globalvisitclub.com/cf/r/645de8441eb0a900127d22de
104.18.17.6 0 B URL globalvisitclub.com/cf/r/645de8441eb0a900127d22de
IP 104.18.17.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /cf/r/645de8441eb0a900127d22de HTTP/1.1
Host: globalvisitclub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 22 May 2023 22:10:56 GMT
content-length: 0
location: https://m2.mtzlinks.xyz/?utm_medium=401d97b9f1e6bd1b57f34e1e79249ea9727deb40&utm_campaign=clickflare_bot_geo&cid=1f61e432-0888-4fe8-a798-46aca760fb1d&1={trackingField1}
cache-control: no-cache
set-cookie: worker_cookie=N4Igdgpg7g+gFgSwC4wQExALhARgGYBsOEALAMwBMAtAAwAcDVJeEdVAhgOwCcbJB7AMZcCNPACMcGADQgAbggDOyVBmycppGgWpkeNJp3GcqvCBFp5mEtAFYI2nCFkLlKJAgC2ERUnaeABywQChoKMlpbKgoKABUYzBwaTFsCADo9AgAtZ3klZAB7ACdVYPFxdhYCbijxNDILEkFxCLocWzZU5gghbkEcbnFc4UD2BABzMFLsAhJbNFYSEmJxGnZuGhocCk40GIXcsAKF6ZAaGApD44gYJABPAIhggHk8FiKrk8E4MbAsAG0zhcQABdWQBIo+CAAGwggiQEDQMCOB0woHujxebwgH1kfiK4wgKHQwQIZAIDjQeDIWwgBDooi23BIFEEnBINE+NxJ2HOl1kkAAHkgsGAAK7Q6EAX1k31+MACBTcCAKfzRIEEYqKkLASAActcAJJgBaCrA0WTiIrsMDfY1oBCCHwAkEykBKGCQh2Q+FYJBFMUQWQAR0UQTRbo9kCgWDw7GhiggUqAA===; Expires=Tue, 23 May 2023 22:10:56 GMT; Domain=globalvisitclub.com; Path=/; SameSite=None; Secure
__cf_bm=p_4G4oJbqFFRvEAsuef_tJ37Bqtaq38V4gyuNkXhukQ-1684793456-0-Ac9KIgBYGoxEmWVqSxt9Zx7zOgB0PgO2kzyJ4Zw4zg7RlNMarUkXMoFJRK90fRD3de/XyyZ4GRDLYI5N1E+fNt0=; path=/; expires=Mon, 22-May-23 22:40:56 GMT; domain=.globalvisitclub.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb8645e5a48b4f3-OSL
X-Firefox-Spdy: h2
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
51.68.85.158 5.2 kB URL www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
IP 51.68.85.158:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3758)
Hash b92da99879b5c67dcded0d7b78df138d
f83c05171656ac75152f3189a57625bf62e2ecb3
c0e54168366df7bc4084c44bc6ffbd972b39af615526002464040169c5033837
GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70 HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m2.mtzlinks.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 22 May 2023 22:10:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Accept-CH: Sec-CH-UA-Platform-Version
m2.mtzlinks.xyz/favicon.ico
216.104.36.156 1.2 kB URL m2.mtzlinks.xyz/favicon.ico
IP 216.104.36.156:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /favicon.ico HTTP/1.1
Host: m2.mtzlinks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m2.mtzlinks.xyz/proc.php?74fb28b520e9de1d68dd70c425ea5ed00674d175
Cookie: u=4f096ab492f7199168829e2015325ce0; split=a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 22 May 2023 22:10:58 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Tue, 23 May 2023 22:10:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains
accept-ranges: bytes
X-Firefox-Spdy: h2
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=333a2c001993fb0f18bd6319a93dda9c&eyer=0.01628767208488724&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=m2.mtzlinks.xyz
51.68.85.158 0 B URL www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=333a2c001993fb0f18bd6319a93dda9c&eyer=0.01628767208488724&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=m2.mtzlinks.xyz
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=333a2c001993fb0f18bd6319a93dda9c&eyer=0.01628767208488724&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=m2.mtzlinks.xyz HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Mon, 22 May 2023 22:10:58 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.01628767208488724&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=m2.mtzlinks.xyz
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.01628767208488724&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=m2.mtzlinks.xyz
51.68.85.158 0 B URL www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.01628767208488724&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=m2.mtzlinks.xyz
