Report - secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad

Report Overview

URL

secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
IP

67.227.241.84

ASN

#32244 LIQUIDWEB
Submitted

2022-11-30T04:32:24Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

1

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	34.102.187.140
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
cdnjs.cloudflare.com (3)	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1340	60383	104.17.25.14
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	52.39.57.61
secure1.ghostgundvd.com (32)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	63386	2398865	67.227.241.84
fonts.gstatic.com (4)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1944	82019	216.58.207.227
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3243	66105	34.120.237.76
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7088	23.36.76.226
ocsp.digicert.com (2)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682	1592	93.184.220.29
ocsp.pki.goog (7)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2401	4900	142.250.74.131
fonts.googleapis.com (1)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	694	78634	142.250.74.106
analytics.ugarllc.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	411	1213	3.249.67.204
analytics.ghostgundvd.com (4)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3148	19566	35.242.204.87
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
ocsp.sca1b.amazontrust.com (1)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	984	143.204.42.158
settings.cerebro.services (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408	276	54.187.99.70

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-30	medium	analytics.ugarllc.com/a649dcb0-2ed3-463d-bf42-125f37660d8f/install.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

HTTP Transactions (75)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a5daf4dc99951793ae2315d4795e8146

4427507ca4d3a5632cc8f598afbc85e2195d00bd

94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4036
Expires: Wed, 30 Nov 2022 05:39:28 GMT
Date: Wed, 30 Nov 2022 04:32:12 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

4ed065cb23b5fca1a179dd73b3c5b7b2

4422eb24688f5e056fc1b18b127c7f63b1dbf5e0

b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 611
Cache-Control: max-age=108550
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:32:12 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 10:41:22 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

9fce5679881bf302a8978a0b462f01a9

b699fe030ea13ac73813e655c42ed9b531925e2b

a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9042
Expires: Wed, 30 Nov 2022 07:02:54 GMT
Date: Wed, 30 Nov 2022 04:32:12 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

30db107dcf4380cef05efea409c2e6a3

96e6a306fbc07299aba64e5c14e2bfca35872fa9

b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 04:17:59 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 853
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

9ebddc2b260d081ebbefee47c037cb28

492bad62a7ca6a74738921ef5ae6f0be5edebf39

74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: ZxRbX+Wem3rWzmtyg59lYMpb0aGiIdCjKR2nDXgdOYbk/X7NmEIWLky11l8py35nXUo14x4sOE8=
x-amz-request-id: 0Y76D1FE6W3K4XV5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 03:45:04 GMT
age: 2828
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:32:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 04:08:56 GMT
cache-control: public,max-age=3600
age: 1397
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

3c8c689bd654417640d85f3da51af313

85123b6d46230a23d03768bf304b386e5d301305

516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 612
Cache-Control: max-age=103487
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:32:13 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 09:17:00 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f

67.227.241.84

200 OK

38138

URL HTTP/1.1

secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (555)

Size

38138
Hash

40d09ecb551b145ec0261cc70d933b5f

7a7cc6918d6d745f3a440f825180c64739169d5a

998155c293b7101f8327533298072f1fd489f551ebea029d1848678edc80f8b0

HTTP Headers

                                        GET /offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:12 GMT
Server: Apache
Set-Cookie: sessionId=acbae689a2d545768322446f6561ccab; expires=Fri, 30-Dec-2022 04:32:13 GMT; Max-Age=2592000; path=/
affId=1114; expires=Fri, 30-Dec-2022 04:32:13 GMT; Max-Age=2592000; path=/
c1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
c2=102f772aa50b099355ccd9f5dcd1b3; expires=Fri, 30-Dec-2022 04:32:13 GMT; Max-Age=2592000; path=/
c3=102f2c54a3bfffa51f7d997fb68b0f; expires=Fri, 30-Dec-2022 04:32:13 GMT; Max-Age=2592000; path=/
XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; expires=Wed, 30-Nov-2022 06:32:13 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D; expires=Wed, 30-Nov-2022 06:32:13 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Cache-Control: no-cache, private, max-age=600
Expires: Wed, 30 Nov 2022 04:42:12 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 38138
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.9.0/css/all.min.css

