
Date: Wed, 26 Oct 2022 05:05:52 GMT
Etag: "6357a9f8-117"
Expires: Thu, 27 Oct 2022 09:18:49 GMT
Last-Modified: Tue, 25 Oct 2022 09:18:48 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aSCxlDeLATh9JsqA1S3Rtg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.187.71.185
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bSeItkkfYp8u/LH7v6nrN8A+yVw=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172148
Date: Wed, 26 Oct 2022 05:05:52 GMT
Etag: "6358bda4-118"
Expires: Fri, 28 Oct 2022 04:55:00 GMT
Last-Modified: Wed, 26 Oct 2022 04:55:00 GMT
Server: nginx
Content-Length: 280

                                        
                                            GET /redirect.css HTTP/1.1 
Host: cdn.addlnk.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uop.stravaganz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.191.221
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 26 Oct 2022 05:05:52 GMT
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 152
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T7%2B7RkUPmZIwGNrkzamIGY2v11gO2XggFaZTGcniDoKsmRp%2FezIM25D%2BKYk8fT123BRexkSjHP%2B%2FPC0pQxbqTu9vf3QqGFxVYOpfLBf65tznvGXO4gJolYNw9myoSANdGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7600a8cdbd900afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1242), with no line terminators
Size:   675
Md5:    99bd639e0064a6d0191aad7c1f730938
Sha1:   c271cd79b740021262dd7d3209f4ac830ffd4dcc
Sha256: 5a0fa3598664cf204cf3b1498b373066adef4ffc2c144ffec599b74bdb80fc3d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 26 Oct 2022 05:05:52 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 26 Oct 2022 03:34:02 GMT
Expires: Wed, 02 Nov 2022 03:34:01 GMT
Etag: "bf46f216cc0d09f6c2f295949f7b42de2b192fec"
Cache-Control: max-age=598688,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7600a8cfd824b4f9-OSL