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7236132794051592266&website=12209-9f7d6528&placement=12209&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.01628767208488724&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=m2.mtzlinks.xyz HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Mon, 22 May 2023 22:10:58 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000dfc945bfca27e4686d27dc9484d080a20522-202305-flb*5564921-b2be6*M7236132794051592266*sl_5564921-b2be6*a065f02f016e456aaded96d7549b4a563459da6d*12209-9f7d6528*12209
www.turbotrck.art/favicon.ico
51.68.85.158 0 B URL www.turbotrck.art/favicon.ico
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Date: Mon, 22 May 2023 22:10:58 GMT
Connection: keep-alive
ocsp.godaddy.com/
192.124.249.22 1.8 kB IP 192.124.249.22:0
Hash 5c83cdb74983f06d9c3419edf0144d72
e6a79dc2f54d32e2276c0d3691b0bd2ac42c77c3
3bb18cf27549b7591c6703d8edf6f4c8a1a692ec2439a7decc17e9a86aed83f4
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 22 May 2023 22:10:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 22 May 2023 21:52:31 GMT
Expires: Tue, 23 May 2023 21:52:31 GMT
ETag: "e6a79dc2f54d32e2276c0d3691b0bd2ac42c77c3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000dfc945bfca27e4686d27dc9484d080a20522-202305-flb*5564921-b2be6*M7236132794051592266*sl_5564921-b2be6*a065f02f016e456aaded96d7549b4a563459da6d*12209-9f7d6528*12209
34.91.27.112 0 B URL admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000dfc945bfca27e4686d27dc9484d080a20522-202305-flb*5564921-b2be6*M7236132794051592266*sl_5564921-b2be6*a065f02f016e456aaded96d7549b4a563459da6d*12209-9f7d6528*12209
IP 34.91.27.112:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000dfc945bfca27e4686d27dc9484d080a20522-202305-flb*5564921-b2be6*M7236132794051592266*sl_5564921-b2be6*a065f02f016e456aaded96d7549b4a563459da6d*12209-9f7d6528*12209 HTTP/1.1
Host: admoustache.media-412.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Mon, 22 May 2023 22:10:58 GMT
content-length: 0
location: https://grix.offerlinker.xyz/rc/a91581ead4?affclick=646be872a3d4990001baf051&pubid=503
x-adjust-use-original-forwarded-for: 1
referer:
referrer-policy: no-referrer
set-cookie: afclick=646be872a3d4990001baf051; expires=Tue, 21 May 2024 22:10:58 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
rezi.turetou.com/?utm_term=7236132806936494138&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b586b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c75
67.212.184.146 2.2 kB URL rezi.turetou.com/?utm_term=7236132806936494138&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b586b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c75
IP 67.212.184.146:0
File type gzip compressed data, from Unix\012- data
Hash eef19fb01fcb554b9636d35a4e64e30d
863e7f383201acd30d3f07d44977358230f527c9
44787be7221923ce6688b2ba48787dc17a0c11ade87530f0eeebbcae3241a766
GET /?utm_term=7236132806936494138&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b586b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c75 HTTP/1.1
Host: rezi.turetou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub3d200f24c51a4f83b2c09b02b419d948&2=503
Cookie: u=ce237a944b37027fc5e519483b71d483; split=a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 22 May 2023 22:10:59 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.0
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-encoding: gzip
X-Firefox-Spdy: h2
rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub3d200f24c51a4f83b2c09b02b419d948&2=503
67.212.184.146 4.7 kB URL rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub3d200f24c51a4f83b2c09b02b419d948&2=503
IP 67.212.184.146:0
File type gzip compressed data, from Unix\012- data
Hash 06b4c4340db17ecf8b0d9589c0fc104f
8c08daeb83b4d4e22bb7060982d1162ee130a87c
a79d3ad75195c4f4b138b0cde2734f4a6faa08f6819147c7b6631676a185e19e
GET /?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub3d200f24c51a4f83b2c09b02b419d948&2=503 HTTP/1.1
Host: rezi.turetou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://grix.offerlinker.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 22 May 2023 22:10:59 GMT
content-type: text/html; charset=UTF-8
location: https://rezi.turetou.com/?utm_term=7236132806936494138
vary: Accept-Encoding
x-powered-by: PHP/8.2.0
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=ce237a944b37027fc5e519483b71d483; expires=Tue, 21 May 2024 22:10:59 GMT; Max-Age=31536000; path=/
split=a; path=/; httponly
content-encoding: gzip
X-Firefox-Spdy: h2
rezi.turetou.com/favicon.ico
67.212.184.146 1.2 kB URL rezi.turetou.com/favicon.ico
IP 67.212.184.146:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /favicon.ico HTTP/1.1
Host: rezi.turetou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rezi.turetou.com/proc.php?70b59c22f5f0f51fdbe1ae5bd65f136bd54396d4
Cookie: u=ce237a944b37027fc5e519483b71d483; split=a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 22 May 2023 22:11:00 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Tue, 23 May 2023 22:11:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 73d84022844c72951a56044d4bcf3039
1bb5397b6fdab7f58f63e715bdf3111708d96a2f
a86c145779bbdc93a14c8e42495d6cd431d6d820e268c66e9960244fa7ea3ecf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 22:11:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/images/errors/robot.png
142.250.74.132200 OK 6.3 kB URL GET HTTP/3 www.google.com/images/errors/robot.png
IP 142.250.74.132:443
Requested by https://www.google.com/&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint08:73:2C:18:30:14:52:C3:CA:3E:02:79:65:B4:FE:90:AC:3F:3E:33
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT
File type PNG image data, 171 x 213, 8-bit colormap, non-interlaced\012- data
Hash 4c9acf280b47cef7def3fc91a34c7ffe
c32bb847daf52117ab93b723d7c57d8b1e75d36b
5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7
GET /images/errors/robot.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 6327
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 May 2023 20:52:26 GMT
expires: Sun, 19 May 2024 20:52:26 GMT
cache-control: public, max-age=31536000
age: 177514
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
142.250.74.132200 OK 3.2 kB URL GET HTTP/3 www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
IP 142.250.74.132:443
Requested by https://www.google.com/&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint08:73:2C:18:30:14:52:C3:CA:3E:02:79:65:B4:FE:90:AC:3F:3E:33
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT
File type PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced\012- data
Hash 9d73b3aa30bce9d8f166de5178ae4338
d0cbc46850d8ed54625a3b2b01a2c31f37977e75
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 3170
date: Mon, 22 May 2023 22:11:00 GMT
expires: Mon, 22 May 2023 22:11:00 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/favicon.ico
142.250.74.132200 OK 1.5 kB URL GET HTTP/3 www.google.com/favicon.ico
IP 142.250.74.132:443
Requested by https://www.google.com/&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint08:73:2C:18:30:14:52:C3:CA:3E:02:79:65:B4:FE:90:AC:3F:3E:33
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash f3418a443e7d841097c714d69ec4bcb8
49263695f6b0cdd72f45cf1b775e660fdc36c606
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
GET /favicon.ico HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1494
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 08:21:46 GMT
expires: Tue, 30 May 2023 08:21:46 GMT
cache-control: public, max-age=691200
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
content-type: image/x-icon
vary: Accept-Encoding
age: 49755
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
142.250.74.132404 Not Found 1.8 kB URL User Request GET HTTP/2 www.google.com/&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
IP 142.250.74.132:443
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint85:AD:43:66:C0:73:07:1B:B5:5D:4A:83:4B:76:3F:DA:4B:2B:E1:F8
ValidityMon, 24 Apr 2023 12:01:16 GMT - Mon, 17 Jul 2023 12:01:15 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1853), with no line terminators
Hash 4e4a6ca6003e68c8b085fbb0885a565c
91f21fd9e64e158a4a47ca7c2671b606ec86d6b4
e5784b67645b40726def1a4230f851c46f2ed085f056b0891b333077e509bbc2
GET /&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rezi.turetou.com/
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1844
date: Mon, 22 May 2023 22:11:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2