104.17.25.14

200 OK

9939

URL HTTP/2

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.9.0/css/all.min.css
IP

104.17.25.14:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (55782)

Size

9939
Hash

9deb21ef6e0dbe67a9cf6c3e2a7ff70f

316b23ed5bc104f7ca1877975d01536d9ff8da91

45e1be9cb5efade345937e4656f68478d149d8624ad7eb88c69b5a0e8ecec081

HTTP Headers

                                        GET /ajax/libs/font-awesome/5.9.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://secure1.ghostgundvd.com
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 30 Nov 2022 04:32:13 GMT
content-type: text/css; charset=utf-8
content-length: 9939
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e60-da9f"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5894890
expires: Mon, 20 Nov 2023 04:32:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=obUn%2BdTFdXOzB5TpIEfn%2BJ31Fn4ptnKOl6ETArw6Rk6WApWCHbFRogf5U5KqBSYj3IhYPr%2BXuVWhUjEnXgREavTAyYq2nCAJ3bGOvE0kfAN4Qq5Tp7Hj9oQoQaOi4vVmP6U9R6zC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7720dba48bfbb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.bundle.min.js

104.17.25.14

200 OK

19586

URL HTTP/2

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.bundle.min.js
IP

104.17.25.14:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (65297)

Size

19586
Hash

3f6897691bf629eeeab02ffdeecc88a4

54d32eb7f8378cda078067b309ba1f3d6c588bee

c3f9adaa0f5017e6ad33cae228ddaf59c110fa72615f58bfdd5587eb7a3dcd57

HTTP Headers

                                        GET /ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://secure1.ghostgundvd.com
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Wed, 30 Nov 2022 04:32:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 19586
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04010-1332b"
last-modified: Mon, 04 May 2020 16:17:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 600528
expires: Mon, 20 Nov 2023 04:32:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WuYilFTvdllsgV4QLnPRABVcCqKAthJjG5QtOYNBHKp2uMNTZnnorV8jApNvM7jnvNSxFhlT2YOq6up0O0QwWzSSzkbUI0qxAkeRq5i1tgUSKyB3bQjQ8ATHhQLozGVyqPGzG0n%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7720dba4ec20b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.25.14

200 OK

27748

URL HTTP/2

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP

104.17.25.14:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (65451)

Size

27748
Hash

638a4990025383a0f83ebf29bdb84a68

153e8818dc42f598e47fde8cf398f1447649a4d0

878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

HTTP Headers

                                        GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://secure1.ghostgundvd.com
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Wed, 30 Nov 2022 04:32:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2949757
expires: Mon, 20 Nov 2023 04:32:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LbXvkt70TjXHwZ7TAp2%2Fs9MEqK3FaJtACPMkIzyg4FUfyAxkB3bC1C5ZVWuvUu7MX%2FVXTy%2BDdvGl40H8%2BJMDPbLRlPh6lI8YuoFPTvpL%2F7VXurR%2FeocJ%2Bs9YY9BpPwanNFMW9KjQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7720dba4ec21b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

146dac10a93604a686550631e14eefb9

b4af601ce6d515d9ec124938ce626060e0d43099

bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:32:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

146dac10a93604a686550631e14eefb9

b4af601ce6d515d9ec124938ce626060e0d43099

bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:32:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.39.57.61

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.39.57.61:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VfQ8IB3GpFFSUp3RD6gt4Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: y2umP3hFTQkCdCOHxvnXwvn6IcM=

secure1.ghostgundvd.com/AR308/js/mailcheck.min.js

67.227.241.84

200 OK

1128

URL HTTP/1.1

secure1.ghostgundvd.com/AR308/js/mailcheck.min.js
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

C source, ASCII text, with very long lines (525)