                                        
                                            GET /sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pub2b3ed80a1c17441fb37c9505ec7f95d9&sub2=5af8031b_107_10708 HTTP/1.1 
Host: track.gositego.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uop.stravaganz.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         34.91.234.242
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 26 Oct 2022 05:05:52 GMT
content-length: 0
location: https://ad.marootrack.co/?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_5af8031b_107_10708&cid=6358c030fa82ac0001f726c2
set-cookie: afclick=6358c030fa82ac0001f726c2; expires=Thu, 26 Oct 2023 05:05:52 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4119
Expires: Wed, 26 Oct 2022 06:14:32 GMT
Date: Wed, 26 Oct 2022 05:05:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4119
Expires: Wed, 26 Oct 2022 06:14:32 GMT
Date: Wed, 26 Oct 2022 05:05:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4119
Expires: Wed, 26 Oct 2022 06:14:32 GMT
Date: Wed, 26 Oct 2022 05:05:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4119
Expires: Wed, 26 Oct 2022 06:14:32 GMT
Date: Wed, 26 Oct 2022 05:05:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4119
Expires: Wed, 26 Oct 2022 06:14:32 GMT
Date: Wed, 26 Oct 2022 05:05:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46a778e-e75b-47e4-aeb6-86c999571ae0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6090
x-amzn-requestid: ab19f9fb-ebca-468d-9fb4-b70b4812a5b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alKjiEiNoAMFQ8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635857b0-63fc3f874e6015777194599c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nM-3r-MLfIaGrc1e2d-YfIjT_Zb6JElPb73k2Qmpksg2NxaOqbUZkQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:48:48 GMT
age: 26225
etag: "e4d440e51b826e2cd69a00f4abf195971b2843df"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6090
Md5:    83eeb2a673d2d0b119ba37fec52d30d1
Sha1:   e4d440e51b826e2cd69a00f4abf195971b2843df
Sha256: 4a15ba8118e9ecfe75177a4ae36fe97f14f4d9b4c6938d5863e7ae805bccb431
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NQJHFIbLMzw0aGwCkVGIEIHOMHprTpvLkLQRKgrGeVj35sk7sW4IUg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 00:36:34 GMT
age: 16159
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4524
Md5:    91ee720c15dc69de45080d0c951353af
Sha1:   5292b31a99d90bcb7071f327b93d52034bdf9dcb
Sha256: 7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13796
x-amzn-requestid: 90b1e032-78c6-499d-b564-f25c15e20304
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2OG0SoAMFx-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568e-599d0f526fc6a01f77b67dcf;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sVS9nFgRyVconkkFTOrCO2zA0cICFNQFB2E1q7SQcVQm5_Dm6khvrA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:48:40 GMT
age: 26233
etag: "c3856686b98e1883133aa1824c496d34512769a0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13796
Md5:    b946c4f2f177828cf7b76c5764e97157
Sha1:   c3856686b98e1883133aa1824c496d34512769a0
Sha256: be818a015fc9c745ea561a0b9c2aca6ba25ade24acd696fa651163d47b195371
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f8e8b2-cbee-42dd-a8d8-d4165e9a97ae.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3695
x-amzn-requestid: 1f93357b-84e1-4d8a-acb9-1dd1cef05850
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alLEGEC7oAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585880-2b8258fe17c7b32b32f1e19b;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: N_LCkzwXowXaHNsLExt-MvDWM1OLJ_RFvTGD_s9KY16q9nHT0mEftQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:56:02 GMT
etag: "aa1c7300ce49a977fc7ed17534d48c04ec8c34fc"
age: 25791
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3695
Md5:    6dbedb2a47310dcc21ddb2f9c15ca08a
Sha1:   aa1c7300ce49a977fc7ed17534d48c04ec8c34fc
Sha256: dc4edcfaa03bcccfd66cdacba33167877be7b0b746b9028fe9d82d71feefed2c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7feebb27-e9c6-46cc-a15e-dfe7e14961be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8187
x-amzn-requestid: 9f706dbe-6f9a-4839-9576-fcd45af05ccc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alLLKGUAoAMFiEQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635858ad-1fdc6b1b07249d8501117cf1;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:44:13 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cxM0T_HLsSl-rXU-lmzlflC66GyChydnPjlAhnKJ4fFzysuyEI0rMQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 22:34:42 GMT
etag: "73771b4bb2eb936ee8efd4039ee4913a51f94f3e"
age: 23471
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8187
Md5:    6908328a8d186075fa9e59a172c12913
Sha1:   73771b4bb2eb936ee8efd4039ee4913a51f94f3e
Sha256: 6d1e1ec3b1a3eec27056c711f5f2b957247c7d1e3be6d99c65bb96df74715446
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8553
x-amzn-requestid: 69931a9c-027e-428e-a88d-61c5fac64daa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2iEnzoAMFZAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585690-12c78c5157fb3fa41a13548c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zfjAcNokC0aMpSY3juYAi_Wo1MMRskGGJ0y9jb7x3Ps9R6wfiUg-IQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:57:47 GMT
age: 25686
etag: "691a36cde98a9fe1660745dd811e0be2ae67036c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8553
Md5:    5987bcd44ab0db5313aa4f409a8a212f
Sha1:   691a36cde98a9fe1660745dd811e0be2ae67036c
Sha256: e47ce3587c647b52669f675dc7e84e21555f82138091fb04febc951b4c06ba30
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/?utm_term=7158682924408111128&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=d659c5ba45448d6db7dff4de201a7c3f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: image/x-icon
                                        
server: nginx
date: Wed, 26 Oct 2022 05:05:53 GMT
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Thu, 27 Oct 2022 05:05:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size:   1150
Md5:    91abe01116ab422c598e9c8af72cf4da
Sha1:   0f2815fe8e067d48537ad168225ab4674271fa27
Sha256: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
                                        