Size

1128
Hash

238209e02f2c94482e2e60aea891d7c8

6b70efd418661991849f06c11446f7da7e8ce085

68a718c45173af86ab291c90e205ddb632177eeae3be49298a4203c3f3ab13fa

HTTP Headers

                                        GET /AR308/js/mailcheck.min.js HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 12 Aug 2022 15:00:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1128
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript

secure1.ghostgundvd.com/AR308/js/pushcrew.js

67.227.241.84

200 OK

363

URL HTTP/1.1

secure1.ghostgundvd.com/AR308/js/pushcrew.js
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

ASCII text, with very long lines (637), with no line terminators

Size

363
Hash

d4c26aea49ece76a37c3cb7779d011a1

d3dca778e6a2b5606554a3ddbf380c876c69f511

5dceac918ddff77e814ee2b15895247cf6b5a56bd5b6f7e2b6b76cc0efbc4f46

HTTP Headers

                                        GET /AR308/js/pushcrew.js HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 12 Aug 2022 15:00:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 363
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript

secure1.ghostgundvd.com/GStyle/js/store.legacy.min.js

67.227.241.84

200 OK

4576

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/js/store.legacy.min.js
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

ASCII text, with very long lines (13072), with CRLF line terminators

Size

4576
Hash

cc34528e395597a6606995df44b6325a

bfef1e8c5f2b5e62ebca7894f9ef307bd6c8b0c1

8d9aa9e490b935f926d64996d64dbac0701e517fa9006a784c5242e645b34c11

HTTP Headers

                                        GET /GStyle/js/store.legacy.min.js HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 17 Oct 2019 19:33:34 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4576
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript

secure1.ghostgundvd.com/GStyle/lander/css/lander.css

67.227.241.84

200 OK

72782

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/css/lander.css
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (53232)

Size

72782
Hash

10f0df9c83793c92bc132afe6e452a10

798a6134b82ba5cadaa75384b5541b4969bac62c

bc45dcc6b1a3fdb0a8e0da787179a5ab754a564912ad2395fb785e1f4c714197

HTTP Headers

                                        GET /GStyle/lander/css/lander.css HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 26 Aug 2022 02:59:37 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/css

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

75286563d358613cf676cea4ac4a8cab

9a35ac1dd2ac4bd96f2ca37fc77ed90861c21afd

5ab34f6a69c1acce7382719aacf8f9440ab8669da9c9b5a7811cc118c21677a0

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5AB34F6A69C1ACCE7382719AACF8F9440AB8669DA9C9B5A7811CC118C21677A0"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Wed, 30 Nov 2022 06:13:08 GMT
Date: Wed, 30 Nov 2022 04:32:13 GMT
Connection: keep-alive

fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

142.250.74.106

200 OK

77888

URL HTTP/2

fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700
IP

142.250.74.106:0
ASN

#15169 GOOGLE

Magic

data

Size

77888
Hash

494aa509dd6b5c3a4faa3be32e165b1f

a7a763c57249eb58e0e3f2d1e5c33ccb22d02d33

7927cb61003db2e13f0771422a2b1fc76d50f6e2fbffe6ffdffce186f7c749ec

HTTP Headers

                                        GET /css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Nov 2022 04:32:13 GMT
date: Wed, 30 Nov 2022 04:32:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

secure1.ghostgundvd.com/GStyle/lander/images/c0/28e980f2b1457f86590c60b824cbed/addtocart.png

67.227.241.84

200 OK

9675

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/images/c0/28e980f2b1457f86590c60b824cbed/addtocart.png
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

PNG image data, 521 x 100, 8-bit colormap, non-interlaced\012- data

Size

9675
Hash

d01debb663d75ab0f4004c75f2144e3d

985c7aa963d6ff9192a3bf5967f70f38038475fb

36101196dbd9b30fcbd9e41975c2251175b98c7ce164ec44721425212d9c54e9

HTTP Headers

                                        GET /GStyle/lander/images/c0/28e980f2b1457f86590c60b824cbed/addtocart.png HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Last-Modified: Fri, 26 Aug 2022 03:00:21 GMT
Accept-Ranges: bytes
Content-Length: 9675
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

secure1.ghostgundvd.com/GStyle/lander/images/00/2dd0171a1743caa2efe4a25031fd7c/still-legal-update2.png

67.227.241.84

200 OK

46694

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/images/00/2dd0171a1743caa2efe4a25031fd7c/still-legal-update2.png
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

PNG image data, 834 x 542, 8-bit colormap, non-interlaced\012- data

Size

46694
Hash

bc20138e487afe69cbbf3d230621f740

b69b257007f1cc631ccd7f231b9a2162d740135d

7c219431878f279beac9ed0fe6a065c0ccb0c553992bcbd091eebad6329aa9e0

HTTP Headers

                                        GET /GStyle/lander/images/00/2dd0171a1743caa2efe4a25031fd7c/still-legal-update2.png HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Last-Modified: Fri, 26 Aug 2022 02:59:49 GMT
Accept-Ranges: bytes
Content-Length: 46694
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

c14366e29ed95ec71fb654732b928ceb

f81215706453d8523415f90c9ef90bc53cefad90

9faa5ff7f4287af493dd11d3dfe2929dac59e156e7e4b24c8f6fb01cdfbea9e5

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9FAA5FF7F4287AF493DD11D3DFE2929DAC59E156E7E4B24C8F6FB01CDFBEA9E5"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5078
Expires: Wed, 30 Nov 2022 05:56:52 GMT
Date: Wed, 30 Nov 2022 04:32:14 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

49eee25f3ccd585a29e34e80cf5bb160

73eca8be91deedd049304862759a3d8084c0b07e

531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:32:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

608e4d04a251ebcd51660e801f388303

fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d

cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:32:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

23580

URL HTTP/2

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data

Size

23580
Hash

e1b3b5908c9cf23dfb2b9c52b9a023ab

fcd4136085f2a03481d9958cc6793a5ed98e714c

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

                                        GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure1.ghostgundvd.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 17:11:08 GMT
expires: Wed, 29 Nov 2023 17:11:08 GMT
cache-control: public, max-age=31536000
age: 40866
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

608e4d04a251ebcd51660e801f388303

fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d

cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:32:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

608e4d04a251ebcd51660e801f388303

fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d

cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:32:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15744

URL HTTP/2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data

Size

15744
Hash

15d9f621c3bd1599f0169dcf0bd5e63e

7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

                                        GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure1.ghostgundvd.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:54 GMT
expires: Thu, 23 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 550700
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

15860

URL HTTP/2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data

Size

15860
Hash

e9f5aaf547f165386cd313b995dddd8e

acdef5603c2387b0e5bffd744b679a24a8bc1968

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

                                        GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure1.ghostgundvd.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:15 GMT
expires: Thu, 23 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 550679
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

216.58.207.227

200 OK

23040

URL HTTP/2

fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data

Size

23040
Hash

de69cf9e514df447d1b0bb16f49d2457

2ac78601179c3a63ba3f3f3081556b12ddcaf655

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

                                        GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure1.ghostgundvd.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 12:29:22 GMT
expires: Fri, 24 Nov 2023 12:29:22 GMT
cache-control: public, max-age=31536000
age: 489772
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

608e4d04a251ebcd51660e801f388303

fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d

cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:32:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

secure1.ghostgundvd.com/GStyle/lander/images/3a/1a5386d4d64afcba109f5c1e4456fc/atfscreenshot.png

67.227.241.84

200 OK

81421

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/images/3a/1a5386d4d64afcba109f5c1e4456fc/atfscreenshot.png
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

PNG image data, 658 x 916, 8-bit colormap, non-interlaced\012- data

Size

81421
Hash

f11567b9746137a22d75838629155485

fe05044163bfe1def562d1b216fef38a5a5dede6

06c3fb495946a3fbd89b2a9f1eb17c357f9b356d8169b988b581840f341b8549

HTTP Headers

                                        GET /GStyle/lander/images/3a/1a5386d4d64afcba109f5c1e4456fc/atfscreenshot.png HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Last-Modified: Fri, 26 Aug 2022 03:00:06 GMT
Accept-Ranges: bytes
Content-Length: 81421
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

secure1.ghostgundvd.com/GStyle/lander/images/78/2530fa64ef4985b434b6d8423524e5/cagunowners.png