                                            GET /sw.js?v=1666760750764 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=d659c5ba45448d6db7dff4de201a7c3f
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 26 Oct 2022 05:05:53 GMT
content-length: 776
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   776
Md5:    f72a11763f13b05c1f2379d13387dd05
Sha1:   002fbf7672d3f4655b89b6413d160e4185ce9900
Sha256: 70d744bbd19a0cc35c8d9f1d8ba181c6cdc902f95799ac750da4adc3ad987b11

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7158682924408111128&pub=21899&pid=21899-c9f8cb70&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1 
Host: d0zi.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         162.55.4.52
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.20.1
Date: Wed, 26 Oct 2022 05:05:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (65210), with CRLF line terminators
Size:   745589
Md5:    6ba023703f7011d5fb117529f1454ec1
Sha1:   264bbc9919ed603b55195ea12ff47ee33bc01d8d
Sha256: da15f86e10396469758e1ab3e98e13d3bfa1454df83528f2fc3fb43144f47eef
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: d0zi.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7158682924408111128&pub=21899&pid=21899-c9f8cb70&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         162.55.4.52
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.20.1
Date: Wed, 26 Oct 2022 05:05:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

                                        
                                            GET /proc.php?53e6f321879ed9d9767a1540063806999c0216c8 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/?utm_term=7158682924408111128&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=d659c5ba45448d6db7dff4de201a7c3f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Wed, 26 Oct 2022 05:05:54 GMT
location: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7158682924408111128&pub=21899&pid=21899-c9f8cb70&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3740), with no line terminators
Size:   1604
Md5:    1541948aed53227bcce89a7d4d67d2b6
Sha1:   b614a3cf7140fd7d9e1322d4854026344fe532c5
Sha256: 254b5873c9ad632cdab39e9704cd9a7a97abe0c4052940eca86e116b2c31d1f1

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /?utm_term=7158682924408111128&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_5af8031b_107_10708&cid=6358c030fa82ac0001f726c2
Cookie: u=d659c5ba45448d6db7dff4de201a7c3f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Wed, 26 Oct 2022 05:05:53 GMT
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /rc/d967a20b58?affclick=1010bf61ab9dc8f0fb5fabf142e0f37d&pubid=107_10708 HTTP/1.1 
Host: uop.stravaganz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         172.67.198.198
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Wed, 26 Oct 2022 05:05:51 GMT
set-cookie: AWSALB=i9vLjthmy04Kf66V6QmUxMjWtoPTmG2tpnsL/UKVluV3LXtFFhYk5kkqNvOxxJIVLjXtPdHwrUV29q3fU9Wh81KEfw79mNB0J+VANyV2d6ixlzAe5YdMf2fedtpt; Expires=Wed, 02 Nov 2022 05:05:51 GMT; Path=/ AWSALBCORS=i9vLjthmy04Kf66V6QmUxMjWtoPTmG2tpnsL/UKVluV3LXtFFhYk5kkqNvOxxJIVLjXtPdHwrUV29q3fU9Wh81KEfw79mNB0J+VANyV2d6ixlzAe5YdMf2fedtpt; Expires=Wed, 02 Nov 2022 05:05:51 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Anc4QE1Srj3NxuTqFA%2Fm5XCUM2PNbiE%2B3HtmVHVwAtZns1igCMFz6cLtfyab84QcReFd7ssTGA3WyEYW%2FgYorOnd7ts6DutzeTYGcWXO255HUnDmXmNDDipXnOWgww4G0Xn%2B%2FXs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600a8cabbf9b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_5af8031b_107_10708&cid=6358c030fa82ac0001f726c2 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uop.stravaganz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         65.60.58.179
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Wed, 26 Oct 2022 05:05:53 GMT
location: https://ad.marootrack.co/?utm_term=7158682924408111128&ver=4viyaptcjo
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=d659c5ba45448d6db7dff4de201a7c3f; expires=Thu, 26-Oct-2023 05:05:53 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---