67.227.241.84

200 OK

43053

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/images/78/2530fa64ef4985b434b6d8423524e5/cagunowners.png
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

PNG image data, 431 x 457, 8-bit colormap, non-interlaced\012- data

Size

43053
Hash

b5b8322b3904ee6870a7dbfce3de011f

0d4c692511ff7ffb2b5e46c5d688a8c2a000b24b

80da83aa8ec5c296822789f2d842b3a7805434331c6bca9ff1c0009bdae32796

HTTP Headers

                                        GET /GStyle/lander/images/78/2530fa64ef4985b434b6d8423524e5/cagunowners.png HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Last-Modified: Fri, 26 Aug 2022 03:00:14 GMT
Accept-Ranges: bytes
Content-Length: 43053
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

secure1.ghostgundvd.com/GStyle/lander/images/4f/086a5134c611e7b72451ae77f262f5/Glock.jpg

67.227.241.84

200 OK

40259

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/images/4f/086a5134c611e7b72451ae77f262f5/Glock.jpg
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 592x350, components 3\012- data

Size

40259
Hash

a9771a6612c2a4570d5f2b645b78345f

bd053c33fae34d8fed7ec5292b232a770224df0b

3399154480093eed8b1a05cb699897f84840657069ee342353fe1dc2ecb90d32

HTTP Headers

                                        GET /GStyle/lander/images/4f/086a5134c611e7b72451ae77f262f5/Glock.jpg HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Last-Modified: Fri, 26 Aug 2022 03:00:07 GMT
Accept-Ranges: bytes
Content-Length: 40259
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

secure1.ghostgundvd.com/GStyle/lander/images/5c/50b0da36d841369bab594fabe15a1d/amazon.png

67.227.241.84

200 OK

41332

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/images/5c/50b0da36d841369bab594fabe15a1d/amazon.png
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

PNG image data, 397 x 287, 8-bit/color RGB, non-interlaced\012- data

Size

41332
Hash

d8d4125919ea0fb6b1d5d95e0059d5d4

82791bca152275b3b79fa08b176f4be3171e45f9

6321bc35c347fd998868a2592ca27bb7ef7924f1b507422ca4cb0743bdb1c9e9

HTTP Headers

                                        GET /GStyle/lander/images/5c/50b0da36d841369bab594fabe15a1d/amazon.png HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Last-Modified: Fri, 26 Aug 2022 03:00:10 GMT
Accept-Ranges: bytes
Content-Length: 41332
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

analytics.ugarllc.com/a649dcb0-2ed3-463d-bf42-125f37660d8f/install.js

3.249.67.204

200 OK

837

URL HTTP/1.1

analytics.ugarllc.com/a649dcb0-2ed3-463d-bf42-125f37660d8f/install.js
IP

3.249.67.204:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with very long lines (837), with no line terminators

Size

837
Hash

c89c5458278883777bac67f068889f4e

16f4638b3c992369dd4933b05f73b048eea9640e

2b7286ec15b7d816a0ac95490abf5ff5cc961d34c7f1dc65d6c0b0014566ee30

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /a649dcb0-2ed3-463d-bf42-125f37660d8f/install.js HTTP/1.1
Host: analytics.ugarllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-powered-by: Express
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=0
content-type: application/javascript; charset=UTF-8
date: Wed, 30 Nov 2022 04:32:14 GMT
etag: W/"345-18463b8d967"
last-modified: Thu, 10 Nov 2022 22:46:09 GMT
server: nginx/1.22.0
vary: Accept-Encoding
content-length: 837
connection: Close

secure1.ghostgundvd.com/GStyle/lander/images/52/6238b6eb3e4b6ca02d53ce838b3028/GstyleDVDcostfree.png

67.227.241.84

200 OK

43234

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/images/52/6238b6eb3e4b6ca02d53ce838b3028/GstyleDVDcostfree.png
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

PNG image data, 228 x 366, 8-bit colormap, non-interlaced\012- data

Size

43234
Hash

eff08e3d1d6717accc1bbbb1c3449b70

8301d383d80cff5695b48df763244c1dd26782ca

2074613133fbd28291ef940d04f800af86f1e1f30e58ff69665c38f206a343e5

HTTP Headers

                                        GET /GStyle/lander/images/52/6238b6eb3e4b6ca02d53ce838b3028/GstyleDVDcostfree.png HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Last-Modified: Fri, 26 Aug 2022 03:00:09 GMT
Accept-Ranges: bytes
Content-Length: 43234
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

secure1.ghostgundvd.com/GStyle/lander/images/30/23a4ce394347638d47f2e166695fb7/glockupperreceiver.png

67.227.241.84

200 OK

28071

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/images/30/23a4ce394347638d47f2e166695fb7/glockupperreceiver.png
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

PNG image data, 714 x 217, 8-bit grayscale, non-interlaced\012- data

Size

28071
Hash

d3a13d89aff0ad973a4e4b3a6004853a

fceaf59f0b16d10c24295538d8939bf18a6de1b4

bc1ac5ba7df973308f2c893d3b47716c74df2cccca01894f84cb751c5237cb94

HTTP Headers

                                        GET /GStyle/lander/images/30/23a4ce394347638d47f2e166695fb7/glockupperreceiver.png HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Last-Modified: Fri, 26 Aug 2022 03:00:04 GMT
Accept-Ranges: bytes
Content-Length: 28071
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

secure1.ghostgundvd.com/GStyle/lander/images/10/0b51313dee4981901c3afa4ef226ab/glocklowerreceiver.png

67.227.241.84

200 OK

37671

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/images/10/0b51313dee4981901c3afa4ef226ab/glocklowerreceiver.png
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

PNG image data, 647 x 338, 8-bit grayscale, non-interlaced\012- data

Size

37671
Hash

ab7f80fce22dd6e95a35b802825ad323

eba5d6ce9240af3c606913fddc0f47c74ee1aecb

aa673cb26cbb956673f6cb977efd39fabd1d3336f55782ee3b3747c118453342

HTTP Headers

                                        GET /GStyle/lander/images/10/0b51313dee4981901c3afa4ef226ab/glocklowerreceiver.png HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Last-Modified: Fri, 26 Aug 2022 02:59:56 GMT
Accept-Ranges: bytes
Content-Length: 37671
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

secure1.ghostgundvd.com/GStyle/lander/js/lander.js

67.227.241.84

200 OK

677272

URL HTTP/1.1

secure1.ghostgundvd.com/GStyle/lander/js/lander.js
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

ASCII text, with very long lines (32749)

Size

677272
Hash

438b71903ab767493d6a6d3866677fd3

d9fe35f16a5e3899dcdff1c429bb3723680704df

a3c45c0d418506f81fa9b24434bda1afd6813decb52e0b648ba89c2b71547351

HTTP Headers

                                        GET /GStyle/lander/js/lander.js HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 26 Aug 2022 03:00:03 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Fri, 30 Dec 2022 04:32:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: application/javascript

secure1.ghostgundvd.com/offers/assets.clickfunnels.com/images/black-geo.png

67.227.241.84

404 Not Found

2123

URL HTTP/1.1

secure1.ghostgundvd.com/offers/assets.clickfunnels.com/images/black-geo.png
IP

67.227.241.84:0
ASN

#32244 LIQUIDWEB

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)

Size

2123
Hash

e881f8e66a93d0960ba6fad410094769

7f1bd10fd60815735fad95387ecaed0cfaf3b287

b43a9db67408b4398f147b571163d5b272af8c46eb4dca9f1bc2be44a6ded26d

HTTP Headers

                                        GET /offers/assets.clickfunnels.com/images/black-geo.png HTTP/1.1
Host: secure1.ghostgundvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure1.ghostgundvd.com/offers/GStyle/?tid=102f2c54a3bfffa51f7d997fb68b0f&ebd_affid=2263&ebd_oid=1158&ebd_urlid=7767&ebd_affsource=&ebd_affsub=&ebd_affsub2=&ebd_affsub3=&ebd_affsub4=&ebd_affsub5=&ebd_affunq1=1114&ebd_affunq2=C4+Traffic,+Inc.&ebd_affunq3=102f2c54a3bfffa51f7d997fb68b0f&ebd_affunq4=30&ebd_affunq5=17&utm_campaign={utm_campaign}&utm_source={utm_source}&utm_medium={utm_medium}&utm_content=102f2c54a3bfffa51f7d997fb68b0f&utm_term={utm_term}&aff_click_id=102f772aa50b099355ccd9f5dcd1b3&campaign_id=2522&aff_id=2263&hostNameId=21807&affId=1114&c1=&c2=102f772aa50b099355ccd9f5dcd1b3&c3=102f2c54a3bfffa51f7d997fb68b0f&source=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=1114&aff_unique2=C4+Traffic,+Inc.&aff_unique3=102f2c54a3bfffa51f7d997fb68b0f&aff_unique4=30&aff_unique5=17&ad_id=102f2c54a3bfffa51f7d997fb68b0f
Cookie: sessionId=acbae689a2d545768322446f6561ccab; affId=1114; c2=102f772aa50b099355ccd9f5dcd1b3; c3=102f2c54a3bfffa51f7d997fb68b0f; XSRF-TOKEN=eyJpdiI6IkZJbGFvcmhGeGljbTBEWmtIdkZzVkE9PSIsInZhbHVlIjoicHN5T3l6R1lSNDY3TkNibU9keExHS0hFVWowSFlqU0pYd3VKdHZJL0gvWlU3ZkhHSEZpMUNyMmdqcU1TbjR0bjQ0K3k4SXU5TmkxOTJORGY5YlRXK0gxdjRuL0dQc1VqNU1ydGVtWExFOVhXL3ZvYUJaRExtdGF3bUxSODZqN2EiLCJtYWMiOiJjMDk2Yjk2YjM1YzVmMDI5MDA1MWYwZmI4NGEwOGJlYTgzMTg0OTM2M2I3ZDFmY2RlNTZhNDJjZDU2MDk5NTUwIn0%3D; laravel_session=eyJpdiI6IkZzOHhjTnU2aU9CVVhDaUwzRllQREE9PSIsInZhbHVlIjoielE5SExGeWZMSnF4K1hkRk12WkpQTmFHaW9WM3k5b3JDUDlzSFE5cE15VFdQYm9sdUtSMU0vQ0ZkWFdUNEF4OStxcmczakM4N2M0Z3J3VlhLa2loTk1FTzArRENTL0NXc3FJY05PZGFraTBOVnVsczdaY1lORFhhRGJNdEYrM1MiLCJtYWMiOiI2OTA4MTIwMmIzMzRhNDg0OGNiOTI4NmQzMzVhY2VjMTI2MjQyNGJhYWQwMDc5NWQ2OTI2MmEwMDkwYmNkYmM1In0%3D

                                        HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 04:32:13 GMT
Server: Apache
Cache-Control: no-cache, private
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2123
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

secure1.ghostgundvd.com/GStyle/lander/images/b8/7b2b15afeb432a8b61d3be670f84f2/glock-field-stripped.png

67.227.241.84

200 OK

66383

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (10)

#1 JS:Script (size: 88145)

#2 JS:Script (size: 13128)

#3 JS:Script (size: 2701)

#4 JS:Script (size: 637)

#5 JS:Script (size: 78635)

#6 JS:Script (size: 2330424)

#7 JS:Script (size: 5016)

#8 JS:Script (size: 870)

#9 JS:Script (size: 837)

#1 JS:Eval (size: 20304)

HTTP Transactions (75)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic