megalink.pw/tk8VS1
172.67.204.111301 Moved Permanently 0 B IP 172.67.204.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /tk8VS1 HTTP/1.1
Host: megalink.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2022 06:38:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 07:38:32 GMT
Location: https://megalink.pw/tk8VS1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jEiUg5zBr%2F9ZLL36%2BmQ7pu96Yy35%2FFgMGxbNyVOXmO7nK9EEFGd6dBZgnlp81qk6R7PNzfwvcKxx01g7p9ph0CskuylUwd0QLKxh20pshahVYiRur6ALwG%2Fj2vbzGg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 747debeade2e0b69-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 05:58:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: L5VvGobtUSAa2L4nbQOYfoILgQs4YrCkZ9PUoNLZYuu0gT2Q8FJcAQ==
Age: 2424
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f55e483f32b3fd50b1a2414aaada9b61
9d6b22edb98866e002e3b1ace44dfb0f8d00935f
4b09e1d2b887ded061e4ec5f82ec70ce699eeed428acc6b4fd3ef10ed9233c89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10916
Expires: Fri, 09 Sep 2022 09:40:28 GMT
Date: Fri, 09 Sep 2022 06:38:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9RBxEZCiY6c7IAdOkC63BfdMONZST0uErVu5gtQ1mFuwLZorfZ3y1w==
age: 10318
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:32 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 09 Sep 2022 05:56:07 GMT
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 06:26:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: V1G-16cZd67Fu-S1v5gu3rla2zfXmbL-CI6L2mg3cX7uAhHfI7eSig==
Age: 2545
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 042105f89c8d64b470d84e052cd412d1
a26c7e2559b3760ea2765b16a3f8d1be27f5dcf4
fadb8cdd22f4d7773d5c20d576f6400ab25e20e1efe3e3fe50d2ae39ca6f2725
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1933
Cache-Control: max-age=93626
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 06:38:32 GMT
Etag: "6319a295-1d7"
Expires: Sat, 10 Sep 2022 08:38:58 GMT
Last-Modified: Thu, 08 Sep 2022 08:06:45 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 55362bc853c99806e54641de1e0fdb0c
1c84425554ce994c84fd4d3b95833fed9bf16023
936a1c711aea3c55e6e270aec23f72818b7bbfed28b1c9859697050ebe9aaf4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 06:38:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Lato:300,400,700,900
142.250.74.10200 OK 875 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:300,400,700,900
IP 142.250.74.10:0
Hash dee6d0d027c7ebfd4529729eb3659e82
97bd0ac373971b3aaf83a62695de29ea3d4e5ffb
0de9d5122c82b3d31957c4581ffb923f478a50eb7e8e87835a248b51305d58bb
GET /css?family=Lato:300,400,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Sep 2022 06:38:33 GMT
date: Fri, 09 Sep 2022 06:38:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.89.17.198101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.17.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PNEBf4J+t7Dq4YBmKu76Dw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +ajHlcjk2qopNPK/ksJMmBcEjMc=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3c41672a22536ada47e29117aa8128ae
cab58ce947679f6e6558b40d70b3f556da40d25f
260a0d359d106d04710f53dc0232bfe6e6bccf27c1d5f205b625f3e9b3b2b6b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "260A0D359D106D04710F53DC0232BFE6E6BCCF27C1D5F205B625F3E9B3B2B6B2"
Last-Modified: Thu, 08 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17824
Expires: Fri, 09 Sep 2022 11:35:37 GMT
Date: Fri, 09 Sep 2022 06:38:33 GMT
Connection: keep-alive
moundgrandmotherel.com/5c/38/51/5c3851391068a309eed36b1eec6217ca.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 moundgrandmotherel.com/5c/38/51/5c3851391068a309eed36b1eec6217ca.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37127), with no line terminators
Hash d0b424d4039cee8e3e8c6b11158ffea0
c57102d0ca8680a263f7acc66e62736e46972a00
47a3a347de9b6282c006d80fb9edcf37be4ae52a5502295ed719aaf9e8ea8363
GET /5c/38/51/5c3851391068a309eed36b1eec6217ca.js HTTP/1.1
Host: moundgrandmotherel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 09 Sep 2022 06:38:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ac5d1a96894e73cecf7c40b148c93424
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 06:38:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bec137161b4d16d7843c3bd17b416706
a05c0dd6ac1b372a13f8e9cac7d39af02853803b
bc241eef809baac4a17804d51e608abd4ff8ad8f07c702aba3ee4fb614485be0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC241EEF809BAAC4A17804D51E608ABD4FF8AD8F07C702ABA3EE4FB614485BE0"
Last-Modified: Thu, 08 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14017
Expires: Fri, 09 Sep 2022 10:32:11 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 06:38:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3ac7e934d1c32bd775836bdedbf79f0e
43326102df03fe8e531ccf5c9f85cfdefe9bcf03
8c52cd34223b58c44adc37c72bd408b371c5c6b6cf5e4b72a0078c1d57dfdc33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C52CD34223B58C44ADC37C72BD408B371C5C6B6CF5E4B72A0078C1D57DFDC33"
Last-Modified: Wed, 07 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12951
Expires: Fri, 09 Sep 2022 10:14:25 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:10:21 GMT
expires: Wed, 06 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 221293
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23236, version 1.0\012- data
Hash 716309aab2bca045f9627f63ad79d0bf
38804233a29aaf975d557fe14e762c627bef76e0
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
GET /s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:17:25 GMT
expires: Wed, 06 Sep 2023 17:17:25 GMT
cache-control: public, max-age=31536000
age: 220869
last-modified: Tue, 26 Apr 2022 16:04:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 06:38:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:10:21 GMT
expires: Wed, 06 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 221293
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
moundgrandmotherel.com/be25a95aa25af499fcbe3767f5a57a66/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 moundgrandmotherel.com/be25a95aa25af499fcbe3767f5a57a66/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 143b22836ff4b1fa91a94e45474dce86
9efb55435860e9796d4256c96d00d0d861ad0a53
6133709751d4aa136914f02e8ec489f534808b386061e6e472476f18c0d1ec18
GET /be25a95aa25af499fcbe3767f5a57a66/invoke.js HTTP/1.1
Host: moundgrandmotherel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 09 Sep 2022 06:38:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba173ca2e1aa940fc833ba9d1bb2cab4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8c6e3283e85172efda9db94c2b80995d
f6f2050b7bafcf3b09d02da7d76c61f05c620ffb
2d0a0573ad8f3e3fc9622e5478cd1f919ad43f3ad5cb998661ebbe66a2419c5f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D0A0573AD8F3E3FC9622E5478CD1F919AD43F3AD5CB998661EBBE66A2419C5F"
Last-Modified: Wed, 07 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9196
Expires: Fri, 09 Sep 2022 09:11:50 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:15:31 GMT
expires: Wed, 06 Sep 2023 17:15:31 GMT
cache-control: public, max-age=31536000
age: 220983
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 06:38:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b72e120fdcc3a85e5fb68617dfe8558b
28c0effc26a8c89b69d976ffbafcffe8da49401b
dc0d83af8dc36a0891e7f7b173c20fb2e3fc6f1da85a60d5be3387a5d30644cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC0D83AF8DC36A0891E7F7B173C20FB2E3FC6F1DA85A60D5BE3387A5D30644CB"
Last-Modified: Wed, 07 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14613
Expires: Fri, 09 Sep 2022 10:42:07 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 281 B IP 104.18.32.68:0
Hash d1a787c754017bb7db6b938eb4f9cf4b
22e3e12fb1abf75694a88d41ce931414ce3820b8
3b81c6e551dac3f41f01df9d9989ed52b36629ebf08f4ca0d0d0a1d3e0cb698d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 06:38:34 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 09:53:49 GMT
Expires: Tue, 13 Sep 2022 09:53:48 GMT
Etag: "22e3e12fb1abf75694a88d41ce931414ce3820b8"
Cache-Control: max-age=356713,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 747debf768c5b4eb-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b72e120fdcc3a85e5fb68617dfe8558b
28c0effc26a8c89b69d976ffbafcffe8da49401b
dc0d83af8dc36a0891e7f7b173c20fb2e3fc6f1da85a60d5be3387a5d30644cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC0D83AF8DC36A0891E7F7B173C20FB2E3FC6F1DA85A60D5BE3387A5D30644CB"
Last-Modified: Wed, 07 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14613
Expires: Fri, 09 Sep 2022 10:42:07 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16cf00d369e24bcc42b4c23e244b375a
f656b94028e318328a7abb8872fdc9fd101441c9
c8234c29a40c4f976a9dd5a04b973533732bf3f3e791dfc579e9ae145d5977ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8234C29A40C4F976A9DD5A04B973533732BF3F3E791DFC579E9AE145D5977EC"
Last-Modified: Thu, 08 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16599
Expires: Fri, 09 Sep 2022 11:15:13 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 0eaa482920c47bd42030d69b28e5e08c
a59d707d2339350a0d681acf3d1e7bcb5e67bfae
0dae39030f55d48f02b69ee4d1d4b728128b8559a8bd8a0ea43abac1c42e7a70
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=108032
Date: Fri, 09 Sep 2022 06:38:34 GMT
Etag: "6319e082-1d7"
Expires: Sat, 10 Sep 2022 12:39:06 GMT
Last-Modified: Thu, 08 Sep 2022 12:30:58 GMT
Server: ECS (dcb/7F14)
X-Cache: Miss from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tQKvlUEiru2tU08_A7Mmi8gf1a8Os3IanPaEWzv4eWRamhn8bCdgXA==
Age: 488
simplewebanalysis.com/stats
52.28.172.243200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.172.243:0
File type ASCII text, with no line terminators
Hash 5996dc5f641a61a1ba1a728934474fcf
0646143d7310efd718964c635f92767b1c12cdcd
b52e1bd452af24f0b70dbb91f16adc82dcf3251cfcffde2301c97a040685b21e
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
set-cookie: uid_id2=cb108f07-38b6-4429-b73e-79c1dfd2f756:2:1; expires=Mon, 06 Sep 2032 06:38:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-length: 0
x-trace-id: 2173a7b363babd96c8ef73e496aba521
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 0eaa482920c47bd42030d69b28e5e08c
a59d707d2339350a0d681acf3d1e7bcb5e67bfae
0dae39030f55d48f02b69ee4d1d4b728128b8559a8bd8a0ea43abac1c42e7a70
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 06:38:34 GMT
Last-Modified: Fri, 09 Sep 2022 06:11:12 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GPmaBs0vVH0m500ICeVs3qWP3NfV9krZ_pJNhwuUJBvoEmHYheUFEw==
Age: 1642
simplewebanalysis.com/stats
52.28.172.243200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.172.243:0
File type ASCII text, with no line terminators
Hash 05a559eb7879fd8cb48d46b52d673a3a
f1ed6fb84712c12a5606eba0724da4b85e28c19f
2a903b972b8d2ccedc3c33967da386c5791c97aca1708923ba33e0a3f213ad91
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
set-cookie: uid_id2=5377c415-db16-4f94-b25f-d36265143e1f:1:1; expires=Mon, 06 Sep 2032 06:38:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings
139.45.197.251200 OK 693 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (692)
Hash 72481a223a98b912ed0ce00820703df6
0d235897166143bb8a7cd2a8adff4b1078f22ca8
bce31b58adc15232d970f17c259f2eeaaed78a775053644a4b13cdc36e7706a4
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 2fe97380b5e3f37e8734883c86dab969
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5593
Expires: Fri, 09 Sep 2022 08:11:47 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5593
Expires: Fri, 09 Sep 2022 08:11:47 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5593
Expires: Fri, 09 Sep 2022 08:11:47 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5593
Expires: Fri, 09 Sep 2022 08:11:47 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
ad.a-ads.com/1959918?size=320x100
144.76.38.164200 OK 7.8 kB URL HTTP/2 ad.a-ads.com/1959918?size=320x100
IP 144.76.38.164:0
ASN #24940 Hetzner Online GmbH
Hash 758329d8bcac900efbe9d8fa341acdcb
d683a3001f8283300e584a42f22bd21dde957408
366076b6daf18d94f923c03204209f8ee37360ba6fdd52c1b40609565f5d0140
GET /1959918?size=320x100 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megalink.pw/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
eehuzaih.com/401/4943451
139.45.197.237200 OK 43 kB IP 139.45.197.237:0
Hash 3060b857f6232e4895739c3457b9062f
c278c6f966b98420010192f302d4cdf3b6679f0d
f4debbb9e193c9f555ec116b9f4f0dfab11b016b1f435eda3148b3634c8301c8
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4943451 HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/javascript
x-trace-id: 7edcbde530593f98f15df850d556ca73
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=87755cec45e14af0a798b56ecc8d9d9f; expires=Sat, 09 Sep 2023 06:38:34 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
megalink.pw/tk8VS1
104.21.85.98200 OK 66 kB IP 104.21.85.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (964), with CRLF, LF line terminators
Hash 7cb8a699287628fc29216fca4280e31e
439fa2155857fd2a2d356204394392995064fbbb
869a3242b08d36a98363309fd2ac68bff67cae478ee608cd96bd662269c758ed
Analyzer Verdict Alert fortinet Malware
GET /tk8VS1 HTTP/1.1
Host: megalink.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
set-cookie: AppSession=aa25dd77992e56ddce01e3c035ca05e7; path=/; HttpOnly; secure
csrfToken=6f241bcaf0ddfbe7aa82840b66c3eb360bd9f496843e1869762bff099bb343233fa29a048aeae91a63b847cb4bc1ad80aaa22e45c5c3640f81a9192ba91be3fd; path=/; HttpOnly; secure
app_visitor=Q2FrZQ%3D%3D.MDFiYjcxMTUxN2Q1ZGU4ODBmMjgyODE4NjRlY2JiNjFlOGM1MzhkOWIwNjI4OWZkNjI5MDE3ZWZhMDcxN2VkYvOVenDCgqhc4IyosOhxV0BiXY%2F10cYMSXXalbHmEC3GNtkZuU7PqXxFJ2Ls6Fuszu8Ja%2BGJqXU%2B1HYlatnv0Nks9dC3WUhmTt97IaORWqQ9; expires=Sat, 10-Sep-2022 06:38:32 GMT; Max-Age=86400; path=/; HttpOnly; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9mEaelfPwwcKSUQm%2BYeq%2Fsz9vuEGnzkyX5T5a%2BSOkgAh5V2kWbPqMfWTzjjj7L3%2BKIXONnWz8vLa%2BLF5Yka%2BRT8SdNuxdMhFVFV6QtD5cKABGSSXyCCdDgYOVBwUkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 747debec58c0b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
redrotou.net/pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js
139.45.197.251200 OK 48 kB URL HTTP/2 redrotou.net/pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js
IP 139.45.197.251:0
Hash e13f90798b9d85e0b006bf0813855093
76e6cfdca357a1300887c8cbab1b8ff9b91667ae
4320d4d651de623ebdb5ed570d8a397e5a45a8fa714c73bd61edc335aa1162b7
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-1a29e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94f950b-af66-4803-868a-b00031195100.jpeg
34.120.237.76200 OK 70 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94f950b-af66-4803-868a-b00031195100.jpeg
IP 34.120.237.76:0
Hash 74cf0c599b02684f0cbc53dd435045d6
77d77766692a55c72e2450e29d36032fc142305a
60700a6c624687ad1eb57a73bf2b36c11d48ec7aacba5c8b75a5fbe8785101c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94f950b-af66-4803-868a-b00031195100.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7646
x-amzn-requestid: a1a8ac97-ed7f-4eb3-b704-b553d53f9279
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEaEoHoAoAMFkwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63180a1d-34dbcab50e2f495d4acfec54;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 03:03:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EL9_xDX27FFKUXhp2GUBHaED9grsbgCwxFZWM-O8mNChPPfvdX_2bg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 05:02:31 GMT
age: 5763
etag: "08b4d519a099b04a9f1515377d02e51575f3321f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee9340025af774eed83fa3ae0ebb4b65
b868b62d5f2bc802c565d35ea59e200aaf6ab986
729127258be88fe97e4c777b08ba709900028c41a052b6868cab515e545e8c56
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4776
x-amzn-requestid: 49312697-395a-4058-8899-0203e69bf26b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDU5jHA_IAMFhkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63179b70-7b17771e456072e87327ff23;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 19:11:44 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: BWKpFwEjVenSFCMPbtJ_RfXRZCc5YgIHWBbXfd74xsAC6MtP_UrQ4Q==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:50:28 GMT
age: 31686
etag: "b868b62d5f2bc802c565d35ea59e200aaf6ab986"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 01f5631474a714351febb873a00522fa
51d3ffb2e4371fd9156dd29de9f9ba562c4b2151
4ef5ed9b59a9145e22b8eec6844107f4c5d8a6df7b30b95a2938cce18bc98c30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4EF5ED9B59A9145E22B8EEC6844107F4C5D8A6DF7B30B95A2938CCE18BC98C30"
Last-Modified: Wed, 07 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15215
Expires: Fri, 09 Sep 2022 10:52:09 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e30bb058f4509f4d2cd82dc93be79fba
b85690da1b02e0e9648eac5006bf224a1160eec3
e130b306c2ce41e91439c173da8c0bb495bd5a9ce04e38f27bd6bf39d858fd90
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E130B306C2CE41E91439C173DA8C0BB495BD5A9CE04E38F27BD6BF39D858FD90"
Last-Modified: Thu, 08 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9266
Expires: Fri, 09 Sep 2022 09:13:00 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 06:38:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=560205,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 747debfa8c9db4eb-OSL
static.a-ads.com/a-ads-banners/407277/320x100?region=eu-central-1
144.76.38.164200 OK 687 kB URL HTTP/2 static.a-ads.com/a-ads-banners/407277/320x100?region=eu-central-1
IP 144.76.38.164:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 320 x 100\012- data
Size 687 kB (686922 bytes)
Hash 7bd9b3a7cd6341fb2072c0746e40b74b
837f56a1f17281bca1724cef3c742ecf8a89bae7
dfb6a48d2b1de73a53d26ba022df3b54ed76c3ce1368bbb435493742a8968930
GET /a-ads-banners/407277/320x100?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: image/gif
content-length: 686922
x-amz-id-2: 1qyRVQVKR5nWxTzK2uSHzQT4/zy2RtOarCoGoAQ++9A93DjEG6AB+02A3EqMKRxTIL1ZMUiU+to=
x-amz-request-id: YZNK5YXVR5P1TW0W
x-amz-replication-status: COMPLETED
last-modified: Fri, 05 Aug 2022 10:27:45 GMT
etag: "7bd9b3a7cd6341fb2072c0746e40b74b"
cache-control: max-age=315360000
x-amz-version-id: z71U1wz0lJWgWf6rRBZeMffjZa3JjvvR
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8756459a86b9550231ce8d2503ef15a4
fe29ffeb5cbdc319353604a8f4236eb4bec083a8
80e9b93f9b33f4869eebba59d5d458fefc1b1c3437860f21ae44bdf17ad036f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80E9B93F9B33F4869EEBBA59D5D458FEFC1B1C3437860F21AE44BDF17AD036F2"
Last-Modified: Wed, 07 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6867
Expires: Fri, 09 Sep 2022 08:33:01 GMT
Date: Fri, 09 Sep 2022 06:38:34 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 431bccffdaad5a26e75e6dd4f8b1abaa
e4b0ac57e7c2d6d00e508cd99231b0f8d58942af
d2b9c8db43c744d36bc73630962238d7fb9017730f8ef8df9b6af1913b08cf35
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 06:38:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 12:52:23 GMT
Expires: Thu, 15 Sep 2022 12:52:22 GMT
Etag: "e4b0ac57e7c2d6d00e508cd99231b0f8d58942af"
Cache-Control: max-age=540227,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 747debfadd03b4eb-OSL
creepingbrings.com/sfp.js
104.21.234.233200 OK 23 kB URL HTTP/2 creepingbrings.com/sfp.js
IP 104.21.234.233:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 67d3a353eec75aae46ec8cf9bb86f803
5e54a753299b27f033887ca9f5bdce6af0e0faff
78c4ff71b5df930130f1e7f5daa36b31cb143408628e783ececebd6cbf103ab5
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 364f89080b9cf82d9118d79a2e7027f9
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 09 Sep 2022 06:38:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvLychPqUE3ItsEuh4MYi1ab2bsoUXN7h4W0KglELS9Tzc1S1m0GJ1c0W9IOmR7e5a%2Fx1bWi%2FFVrOpmllx0O1KxrOmTOkv6oI6smuIF121y2RTLbL%2B8Uw2Y%2B%2FQ922r%2Bg8PDbch8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747debf6fc42892a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
glizauvo.net/401/5293711
139.45.197.236200 OK 32 kB IP 139.45.197.236:0
Hash 757fe18404213ae30405b019211c78fe
24f400a2919fd697b7008a41f9b43668317b74c8
2fca3f381f5b0b6446024c9b52e6f83b80e12e8ad76d7d0e7d94093e4deae8ae
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5293711 HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/javascript
x-trace-id: 7c824b26306b7081e8dac31617d63021
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=979c211f00594a7ea324c34544fa3634; expires=Sat, 09 Sep 2023 06:38:34 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: text/plain;charset=UTF-8
Origin: https://megalink.pw
Content-Length: 1998
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 09 Sep 2022 06:38:46 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
pseepsie.com/pfe/current/tag.min.js?z=4938390
139.45.197.250200 OK 6.1 kB URL HTTP/2 pseepsie.com/pfe/current/tag.min.js?z=4938390
IP 139.45.197.250:0
File type C source, ASCII text, with very long lines (14904), with no line terminators
Hash 8ba24e254e8cf4c30030be76cab3f59b
4862a4dadd99c622472827dc2cd445de99c3a08d
b1811da0aa9baab3b0393d89b9a36102334959e155e80c35043a024db6e347d1
GET /pfe/current/tag.min.js?z=4938390 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-3a38"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 7a7b40add462f401bea44c75fdf7f9a4
f6d4c608187b18aa4c94cb01d17dbe8f4121d824
b15ca5b59425c7f4ac95f28b18d4b11289a4c27e93f6b0adcf2e10dbcdecd0ce
GET /gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=d8e25e1df7fb492c9046175040dce8e8; expires=Sat, 09 Sep 2023 06:38:34 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 31d6fae447f2fe566c6a9a70e588825d
6248b5a173a856178cdfdd5ee4c717d207626675
cf01dbfc60ce075d1d9e1febfdd66b628ab3dcaddeb5f3c5e362e82203cb59a9
GET /zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 347bc677eef70feb601ceda3531fd020
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 31d6fae447f2fe566c6a9a70e588825d
6248b5a173a856178cdfdd5ee4c717d207626675
cf01dbfc60ce075d1d9e1febfdd66b628ab3dcaddeb5f3c5e362e82203cb59a9
GET /zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 3022c1fa7997505ee33e7966bfbe13e6
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tovanillitechan.com/42/38?z=4938389
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=4938389
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=4938389 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=aac5be16f2af41b9b19ee495f5a959d1; oaidts=1662705514
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 5ba756dadbc3c8369604e0fab3e265f4
access-control-expose-headers: X-Sc
set-cookie: OAID=aac5be16f2af41b9b19ee495f5a959d1; expires=Sat, 09 Sep 2023 06:38:34 GMT; secure; SameSite=None
oaidts=1662705514; expires=Sat, 09 Sep 2023 06:38:34 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/universal.min.js?v=3.1.392
139.45.197.250304 Not Modified 0 B URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.392
IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pfe/current/universal.min.js?v=3.1.392 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 05 Sep 2022 12:32:41 GMT
If-None-Match: W/"6315ec69-20481"
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: "6315ec69-20481"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=4938389
139.45.197.239200 OK 135 kB URL HTTP/2 tovanillitechan.com/1?z=4938389
IP 139.45.197.239:0
Size 135 kB (135208 bytes)
Hash 246192a4fa2d8743cc94c31026b3d412
6bdfdff8a9548ce40ef2a376869703aeb3354ab1
68694e5c9755cab6f01455fb1a3474383c7c9ba3e492567628d0853a66548d31
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=4938389 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f8c51601e75bb2bca3668d79e2a9e466
access-control-expose-headers: X-Sc
x-sc: Qr_LU1Pt748UyP6y85RJvgh0GMUetWDHCGd2RHicbb4DFR1KO0KN_KfuwGcXnke5a2oLX3B3oPvPfOGaiaLlIoSOmbY=
set-cookie: scm=1; expires=Sat, 09 Sep 2023 06:38:34 GMT; secure; SameSite=None
OAID=aac5be16f2af41b9b19ee495f5a959d1; expires=Sat, 09 Sep 2023 06:38:34 GMT; secure; SameSite=None
oaidts=1662705514; expires=Sat, 09 Sep 2023 06:38:34 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/400/4938388
139.45.197.237200 OK 33 kB URL HTTP/2 dozubatan.com/400/4938388
IP 139.45.197.237:0
Hash 0c4f217c3630e55c6ab45450924bc562
57208242f6ee163ed959b9a5b42c97c0ee5dac59
2beebe75f3d396ca43b7dcebaf9ffa28495fafcf1055c063c42c1e10ef41e10b
GET /400/4938388 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/javascript
x-trace-id: bd6ec4ce009b69be9f98d80511f9535d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=40bb29a9e9d94ba29c4be4842d4ab407; expires=Sat, 09 Sep 2023 06:38:34 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=c71a1ca85d23488abea373322cfb067e
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=c71a1ca85d23488abea373322cfb067e
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=c71a1ca85d23488abea373322cfb067e HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
dozubatan.com/500/4938388?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4938388?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4938388?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
perryvolleyball.com/watch.500623757510.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&tz=0&dev=r&res=12.31&uuid=5377c415-db16-4f94-b25f-d36265143e1f%3A1%3A1
192.243.61.227307 Temporary Redirect 0 B URL HTTP/1.1 perryvolleyball.com/watch.500623757510.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&tz=0&dev=r&res=12.31&uuid=5377c415-db16-4f94-b25f-d36265143e1f%3A1%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.500623757510.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&tz=0&dev=r&res=12.31&uuid=5377c415-db16-4f94-b25f-d36265143e1f%3A1%3A1 HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Fri, 09 Sep 2022 06:38:35 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://megalink.pw
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Credentials: true
Location: https://perryvolleyball.com/watch.500623757510.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&tz=0&dev=r&res=12.31&uuid=5377c415-db16-4f94-b25f-d36265143e1f%3A1%3A1&shu=5ae7ef6f2b850d5a2086c14e5df7b3fad55b4fe7cc5a74fb7624a64159e1577bc4cc3ddfab90c977210da055249c4928aa548d18d63fea10317574e76c84705d72811fae6a8d9f1e3f96af92a90b008aee08509b&pst=1662705575&rmtc=t
Set-Cookie: u_pl=17013292; expires=Sat, 10 Sep 2022 06:38:35 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzAxMzI5MiwiayI6ImJlMjVhOTVhYTI1YWY0OTlmY2JlMzc2N2Y1YTU3YTY2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzkwODYxLCJwaWQiOjI3MDI4NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNCwiYWlkIjoyNywicHQiOjQsInBrIjoiZ3V4M3l4dnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVnYWxpbmsucHcvdGs4VlMxIn19.pMul10MjLIij-FfHV2NhluMUQBAgma4Sl3hASLbJqb0; expires=Fri, 09 Sep 2022 06:39:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6d16b5bcbcb387ea0db2c7e7367e981e
Strict-Transport-Security: max-age=0; includeSubdomains
tovanillitechan.com/1?z=4938389
139.45.197.239200 OK 36 kB URL HTTP/2 tovanillitechan.com/1?z=4938389
IP 139.45.197.239:0
File type ASCII text, with very long lines (56850)
Hash 61eed91285945019914bcda8c9bf1b11
31f3a6d4598cbaafd6d0d0c2ec0d1406fa303bcd
79e883c51f581bb08cefba583072b513e9bbd517813ca72cf92aa2fe62a8806c
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=4938389 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 209337da5a98554dadafae209d34ad5f
access-control-expose-headers: X-Sc
x-sc: NpwDrjvh0soKKvE4mG6JBewaKQjBFvIhuh5dBzcY8QAK0_0IxdbLIYa2iUsBuC8uKvSOJaUysR_F2v7BsJDoAXTDxK0=
set-cookie: scm=1; expires=Sat, 09 Sep 2023 06:38:34 GMT; secure; SameSite=None
OAID=eab19dad70724f1cad15ae934d0d8428; expires=Sat, 09 Sep 2023 06:38:34 GMT; secure; SameSite=None
oaidts=1662705514; expires=Sat, 09 Sep 2023 06:38:34 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=c71a1ca85d23488abea373322cfb067e
139.45.197.239200 OK 2.7 kB URL HTTP/2 tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=c71a1ca85d23488abea373322cfb067e
IP 139.45.197.239:0
File type JSON data\012- , ASCII text, with very long lines (6569), with no line terminators
Hash 968a729d424faea605ee3fff6267e5ec
e76402c23bde8b71a8880eea7b972504f3444fa8
a62c43463f1ce2df3b9eefe398f85e4e3c8458c81c6235046d14484176ae1671
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=c71a1ca85d23488abea373322cfb067e HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 257
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=eab19dad70724f1cad15ae934d0d8428; oaidts=1662705514
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 1b7b81dab3beebd701ba821245228e72
access-control-expose-headers: X-Sc
set-cookie: OAID=c71a1ca85d23488abea373322cfb067e; expires=Sat, 09 Sep 2023 06:38:35 GMT; secure; SameSite=None
oaidts=1662705514; expires=Sat, 09 Sep 2023 06:38:35 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
eehuzaih.com/500/4943451?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 eehuzaih.com/500/4943451?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4943451?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
ad.a-ads.com/1959918?size=320x100
144.76.38.164200 OK 8.7 kB URL HTTP/2 ad.a-ads.com/1959918?size=320x100
IP 144.76.38.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Hash 934ba277d115cd8dcddc86e0cd0c4183
fccea035aa0dfbb6c99e103f3dd6fe5081426ed5
e6888a58b706a2be4a0a3f87582a2eafab811bf8cefb2ce5b308ee44b7a4684f
GET /1959918?size=320x100 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megalink.pw/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
oaphoace.net/500/5293715?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 oaphoace.net/500/5293715?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5293715?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.425.0
139.45.197.234200 OK 1.4 kB URL HTTP/2 bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.425.0
IP 139.45.197.234:0
Hash dc6dad3cd1dce03632dcc4d17e1303cf
6635864546e883088a067c3c531bcc921d270fb6
ab73ca8412a287727faef451f4d5cb8751407f55275fbce6148452ce0b18aaef
GET /5/4938391/?oo=1&js_build=iclick-v1.425.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/json
x-trace-id: 3c8595cb9f214b6678fcfbf1d84cd33b
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=f4a6b9c3dd5549a88a9e8679918efce3; expires=Sat, 09 Sep 2023 06:38:34 GMT; path=/; secure; SameSite=None
oaidts=1662705514; expires=Sat, 09 Sep 2023 06:38:34 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
perryvolleyball.com/watch.500623757510.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&tz=0&dev=r&res=12.31&uuid=5377c415-db16-4f94-b25f-d36265143e1f%3A1%3A1&shu=5ae7ef6f2b850d5a2086c14e5df7b3fad55b4fe7cc5a74fb7624a64159e1577bc4cc3ddfab90c977210da055249c4928aa548d18d63fea10317574e76c84705d72811fae6a8d9f1e3f96af92a90b008aee08509b&pst=1662705575&rmtc=t
192.243.61.227200 OK 2.2 kB URL HTTP/1.1 perryvolleyball.com/watch.500623757510.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&tz=0&dev=r&res=12.31&uuid=5377c415-db16-4f94-b25f-d36265143e1f%3A1%3A1&shu=5ae7ef6f2b850d5a2086c14e5df7b3fad55b4fe7cc5a74fb7624a64159e1577bc4cc3ddfab90c977210da055249c4928aa548d18d63fea10317574e76c84705d72811fae6a8d9f1e3f96af92a90b008aee08509b&pst=1662705575&rmtc=t
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash 7622d6d5b348e13aeef2aecb39408052
8e6a274f66b059d744a0c79b0dc5fcd531b83352
e12401a63c213030122c9b027a3e0002f11cfbd9768f03127804cf7024ba8d09
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.500623757510.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&tz=0&dev=r&res=12.31&uuid=5377c415-db16-4f94-b25f-d36265143e1f%3A1%3A1&shu=5ae7ef6f2b850d5a2086c14e5df7b3fad55b4fe7cc5a74fb7624a64159e1577bc4cc3ddfab90c977210da055249c4928aa548d18d63fea10317574e76c84705d72811fae6a8d9f1e3f96af92a90b008aee08509b&pst=1662705575&rmtc=t HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Referer: https://megalink.pw/
Connection: keep-alive
Cookie: u_pl=17013292; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzAxMzI5MiwiayI6ImJlMjVhOTVhYTI1YWY0OTlmY2JlMzc2N2Y1YTU3YTY2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzkwODYxLCJwaWQiOjI3MDI4NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNCwiYWlkIjoyNywicHQiOjQsInBrIjoiZ3V4M3l4dnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVnYWxpbmsucHcvdGs4VlMxIn19.pMul10MjLIij-FfHV2NhluMUQBAgma4Sl3hASLbJqb0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 09 Sep 2022 06:38:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://megalink.pw
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=5377c415-db16-4f94-b25f-d36265143e1f:1:1; expires=Fri, 16 Sep 2022 06:38:35 GMT; secure; SameSite=None
iprcbe18a8bb2b6920e8a7f98e1fdf1664f5=3569807; expires=Fri, 09 Sep 2022 10:38:35 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 10 Sep 2022 06:38:35 GMT; secure; SameSite=None
uncs=1; expires=Sat, 10 Sep 2022 06:38:35 GMT; secure; SameSite=None
pdhtkv27=true; expires=Sat, 10 Sep 2022 06:38:35 GMT; secure; SameSite=None
uncs27=1; expires=Sat, 10 Sep 2022 06:38:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 24ac48308817cda2964b9d7cce08bf6c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 931b283d12c78686f3ea35f6e33f2390
593f6501d90c124ce7731fe8ff2884af7515f988
6f27647fad08013b3139b5c7f0569b215dbff948249e63fedceb243c372f3bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 06:38:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
eehuzaih.com/500/4943451?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 1.2 kB URL HTTP/2 eehuzaih.com/500/4943451?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 62c1ecd236ba1725193fb9c03d8a8bfc
44865c534b9cbe06fb536df119f965ba48c51e6d
d54bcd3bd73112d74d15f0bd10e05051943e28ee1bbf8d5d29eb75bad0239808
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4943451?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=87755cec45e14af0a798b56ecc8d9d9f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: application/javascript
x-trace-id: f54a25f74c95f31ed80559380fab6d3f
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=c71a1ca85d23488abea373322cfb067e; expires=Sat, 09 Sep 2023 06:38:35 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
oaphoace.net/500/5293715?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 1.7 kB URL HTTP/2 oaphoace.net/500/5293715?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2338), with no line terminators
Hash 2210dea07741396d617d6bd2c8407744
6b46691e174a74aa7b17368c5ce0253673db009a
7cbe530c541639c9b5fb16110291cfff327086add6c21eb08e604a3686b76a01
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5293715?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=e8c0da0b6f9e49afb45ee7e1a2d49e4f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: application/javascript
x-trace-id: e0d41803a8beb8249cd5a4e0c0f0560d
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=c71a1ca85d23488abea373322cfb067e; expires=Sat, 09 Sep 2023 06:38:35 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
104.22.32.172200 OK 66 kB URL HTTP/2 offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
IP 104.22.32.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 3d08aacb36c7474e0d13b60f8f4adc14
e4af2de372b5e3a2211579a5973ef7ed160e7be4
54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c
GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: image/png
content-length: 66121
last-modified: Thu, 10 Dec 2020 12:34:30 GMT
etag: "5fd215d6-10249"
expires: Fri, 09 Sep 2022 12:24:07 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 65668
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec002d4115f8-ARN
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ba04a5ffb454c6515d31137d4aff0592
56514ad2632345f3a2ba65014fad4a4564fc53d5
5ead23c004fb06735a1fc4f6c6846a5cb43d28fc25788b74113ca59670f72154
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EAD23C004FB06735A1FC4F6C6846A5CB43D28FC25788B74113CA59670F72154"
Last-Modified: Thu, 08 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17910
Expires: Fri, 09 Sep 2022 11:37:05 GMT
Date: Fri, 09 Sep 2022 06:38:35 GMT
Connection: keep-alive
pseepsie.com/pfe/current/universal.min.js?v=3.1.392
139.45.197.250200 OK 124 kB URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.392
IP 139.45.197.250:0
Size 124 kB (123773 bytes)
Hash b5e2c5e11b1ab7b0ececf5ca355b024b
37c5910e92b5eea589ddb5b9f3c6bb31615ed4b3
69173af1b755fae7fdc728ee5e04d518561f78220649af46dd4547a106fdbc8e
GET /pfe/current/universal.min.js?v=3.1.392 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-20481"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 931b283d12c78686f3ea35f6e33f2390
593f6501d90c124ce7731fe8ff2884af7515f988
6f27647fad08013b3139b5c7f0569b215dbff948249e63fedceb243c372f3bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 06:38:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
phosphatepossible.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bRRTGZ5sckDiByoEiwOIEEnJ2vc7apoeKEoIi0qY0oHKD2ZmxM3h2ZzWz43VyQBEVqBckc%2BW0%2BZw0Kq0QSFypkFOphwikLqccCP8CCKknDshuhOFJq%2Ffeft%2Fh996bL%2FbcKfHh6MnKFb0jlaJLy3W%2F9uqHQXCxti5TN6wN29FHUfNizQze6ER1%2F7XaO4L19VLDD3w%2F8IPaqjSiq4dLUxEyu9cJ6h2%2F3mzUg%2BUmhub%2FvXUeLPXAB6fkWUheLT7wzkOyCdLkuxVh%2B7nOXn87cYrm2mDADz9I%2B6kuUiTzsms8dNPDMze0fbR6Hzo9mOFCD%2F41xrIi3sP7iNPDM0jEg%2F0ZZ6wgUsT8aRSDCYSaQNIJmL4JyR8RgHFc3UCa3L6qTUG3n6h0qlZk8fFfkEVFFn87jzT59rKSw9qmVi6XOrUYdkvI4QSyN0HmjpDvnIMsjsDyzyD5L2Tp8TrSZH%2FDKg3Jy9nsUk4guxMoMQK1Htz0kx5c14PLPCT8pMaCIGj5nFG%2F3WEs5C0RR9wPaKsb0MCP2nBsijdCno3A1AjM7CIzu%2BjLEYz7CXarhOUebF4R771dDHiJQhAUlqCgBIUkKHKCYlAecGUbtrzNlXVxcJYbZzksxzrv7dEDnfdESvayU%2FLMdC%2FewtfPoS9OasssbC8HYWdKRUO%2FIwQPozgQgkWNoMUorCwh7bnZqDuyIi9sfolMVmTx5Z8R0yNYdQQmXwF1L4IW41bDB90aN9s%2BdtK7iehRJdN%2BPSvAdYksX0S%2B7e2pU%2FL87DzhjT8g2PGlj%2BMr1Z93%2FgYzJTJT4hP5gKCnbo2v64LsX9eFJd9vZLlM5A6dnm4zp7lY%2BOZdsV1ow9dW7OjOm2wqTMt77wubr9OUy7Rnyd3LknNhVrVhgvy4Zm%2BI%2BJqzW5edSV22fu2t1bUkM8JaqdMJqKwIeXgMJivy1A8Hs1d54fNPIc0ExpVI3DE5C0h9BJbtwmZzfqsXYNTcE2ceCleOTSOe%2F1SSQIl5T%2BMS9j99PK%2F37C30zEug%2BU2kSYmBKTFQJagawbqFcZ6Z40u%2FhrNArLxxrIy3HyujvnqyXCtPaq0w9GnUWQ5aLSpacbPR7kYBp7TRjBpRREPktmIXfu%2F%2FAwAA%2F%2F8BAAD%2F%2FwaX%2FlBgBAAA
192.243.59.13200 OK 7 B URL HTTP/1.1 phosphatepossible.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bRRTGZ5sckDiByoEiwOIEEnJ2vc7apoeKEoIi0qY0oHKD2ZmxM3h2ZzWz43VyQBEVqBckc%2BW0%2BZw0Kq0QSFypkFOphwikLqccCP8CCKknDshuhOFJq%2Ffeft%2Fh996bL%2FbcKfHh6MnKFb0jlaJLy3W%2F9uqHQXCxti5TN6wN29FHUfNizQze6ER1%2F7XaO4L19VLDD3w%2F8IPaqjSiq4dLUxEyu9cJ6h2%2F3mzUg%2BUmhub%2FvXUeLPXAB6fkWUheLT7wzkOyCdLkuxVh%2B7nOXn87cYrm2mDADz9I%2B6kuUiTzsms8dNPDMze0fbR6Hzo9mOFCD%2F41xrIi3sP7iNPDM0jEg%2F0ZZ6wgUsT8aRSDCYSaQNIJmL4JyR8RgHFc3UCa3L6qTUG3n6h0qlZk8fFfkEVFFn87jzT59rKSw9qmVi6XOrUYdkvI4QSyN0HmjpDvnIMsjsDyzyD5L2Tp8TrSZH%2FDKg3Jy9nsUk4guxMoMQK1Htz0kx5c14PLPCT8pMaCIGj5nFG%2F3WEs5C0RR9wPaKsb0MCP2nBsijdCno3A1AjM7CIzu%2BjLEYz7CXarhOUebF4R771dDHiJQhAUlqCgBIUkKHKCYlAecGUbtrzNlXVxcJYbZzksxzrv7dEDnfdESvayU%2FLMdC%2FewtfPoS9OasssbC8HYWdKRUO%2FIwQPozgQgkWNoMUorCwh7bnZqDuyIi9sfolMVmTx5Z8R0yNYdQQmXwF1L4IW41bDB90aN9s%2BdtK7iehRJdN%2BPSvAdYksX0S%2B7e2pU%2FL87DzhjT8g2PGlj%2BMr1Z93%2FgYzJTJT4hP5gKCnbo2v64LsX9eFJd9vZLlM5A6dnm4zp7lY%2BOZdsV1ow9dW7OjOm2wqTMt77wubr9OUy7Rnyd3LknNhVrVhgvy4Zm%2BI%2BJqzW5edSV22fu2t1bUkM8JaqdMJqKwIeXgMJivy1A8Hs1d54fNPIc0ExpVI3DE5C0h9BJbtwmZzfqsXYNTcE2ceCleOTSOe%2F1SSQIl5T%2BMS9j99PK%2F37C30zEug%2BU2kSYmBKTFQJagawbqFcZ6Z40u%2FhrNArLxxrIy3HyujvnqyXCtPaq0w9GnUWQ5aLSpacbPR7kYBp7TRjBpRREPktmIXfu%2F%2FAwAA%2F%2F8BAAD%2F%2FwaX%2FlBgBAAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bRRTGZ5sckDiByoEiwOIEEnJ2vc7apoeKEoIi0qY0oHKD2ZmxM3h2ZzWz43VyQBEVqBckc%2BW0%2BZw0Kq0QSFypkFOphwikLqccCP8CCKknDshuhOFJq%2Ffeft%2Fh996bL%2FbcKfHh6MnKFb0jlaJLy3W%2F9uqHQXCxti5TN6wN29FHUfNizQze6ER1%2F7XaO4L19VLDD3w%2F8IPaqjSiq4dLUxEyu9cJ6h2%2F3mzUg%2BUmhub%2FvXUeLPXAB6fkWUheLT7wzkOyCdLkuxVh%2B7nOXn87cYrm2mDADz9I%2B6kuUiTzsms8dNPDMze0fbR6Hzo9mOFCD%2F41xrIi3sP7iNPDM0jEg%2F0ZZ6wgUsT8aRSDCYSaQNIJmL4JyR8RgHFc3UCa3L6qTUG3n6h0qlZk8fFfkEVFFn87jzT59rKSw9qmVi6XOrUYdkvI4QSyN0HmjpDvnIMsjsDyzyD5L2Tp8TrSZH%2FDKg3Jy9nsUk4guxMoMQK1Htz0kx5c14PLPCT8pMaCIGj5nFG%2F3WEs5C0RR9wPaKsb0MCP2nBsijdCno3A1AjM7CIzu%2BjLEYz7CXarhOUebF4R771dDHiJQhAUlqCgBIUkKHKCYlAecGUbtrzNlXVxcJYbZzksxzrv7dEDnfdESvayU%2FLMdC%2FewtfPoS9OasssbC8HYWdKRUO%2FIwQPozgQgkWNoMUorCwh7bnZqDuyIi9sfolMVmTx5Z8R0yNYdQQmXwF1L4IW41bDB90aN9s%2BdtK7iehRJdN%2BPSvAdYksX0S%2B7e2pU%2FL87DzhjT8g2PGlj%2BMr1Z93%2FgYzJTJT4hP5gKCnbo2v64LsX9eFJd9vZLlM5A6dnm4zp7lY%2BOZdsV1ow9dW7OjOm2wqTMt77wubr9OUy7Rnyd3LknNhVrVhgvy4Zm%2BI%2BJqzW5edSV22fu2t1bUkM8JaqdMJqKwIeXgMJivy1A8Hs1d54fNPIc0ExpVI3DE5C0h9BJbtwmZzfqsXYNTcE2ceCleOTSOe%2F1SSQIl5T%2BMS9j99PK%2F37C30zEug%2BU2kSYmBKTFQJagawbqFcZ6Z40u%2FhrNArLxxrIy3HyujvnqyXCtPaq0w9GnUWQ5aLSpacbPR7kYBp7TRjBpRREPktmIXfu%2F%2FAwAA%2F%2F8BAAD%2F%2FwaX%2FlBgBAAA HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Sep 2022 06:38:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d0151db8ecb197a01d621324265c7bc4
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c34afdb543f36633ccaa1856798ce9b
568d09d760f3b498376e86a26b13345bd53cd217
54daf99f14294bd52d5f516aa5cec0584b8a43daae4525fabb7692f9f114af5b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54DAF99F14294BD52D5F516AA5CEC0584B8A43DAAE4525FABB7692F9F114AF5B"
Last-Modified: Wed, 07 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2961
Expires: Fri, 09 Sep 2022 07:27:56 GMT
Date: Fri, 09 Sep 2022 06:38:35 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png
45.133.44.9200 OK 67 kB URL HTTP/2 cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash a98b4585db1c6db06d6857c73bb75fcb
02a896b08a79e873b2dd26200ee1f0665dc1c80a
fc08e863ffafe25aa63fe8b60c2d5135fc5f52caf0abae4da3f1a90e0f8ed96c
GET /cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: image/png
content-length: 67174
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:43 GMT
etag: "62e11c7f-10666"
expires: Sun, 11 Sep 2022 06:38:35 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6196248d34769fa746f3ce857cca25e3
7056a0fdc2a1f06e809165462c11e90cce742e3b
f0a10f2f7961a948de7f64b7530139b1a8abf691fd981f1b5a7c1afff2229c75
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F0A10F2F7961A948DE7F64B7530139B1A8ABF691FD981F1B5A7C1AFFF2229C75"
Last-Modified: Thu, 08 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18225
Expires: Fri, 09 Sep 2022 11:42:20 GMT
Date: Fri, 09 Sep 2022 06:38:35 GMT
Connection: keep-alive
interstitial-07.com/contents/s/36/d8/c2/9c866059b85b47752a6cc71b81/01636574006222.png
139.45.197.155200 OK 45 kB URL HTTP/2 interstitial-07.com/contents/s/36/d8/c2/9c866059b85b47752a6cc71b81/01636574006222.png
IP 139.45.197.155:0
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 36d8c29c866059b85b47752a6cc71b81
2d877eabf6710f66f5d7a3e265de997cf258ba32
0bbd2d8d16b4fd96c0a0dabecbd05ca573b30cd7079950d73b5dd68bde69a27b
GET /contents/s/36/d8/c2/9c866059b85b47752a6cc71b81/01636574006222.png HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=nYoUsXe6mMfSnop&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D2800942542%26z%3D4938389%26b%3D14082266%26c%3D5881775%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62febf30c58abd0001fff58e%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3D-Wmnn9BCh5G-joHiFtkGzu3VQm85LSfg-VPNk6ID0h2FKT9tardPeQQO3Q32aeEwi9wRuTgw-r4y54yg4VDHscTMg0mBva0jjUR5gAxrwFd3o6aP5K0AZh2MOMdsc8GRy3Fjiapd9Wu0sVG8F1dCgXYv4msms9-VXInT9aYl1hxY9vqLKOBGMkNyAIYjk9v4cQm2ZH8i3aXp7Squ8KGAfxfyFJ5UQvEEbsg-DIJ6eSJqcn7Mf9lq3R7AUQ5GnkxO6ZgjPNOnwOc--0bV_GiypXPFlq09yOd-ADB5yp4ipeOP9I3UPmwDdkBFEfPmZ-GQ4d7S2Nlc_ZgKgvS0nUKUhI6HMgRRTvU7KGxrY26hyaHquM4WpMy9zkS0IiNZq_sQB7Tim7RO26jdk0PMm34oebuzu4whdB9kMYRyjKYccqrf-TdTJInaKB5CWQtCQZ3oI_x6P5_TQ_C2VrtkhKQFb3-J1rzucOXjddV4nebwLK2UBQplOCQ1W_WZXUn-4gK0gdaDWkd7Wiaacxz90EnW9OHWoGtov-YNXQXxN3bWObpJoGZMb9GARKcuhVHdONF4rQChEKLIhp4bm8NfuAXKPtRvO7wPEapgOisO-B0mERj5ZPQ7ftQHVxcnbpg9FMPFogbawntC1lowIcqlqM80yQ%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D8c90eca4-140e-4573-9b99-c7828448d43e%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmegalink.pw%252Ftk8VS1%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: image/png
content-length: 45133
last-modified: Thu, 14 Jul 2022 23:23:43 GMT
etag: "62d0a57f-b04d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js
142.250.74.163200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js
IP 142.250.74.163:0
File type HTML document, ASCII text, with very long lines (579)
Size 158 kB (158056 bytes)
Hash d63a69f898e1d00cfc7c871744ded8c4
e166540eccb571c95c8c1135c2168cf5df306991
ed7892ca1498d6dfc0ff8b354ab8c409eed81b1fa77b427467815d0c7f45021c
GET /recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 21:31:14 GMT
expires: Sat, 02 Sep 2023 21:31:14 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
content-type: text/javascript
age: 551241
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/75/94/a0/f996d4ddcb875efcd052a96194/0975695614572.jpeg
139.45.197.155200 OK 169 kB URL HTTP/2 interstitial-07.com/contents/s/75/94/a0/f996d4ddcb875efcd052a96194/0975695614572.jpeg
IP 139.45.197.155:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 900x600, components 3\012- data
Size 169 kB (169047 bytes)
Hash 7594a0f996d4ddcb875efcd052a96194
3ffba69a4639d1923f3db965d0208cdf90e964e2
89d6557a0c191c7109ce6649e4112bf96eaf848b52d2c20cba65c0afbf549cc3
GET /contents/s/75/94/a0/f996d4ddcb875efcd052a96194/0975695614572.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=nYoUsXe6mMfSnop&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D2800942542%26z%3D4938389%26b%3D14082266%26c%3D5881775%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62febf30c58abd0001fff58e%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3D-Wmnn9BCh5G-joHiFtkGzu3VQm85LSfg-VPNk6ID0h2FKT9tardPeQQO3Q32aeEwi9wRuTgw-r4y54yg4VDHscTMg0mBva0jjUR5gAxrwFd3o6aP5K0AZh2MOMdsc8GRy3Fjiapd9Wu0sVG8F1dCgXYv4msms9-VXInT9aYl1hxY9vqLKOBGMkNyAIYjk9v4cQm2ZH8i3aXp7Squ8KGAfxfyFJ5UQvEEbsg-DIJ6eSJqcn7Mf9lq3R7AUQ5GnkxO6ZgjPNOnwOc--0bV_GiypXPFlq09yOd-ADB5yp4ipeOP9I3UPmwDdkBFEfPmZ-GQ4d7S2Nlc_ZgKgvS0nUKUhI6HMgRRTvU7KGxrY26hyaHquM4WpMy9zkS0IiNZq_sQB7Tim7RO26jdk0PMm34oebuzu4whdB9kMYRyjKYccqrf-TdTJInaKB5CWQtCQZ3oI_x6P5_TQ_C2VrtkhKQFb3-J1rzucOXjddV4nebwLK2UBQplOCQ1W_WZXUn-4gK0gdaDWkd7Wiaacxz90EnW9OHWoGtov-YNXQXxN3bWObpJoGZMb9GARKcuhVHdONF4rQChEKLIhp4bm8NfuAXKPtRvO7wPEapgOisO-B0mERj5ZPQ7ftQHVxcnbpg9FMPFogbawntC1lowIcqlqM80yQ%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D8c90eca4-140e-4573-9b99-c7828448d43e%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmegalink.pw%252Ftk8VS1%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: image/jpeg
content-length: 169047
last-modified: Mon, 18 Jul 2022 20:55:09 GMT
etag: "62d5c8ad-29457"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: ca09fc76ef03bba8e7e769fea2411e04
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 729
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 71291c54adda118f24ac1b97a2a829da
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 09 Sep 2022 06:38:36 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: eb41c7f8f50a407f11b046e351ba2bd6
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d510006684c41cbdf97ea19087d5d77f
175e3a9e1727d7841003b6c6c228ba2e79d41124
d30f31a4fd293a2bf326f667d47745533d99a6088849033b9086578b3541f741
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D30F31A4FD293A2BF326F667D47745533D99A6088849033B9086578B3541F741"
Last-Modified: Wed, 07 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15208
Expires: Fri, 09 Sep 2022 10:52:04 GMT
Date: Fri, 09 Sep 2022 06:38:36 GMT
Connection: keep-alive
dozubatan.com/500/4938388?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 4.6 kB URL HTTP/2 dozubatan.com/500/4938388?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 0905db09c2657f2edca6778abc1ce018
4d9b693522229407fbdf7292c2e9c6424f768aac
ff84578c1fb377d93a165654d9b13d660fd076269a72001838d68c09c710d088
GET /500/4938388?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=9d2d90ef0e5c48439551c2c284091434
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: application/javascript
x-trace-id: 7c9c5f369fc62879f1832067216dab33
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=c71a1ca85d23488abea373322cfb067e; expires=Sat, 09 Sep 2023 06:38:35 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 373
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6d46b0f1f94fdae4ca2492527977d583
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/close.png
172.67.183.56200 OK 6.0 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/close.png
IP 172.67.183.56:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/close.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: image/png
content-length: 5982
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3184458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3aAcYlhC2bxHgWh4b7RBck5Uu5IfVkDtAvW%2FFxah7ovdgVMcgru5iVsSWXrZPwW2lwHxDg5IC2gIl56sRofME6IhUPsSlIxkWvRz2sOMMZzp8JSK%2FKQUcnSgEu14MY9TV4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec045aea0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/arrow.png
172.67.183.56200 OK 2.0 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/arrow.png
IP 172.67.183.56:0
File type PNG image data, 52 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash ef2bad0eceeff00bf615df0a433a5bff
a910af81d23d78c96283b46c241d3d9652562009
9c362044a93ac6919b7174a1620d4d82dbe1940a450aea1abca32a48fd160d40
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/arrow.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: image/png
content-length: 2008
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-7d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3184458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jkj5Y1WIseICvis7pv3IlLVtYsPKnk1VfquSQg2QGcG4y5axRctHORFYlDd9k1J42yYHiB4g4cRWk4XDfwk843RcwCYkquVs3SZYUlk%2Fp5Fm6WnvONWdgGGaHCh95w1s5n0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec045aeb0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/number.png
172.67.183.56200 OK 1.1 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/number.png
IP 172.67.183.56:0
File type PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/number.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: image/png
content-length: 1138
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3184458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yrVwXN5cElXwMCxZdonl6yi0j8DbkOGLAFqL7TpHj1aLol4GOiIy02Ealv506HicEVSCB9Rgi31zxf%2F85r9Lk%2BNrf8qOkNmtnG%2B%2FOmYtCSKDPsMAuQ1QmaLaRK%2Fx8Zs7DtM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec045aec0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Findex.html&l=2230&fd=601
192.243.59.13200 OK 0 B URL HTTP/1.1 phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Findex.html&l=2230&fd=601
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Findex.html&l=2230&fd=601 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Sep 2022 06:38:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/icon.png
172.67.183.56200 OK 157 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/icon.png
IP 172.67.183.56:0
File type PNG image data, 340 x 340, 8-bit/color RGB, non-interlaced\012- data
Size 157 kB (157252 bytes)
Hash 70ffdd6375de1144c67e71e385cedb80
6d5c9590fa9a156851435bcefc963949de13ceb1
18515abb1bfe26c5b54bbbdc24aac4e8a757f879eeaa9c0ad986dc0c8d5ca0af
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/img/icon.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: image/png
content-length: 157252
last-modified: Tue, 08 Feb 2022 14:14:59 GMT
etag: "62027ae3-26644"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3184458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JYeXT7sBCn6iP1sWi%2F22BGENlcrqYahz48Q0NHrbrxisYDxsbM%2BmBWWVTcBZwK1lMse%2FqxiAvOI8a3JnpX0%2FT%2Fo84LnhoeYQSEFo8y3N7xum5WRm6aB97pfwWq2WCq71hTY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec045aee0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=532061577
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=532061577
IP 139.45.197.236:0
Hash 61e65781084642fe08b1671b38a91d84
a10416e1f9a203c28afb1d42edd7469546f38313
7506a90dc48bdced2d30c065cccd53d949b1ac3067084b4970d3e60069059e74
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=532061577 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b5f6f9e937207c2108994e45f003a741
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d510006684c41cbdf97ea19087d5d77f
175e3a9e1727d7841003b6c6c228ba2e79d41124
d30f31a4fd293a2bf326f667d47745533d99a6088849033b9086578b3541f741
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D30F31A4FD293A2BF326F667D47745533D99A6088849033B9086578B3541F741"
Last-Modified: Wed, 07 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15208
Expires: Fri, 09 Sep 2022 10:52:04 GMT
Date: Fri, 09 Sep 2022 06:38:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1fe0327a01f21c54fc9bfc3efc87c68c
11e6ecf4707288032f021916e04ed93a46434da1
6fcc309bb04b920a7f738685e528507aeb74a0d37b935caf4c387d665c40b6de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FCC309BB04B920A7F738685E528507AEB74A0D37B935CAF4C387D665C40B6DE"
Last-Modified: Thu, 08 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6654
Expires: Fri, 09 Sep 2022 08:29:30 GMT
Date: Fri, 09 Sep 2022 06:38:36 GMT
Connection: keep-alive
phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Fcss%2Fstyle.css&l=9494&fd=346
192.243.59.13200 OK 0 B URL HTTP/1.1 phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Fcss%2Fstyle.css&l=9494&fd=346
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Fcss%2Fstyle.css&l=9494&fd=346 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Sep 2022 06:38:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 126268
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 126268
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Fjs%2Fscript.js&l=711&fd=288
192.243.59.13200 OK 0 B URL HTTP/1.1 phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Fjs%2Fscript.js&l=711&fd=288
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Fjs%2Fscript.js&l=711&fd=288 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Sep 2022 06:38:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=5377c415-db16-4f94-b25f-d36265143e1f&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=5377c415-db16-4f94-b25f-d36265143e1f&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=5377c415-db16-4f94-b25f-d36265143e1f&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 09 Sep 2022 06:38:36 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 659a2a4a35a07350d88307868a6298ad
Strict-Transport-Security: max-age=0; includeSubdomains
phosphatepossible.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 phosphatepossible.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Sep 2022 06:38:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Fcss%2Fanimate.css&l=79249&fd=351
192.243.59.13200 OK 0 B URL HTTP/1.1 phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Fcss%2Fanimate.css&l=79249&fd=351
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F15%2Fcss%2Fanimate.css&l=79249&fd=351 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Sep 2022 06:38:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
pseepsie.com/event
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /event HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
pseepsie.com/event
139.45.197.250200 OK 94 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 905bb9d98fd7e461abe9ea3c3f353151
96c2950da9df684215059f7145b417b3a70ec17b
c0eabb7af76387f9943e2d3ddc1031a735f2a36e39d88d8268a3cdcd8c3221a3
Analyzer Verdict Alert fortinet Malware
POST /event HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 1031
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 511108e10686b878dfded7bcb92c2459
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
phosphatepossible.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq7N7EDwp8WBEHTwpyGz3%2FB5zCMa4EtxkY1aJN61fM1tOdVdT1TU9uwdZDEouwnj11Pud3SwxQRS8GmQ2kMOikPa0B9d%2FQRFy8iAzWRx90Lz3%2Bvs9fN579cWuPyEhPD2%2BdMVsK63pSrMaVl79MIrOV9ZU4keVUaf1UatxvmKHb3Rb1fC1yjuSD8xKLYzCMAqjyqqysmdGKzMRKr3XjardsNqoVaNmAyP7%2F975AI4GEMMT8iyUKJcfBGeh%2BBRJ%2FN0l6QaZSV9%2FO%2FaaZsZiKA4%2BSAaJyRPEi7JnA%2FSSg1M3jHu0eh8m2Z%2Fjwgz%2FNTJVkuDhfbDk4BQSbLg352QaMgETTyMfTiH1FIpOwc1NKPGIAFzg6jqS%2BPZVY3O69USlM7Uky4%2F%2FgspLsvzbWSTxtxe1GlU2jPaZMonDqFdAjaZQ%2FSlSf4hs%2BwxUfgiefQYlfiErj9eQxHvrThsoUcxnV2oK1ZtCyzGoC%2BBnnwrgewF8GiAWxxUeRVE7FJyGnS7nddGWrCXCiLZ7EY3CVgeez%2FDGyNIxuB6D2x2kdgcDNYb1P8FtFnAigMtKEry3g6EokEuC3BHklCBXBHlGkA%2BLfaFdzRW3hXaeRae5dprrxcRk%2FV26b7K%2BTMhuekKeme0lWPr6OQzkcaXJ651mVO%2FOqGg97Eop6i0WSclbtajNKZwqoNyZ%2BajbqiQvbHyJVJVk%2BeWfweghnD4EV6%2BA%2BhdB80m7FoJuThqdENvJ3Vj2qVbJoJrmEKZAmi0j2wp29Ql5fn6e%2Bo0%2FIPnRhY%2FZlfLPO3%2BD2wKpLfCJekDQ17cm101O9q6b3JHv19NMxWqbzk63kdFMLn3zrtzKjRWXL7nxnTf5TJiV996XLlujiVBJ35G7F5UQ0q4ayyX58bK7Idk17zYvepv4dO3aW6uX49RK55RJpqCqJOThEbgqyVM%2F7M9f5bnPP4WyU1hfIPZH5DSgzCF4ugOXLvidWYLVCw9LA%2BS%2BmNgaW%2FzUikDLRU9ZAfefni3qXXcLffsSaHYTSVxgaAsMdQGqx3B%2BaZKl9ujCr%2FV5gOlgwrQN9pi2%2Bqsny3XquFIPRZvJnmwz2Wg2epIL1myykPc4q4tOhyNzJT%2F3%2B%2BAfAAAA%2F%2F8BAAD%2F%2F4ZDK7hgBAAA
192.243.59.13200 OK 7 B URL HTTP/1.1 phosphatepossible.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq7N7EDwp8WBEHTwpyGz3%2FB5zCMa4EtxkY1aJN61fM1tOdVdT1TU9uwdZDEouwnj11Pud3SwxQRS8GmQ2kMOikPa0B9d%2FQRFy8iAzWRx90Lz3%2Bvs9fN579cWuPyEhPD2%2BdMVsK63pSrMaVl79MIrOV9ZU4keVUaf1UatxvmKHb3Rb1fC1yjuSD8xKLYzCMAqjyqqysmdGKzMRKr3XjardsNqoVaNmAyP7%2F975AI4GEMMT8iyUKJcfBGeh%2BBRJ%2FN0l6QaZSV9%2FO%2FaaZsZiKA4%2BSAaJyRPEi7JnA%2FSSg1M3jHu0eh8m2Z%2Fjwgz%2FNTJVkuDhfbDk4BQSbLg352QaMgETTyMfTiH1FIpOwc1NKPGIAFzg6jqS%2BPZVY3O69USlM7Uky4%2F%2FgspLsvzbWSTxtxe1GlU2jPaZMonDqFdAjaZQ%2FSlSf4hs%2BwxUfgiefQYlfiErj9eQxHvrThsoUcxnV2oK1ZtCyzGoC%2BBnnwrgewF8GiAWxxUeRVE7FJyGnS7nddGWrCXCiLZ7EY3CVgeez%2FDGyNIxuB6D2x2kdgcDNYb1P8FtFnAigMtKEry3g6EokEuC3BHklCBXBHlGkA%2BLfaFdzRW3hXaeRae5dprrxcRk%2FV26b7K%2BTMhuekKeme0lWPr6OQzkcaXJ651mVO%2FOqGg97Eop6i0WSclbtajNKZwqoNyZ%2BajbqiQvbHyJVJVk%2BeWfweghnD4EV6%2BA%2BhdB80m7FoJuThqdENvJ3Vj2qVbJoJrmEKZAmi0j2wp29Ql5fn6e%2Bo0%2FIPnRhY%2FZlfLPO3%2BD2wKpLfCJekDQ17cm101O9q6b3JHv19NMxWqbzk63kdFMLn3zrtzKjRWXL7nxnTf5TJiV996XLlujiVBJ35G7F5UQ0q4ayyX58bK7Idk17zYvepv4dO3aW6uX49RK55RJpqCqJOThEbgqyVM%2F7M9f5bnPP4WyU1hfIPZH5DSgzCF4ugOXLvidWYLVCw9LA%2BS%2BmNgaW%2FzUikDLRU9ZAfefni3qXXcLffsSaHYTSVxgaAsMdQGqx3B%2BaZKl9ujCr%2FV5gOlgwrQN9pi2%2Bqsny3XquFIPRZvJnmwz2Wg2epIL1myykPc4q4tOhyNzJT%2F3%2B%2BAfAAAA%2F%2F8BAAD%2F%2F4ZDK7hgBAAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq7N7EDwp8WBEHTwpyGz3%2FB5zCMa4EtxkY1aJN61fM1tOdVdT1TU9uwdZDEouwnj11Pud3SwxQRS8GmQ2kMOikPa0B9d%2FQRFy8iAzWRx90Lz3%2Bvs9fN579cWuPyEhPD2%2BdMVsK63pSrMaVl79MIrOV9ZU4keVUaf1UatxvmKHb3Rb1fC1yjuSD8xKLYzCMAqjyqqysmdGKzMRKr3XjardsNqoVaNmAyP7%2F975AI4GEMMT8iyUKJcfBGeh%2BBRJ%2FN0l6QaZSV9%2FO%2FaaZsZiKA4%2BSAaJyRPEi7JnA%2FSSg1M3jHu0eh8m2Z%2Fjwgz%2FNTJVkuDhfbDk4BQSbLg352QaMgETTyMfTiH1FIpOwc1NKPGIAFzg6jqS%2BPZVY3O69USlM7Uky4%2F%2FgspLsvzbWSTxtxe1GlU2jPaZMonDqFdAjaZQ%2FSlSf4hs%2BwxUfgiefQYlfiErj9eQxHvrThsoUcxnV2oK1ZtCyzGoC%2BBnnwrgewF8GiAWxxUeRVE7FJyGnS7nddGWrCXCiLZ7EY3CVgeez%2FDGyNIxuB6D2x2kdgcDNYb1P8FtFnAigMtKEry3g6EokEuC3BHklCBXBHlGkA%2BLfaFdzRW3hXaeRae5dprrxcRk%2FV26b7K%2BTMhuekKeme0lWPr6OQzkcaXJ651mVO%2FOqGg97Eop6i0WSclbtajNKZwqoNyZ%2BajbqiQvbHyJVJVk%2BeWfweghnD4EV6%2BA%2BhdB80m7FoJuThqdENvJ3Vj2qVbJoJrmEKZAmi0j2wp29Ql5fn6e%2Bo0%2FIPnRhY%2FZlfLPO3%2BD2wKpLfCJekDQ17cm101O9q6b3JHv19NMxWqbzk63kdFMLn3zrtzKjRWXL7nxnTf5TJiV996XLlujiVBJ35G7F5UQ0q4ayyX58bK7Idk17zYvepv4dO3aW6uX49RK55RJpqCqJOThEbgqyVM%2F7M9f5bnPP4WyU1hfIPZH5DSgzCF4ugOXLvidWYLVCw9LA%2BS%2BmNgaW%2FzUikDLRU9ZAfefni3qXXcLffsSaHYTSVxgaAsMdQGqx3B%2BaZKl9ujCr%2FV5gOlgwrQN9pi2%2Bqsny3XquFIPRZvJnmwz2Wg2epIL1myykPc4q4tOhyNzJT%2F3%2B%2BAfAAAA%2F%2F8BAAD%2F%2F4ZDK7hgBAAA HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Sep 2022 06:38:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 940fa3f94b5db84cbfd08d1c6450592a
Strict-Transport-Security: max-age=0; includeSubdomains
eehuzaih.com/impression/PoH9xZGkH2SfbYyF0IhbtVpNn9AaIfsNcami1k6qiIK7q7qTr_b-MBYHxR3Q9T4DQrcAaaxb7twEUTpmCNe6rXhpyoGP_pMk2bfHB3OpzjQzwWlF11ZfrOLrU4SpI_uGvctzDS_iin4s9Z6ZR53dOo4EtFN4OgItBkTfjSIa6D0KtixBWvzzYEKS9TXm7uEDHVZ6MS0o_3uGRTFuJy15-S_JnEFtbzd82s0wFGpRE96yUTi240TMKY8VqMT16q310H39TPkVlo4rWdtMI6gutyGrjq9f5uZnUcSf9WgeCM197mN3sVM9FDuTHK0SF4bEFfBJbtCKEp0JZOUDN3t_urnrZYR99RUjoIPfx9-z_X3N92XgmZFx3lMX37SwD-saiusIKMS_N5TmC-YNDR4e0n3bSbKX9O3bN_zDOjDpHyrwj-_5MTmYl1CSCuKSGY2yFUR0AkhP9GR0FcQrY8SWM9qW7zGjMQDeim0gAjCUKYPmhN1JFnEwMPm5GbL13Zm_us_VW-p4vhz8IBPkBJeYeZ7eBufE01_92Aj_ViaWgproEQwRBalcJzuX12Ql6AiqB5hJpfn7l5syEXEGM15Ih1la9UM=?_z=4943451&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 eehuzaih.com/impression/PoH9xZGkH2SfbYyF0IhbtVpNn9AaIfsNcami1k6qiIK7q7qTr_b-MBYHxR3Q9T4DQrcAaaxb7twEUTpmCNe6rXhpyoGP_pMk2bfHB3OpzjQzwWlF11ZfrOLrU4SpI_uGvctzDS_iin4s9Z6ZR53dOo4EtFN4OgItBkTfjSIa6D0KtixBWvzzYEKS9TXm7uEDHVZ6MS0o_3uGRTFuJy15-S_JnEFtbzd82s0wFGpRE96yUTi240TMKY8VqMT16q310H39TPkVlo4rWdtMI6gutyGrjq9f5uZnUcSf9WgeCM197mN3sVM9FDuTHK0SF4bEFfBJbtCKEp0JZOUDN3t_urnrZYR99RUjoIPfx9-z_X3N92XgmZFx3lMX37SwD-saiusIKMS_N5TmC-YNDR4e0n3bSbKX9O3bN_zDOjDpHyrwj-_5MTmYl1CSCuKSGY2yFUR0AkhP9GR0FcQrY8SWM9qW7zGjMQDeim0gAjCUKYPmhN1JFnEwMPm5GbL13Zm_us_VW-p4vhz8IBPkBJeYeZ7eBufE01_92Aj_ViaWgproEQwRBalcJzuX12Ql6AiqB5hJpfn7l5syEXEGM15Ih1la9UM=?_z=4943451&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/PoH9xZGkH2SfbYyF0IhbtVpNn9AaIfsNcami1k6qiIK7q7qTr_b-MBYHxR3Q9T4DQrcAaaxb7twEUTpmCNe6rXhpyoGP_pMk2bfHB3OpzjQzwWlF11ZfrOLrU4SpI_uGvctzDS_iin4s9Z6ZR53dOo4EtFN4OgItBkTfjSIa6D0KtixBWvzzYEKS9TXm7uEDHVZ6MS0o_3uGRTFuJy15-S_JnEFtbzd82s0wFGpRE96yUTi240TMKY8VqMT16q310H39TPkVlo4rWdtMI6gutyGrjq9f5uZnUcSf9WgeCM197mN3sVM9FDuTHK0SF4bEFfBJbtCKEp0JZOUDN3t_urnrZYR99RUjoIPfx9-z_X3N92XgmZFx3lMX37SwD-saiusIKMS_N5TmC-YNDR4e0n3bSbKX9O3bN_zDOjDpHyrwj-_5MTmYl1CSCuKSGY2yFUR0AkhP9GR0FcQrY8SWM9qW7zGjMQDeim0gAjCUKYPmhN1JFnEwMPm5GbL13Zm_us_VW-p4vhz8IBPkBJeYeZ7eBufE01_92Aj_ViaWgproEQwRBalcJzuX12Ql6AiqB5hJpfn7l5syEXEGM15Ih1la9UM=?_z=4943451&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=c71a1ca85d23488abea373322cfb067e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:39 GMT
content-type: image/gif
content-length: 43
x-trace-id: e1135aebdfaa65c9fac2d33bf1f6bad0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
glizauvo.net/impression/t5XjKNmdgc_-eZ6cF3sGn4OtgMD9EGh1F_6Q-Id7SBv3yY3zRKoAF0zTNQ66a4z29mucoaeqrIpftjjmHpIv5yZ674A7MdTYkCOTYmaKoNGr5n0z3ex1NKxv6Gntq6t9PmC4ZCErryqAJlg2_gVXWOCK8zBgnDNo1R2qRXcbAy5VItRYQ9j8sM4QSpAH58QOkuBmFQakEEX5lAu8PtN1tNef6QCVydmQIeXkLwzs5EjwZj2WP9JBg2lYzUVg2xVzWlLfxBc3cslmKc_7WeE6YBTagBM9JLBbadkYvsRV0fAflNzKsGKJVeQPGOaemTciSXNkHzwIiVJjgsDvaPaGWTVwruUt-GKr-o-nictJbu5LmRsFzECRmbfLOx7nbNddt0p6V6_CMihAVNoCkv3SHfE9pndaTAD3bBVM-5KfyR46TJ4YQ5d7450LpzsTVAzX6B9e9HGw_BThc9J8fpQzudA_GqAP5afoYBw91doLCiyI-X-Ef0b5gcA3t6uIsk0kdZ7Tn9-Bzul7YBDk6rKg3YRJ_2q3WM4J6pEZCwiq_xPbkp5snfqkmh3NA81RG2KtI66fKxvlrbVUpcCXvl_5JMa9FEg=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 43 B URL HTTP/2 glizauvo.net/impression/t5XjKNmdgc_-eZ6cF3sGn4OtgMD9EGh1F_6Q-Id7SBv3yY3zRKoAF0zTNQ66a4z29mucoaeqrIpftjjmHpIv5yZ674A7MdTYkCOTYmaKoNGr5n0z3ex1NKxv6Gntq6t9PmC4ZCErryqAJlg2_gVXWOCK8zBgnDNo1R2qRXcbAy5VItRYQ9j8sM4QSpAH58QOkuBmFQakEEX5lAu8PtN1tNef6QCVydmQIeXkLwzs5EjwZj2WP9JBg2lYzUVg2xVzWlLfxBc3cslmKc_7WeE6YBTagBM9JLBbadkYvsRV0fAflNzKsGKJVeQPGOaemTciSXNkHzwIiVJjgsDvaPaGWTVwruUt-GKr-o-nictJbu5LmRsFzECRmbfLOx7nbNddt0p6V6_CMihAVNoCkv3SHfE9pndaTAD3bBVM-5KfyR46TJ4YQ5d7450LpzsTVAzX6B9e9HGw_BThc9J8fpQzudA_GqAP5afoYBw91doLCiyI-X-Ef0b5gcA3t6uIsk0kdZ7Tn9-Bzul7YBDk6rKg3YRJ_2q3WM4J6pEZCwiq_xPbkp5snfqkmh3NA81RG2KtI66fKxvlrbVUpcCXvl_5JMa9FEg=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/t5XjKNmdgc_-eZ6cF3sGn4OtgMD9EGh1F_6Q-Id7SBv3yY3zRKoAF0zTNQ66a4z29mucoaeqrIpftjjmHpIv5yZ674A7MdTYkCOTYmaKoNGr5n0z3ex1NKxv6Gntq6t9PmC4ZCErryqAJlg2_gVXWOCK8zBgnDNo1R2qRXcbAy5VItRYQ9j8sM4QSpAH58QOkuBmFQakEEX5lAu8PtN1tNef6QCVydmQIeXkLwzs5EjwZj2WP9JBg2lYzUVg2xVzWlLfxBc3cslmKc_7WeE6YBTagBM9JLBbadkYvsRV0fAflNzKsGKJVeQPGOaemTciSXNkHzwIiVJjgsDvaPaGWTVwruUt-GKr-o-nictJbu5LmRsFzECRmbfLOx7nbNddt0p6V6_CMihAVNoCkv3SHfE9pndaTAD3bBVM-5KfyR46TJ4YQ5d7450LpzsTVAzX6B9e9HGw_BThc9J8fpQzudA_GqAP5afoYBw91doLCiyI-X-Ef0b5gcA3t6uIsk0kdZ7Tn9-Bzul7YBDk6rKg3YRJ_2q3WM4J6pEZCwiq_xPbkp5snfqkmh3NA81RG2KtI66fKxvlrbVUpcCXvl_5JMa9FEg=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=c71a1ca85d23488abea373322cfb067e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:39 GMT
content-type: image/gif
content-length: 43
x-trace-id: 6f8eeff9af1f14f1cd91baa0c607345b
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
oaphoace.net/impression/B4IaKSQAv6k39DIoVWxFcJYkV4Eejv-uragsNHQZPYDzNtgpNuC2Q5TRe0WqtngLZQN5iIRpE_81fEFR21cCzUiv0n-OViFFX7b-Te66rfjXBjhdIf7fl6q-j3cyOLKsPmDqJl7T3rIbSuXXocvBCNj91m3IA8V6h7R15zbq_Qp0HDRmAPp_2FmSt72aAnXryYtjW_vBJtkHAbQ5HFmrFkTxIK217CnDBKMNvHg1zEr-w6AEIh0jycoefjyd0g9Eri7PqvibG1oKbjDV4e4y_E_XtS_BOIYk3FV_fyiYxMO1nTbFuSMDmk7ABciu7NSwmQWwCuBxSw4b9If3XV06iFU_XHjpEqCNuQysw4S9XSIG4Qv8lNP9pLm2V30LDEkOUOf7iRbCG8UJccGFbAzNU39zeIcM_YkmdkX_R62uSqw1e3AJO3LNNGNi7B_48-y9W4Q3KY5AkzpcBom98VJ9q0QhBbP8GFb1dE4Um-u2432qVyCcuy7GqrJhCvQFGk4-lL-_AsYug7JKRkTS-B6EjKN_9ncvmV9438sx3wWUB9xjEgkxTALYnBsUz8_R1oykaEo0daYwAewcaMQMJyzUI3D5R3I=?_z=5293715&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 oaphoace.net/impression/B4IaKSQAv6k39DIoVWxFcJYkV4Eejv-uragsNHQZPYDzNtgpNuC2Q5TRe0WqtngLZQN5iIRpE_81fEFR21cCzUiv0n-OViFFX7b-Te66rfjXBjhdIf7fl6q-j3cyOLKsPmDqJl7T3rIbSuXXocvBCNj91m3IA8V6h7R15zbq_Qp0HDRmAPp_2FmSt72aAnXryYtjW_vBJtkHAbQ5HFmrFkTxIK217CnDBKMNvHg1zEr-w6AEIh0jycoefjyd0g9Eri7PqvibG1oKbjDV4e4y_E_XtS_BOIYk3FV_fyiYxMO1nTbFuSMDmk7ABciu7NSwmQWwCuBxSw4b9If3XV06iFU_XHjpEqCNuQysw4S9XSIG4Qv8lNP9pLm2V30LDEkOUOf7iRbCG8UJccGFbAzNU39zeIcM_YkmdkX_R62uSqw1e3AJO3LNNGNi7B_48-y9W4Q3KY5AkzpcBom98VJ9q0QhBbP8GFb1dE4Um-u2432qVyCcuy7GqrJhCvQFGk4-lL-_AsYug7JKRkTS-B6EjKN_9ncvmV9438sx3wWUB9xjEgkxTALYnBsUz8_R1oykaEo0daYwAewcaMQMJyzUI3D5R3I=?_z=5293715&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/B4IaKSQAv6k39DIoVWxFcJYkV4Eejv-uragsNHQZPYDzNtgpNuC2Q5TRe0WqtngLZQN5iIRpE_81fEFR21cCzUiv0n-OViFFX7b-Te66rfjXBjhdIf7fl6q-j3cyOLKsPmDqJl7T3rIbSuXXocvBCNj91m3IA8V6h7R15zbq_Qp0HDRmAPp_2FmSt72aAnXryYtjW_vBJtkHAbQ5HFmrFkTxIK217CnDBKMNvHg1zEr-w6AEIh0jycoefjyd0g9Eri7PqvibG1oKbjDV4e4y_E_XtS_BOIYk3FV_fyiYxMO1nTbFuSMDmk7ABciu7NSwmQWwCuBxSw4b9If3XV06iFU_XHjpEqCNuQysw4S9XSIG4Qv8lNP9pLm2V30LDEkOUOf7iRbCG8UJccGFbAzNU39zeIcM_YkmdkX_R62uSqw1e3AJO3LNNGNi7B_48-y9W4Q3KY5AkzpcBom98VJ9q0QhBbP8GFb1dE4Um-u2432qVyCcuy7GqrJhCvQFGk4-lL-_AsYug7JKRkTS-B6EjKN_9ncvmV9438sx3wWUB9xjEgkxTALYnBsUz8_R1oykaEo0daYwAewcaMQMJyzUI3D5R3I=?_z=5293715&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=c71a1ca85d23488abea373322cfb067e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:39 GMT
content-type: image/gif
content-length: 43
x-trace-id: c0a13cf754a5b1e2304acb72d201a921
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dozubatan.com/impression/NTNDREnT4z-tZQStgqkhkfBBz5K3enjUVC53PDGxCTiSnpwQfIS8f9EaxBwqUijNSzZD1GOea_P0qBDMwxQhXWwTx0pVleVmPACqs0zju-8LaWhv0EIi_zO7-KwENGNg7Vuwc4qRHYwomh5mRdIeI2jHPvMI-48im5rrFKP5SAP6-RuDYGXk9bi6bww_esYreZoVQat7KNt42BMQxWTUulg9Npmc7Cm63XUhh2wIB7x4c4KZl6n76d5U4MAJuQo0jMnfR5dpiBX7NQiHRSA1R5-F8hjcVZt0i4108y4AVvqWjTAwoi7_9MynbbJgJaTNLqPd2mNQP24iZbHcDdRSlKZMuk8HBftRd_gWzdVIAP3B2m7xIZtBKEo0Iy_7tBunviTGSS3S5Smynr2Mx8xuzFOZXzFm9gFYs0AZ_KMbYh76bXFcfRlrUMw0O9AcH12BTrpXfNBrYZeixfnMoRrgt_hDkeCW61t2wc4aADulD5ERY2kbJxU26097h5w3o0KHfre4NZkxfyp81lXfBcUkbf9r6M7h1rijucr9lzl52UD44gDUIXPOgdn3d_eRGG43mvO5BpnaT62dAZqcnrfQQSdxPwfQjUv763z1rgdcFygUA-H39R_j8NvPYbp_dVCFDiHixrP-lXVk8bzRlPAbZRHjmPFPJX0zKzqIFEdYa5j1t4FBiIo3dB_LxAC5xXSRuV57tZD1CPM=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/NTNDREnT4z-tZQStgqkhkfBBz5K3enjUVC53PDGxCTiSnpwQfIS8f9EaxBwqUijNSzZD1GOea_P0qBDMwxQhXWwTx0pVleVmPACqs0zju-8LaWhv0EIi_zO7-KwENGNg7Vuwc4qRHYwomh5mRdIeI2jHPvMI-48im5rrFKP5SAP6-RuDYGXk9bi6bww_esYreZoVQat7KNt42BMQxWTUulg9Npmc7Cm63XUhh2wIB7x4c4KZl6n76d5U4MAJuQo0jMnfR5dpiBX7NQiHRSA1R5-F8hjcVZt0i4108y4AVvqWjTAwoi7_9MynbbJgJaTNLqPd2mNQP24iZbHcDdRSlKZMuk8HBftRd_gWzdVIAP3B2m7xIZtBKEo0Iy_7tBunviTGSS3S5Smynr2Mx8xuzFOZXzFm9gFYs0AZ_KMbYh76bXFcfRlrUMw0O9AcH12BTrpXfNBrYZeixfnMoRrgt_hDkeCW61t2wc4aADulD5ERY2kbJxU26097h5w3o0KHfre4NZkxfyp81lXfBcUkbf9r6M7h1rijucr9lzl52UD44gDUIXPOgdn3d_eRGG43mvO5BpnaT62dAZqcnrfQQSdxPwfQjUv763z1rgdcFygUA-H39R_j8NvPYbp_dVCFDiHixrP-lXVk8bzRlPAbZRHjmPFPJX0zKzqIFEdYa5j1t4FBiIo3dB_LxAC5xXSRuV57tZD1CPM=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/NTNDREnT4z-tZQStgqkhkfBBz5K3enjUVC53PDGxCTiSnpwQfIS8f9EaxBwqUijNSzZD1GOea_P0qBDMwxQhXWwTx0pVleVmPACqs0zju-8LaWhv0EIi_zO7-KwENGNg7Vuwc4qRHYwomh5mRdIeI2jHPvMI-48im5rrFKP5SAP6-RuDYGXk9bi6bww_esYreZoVQat7KNt42BMQxWTUulg9Npmc7Cm63XUhh2wIB7x4c4KZl6n76d5U4MAJuQo0jMnfR5dpiBX7NQiHRSA1R5-F8hjcVZt0i4108y4AVvqWjTAwoi7_9MynbbJgJaTNLqPd2mNQP24iZbHcDdRSlKZMuk8HBftRd_gWzdVIAP3B2m7xIZtBKEo0Iy_7tBunviTGSS3S5Smynr2Mx8xuzFOZXzFm9gFYs0AZ_KMbYh76bXFcfRlrUMw0O9AcH12BTrpXfNBrYZeixfnMoRrgt_hDkeCW61t2wc4aADulD5ERY2kbJxU26097h5w3o0KHfre4NZkxfyp81lXfBcUkbf9r6M7h1rijucr9lzl52UD44gDUIXPOgdn3d_eRGG43mvO5BpnaT62dAZqcnrfQQSdxPwfQjUv763z1rgdcFygUA-H39R_j8NvPYbp_dVCFDiHixrP-lXVk8bzRlPAbZRHjmPFPJX0zKzqIFEdYa5j1t4FBiIo3dB_LxAC5xXSRuV57tZD1CPM=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=c71a1ca85d23488abea373322cfb067e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:39 GMT
content-type: image/gif
content-length: 43
x-trace-id: 8f5fee5ff0a7e175b6787f017b2b615e
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dozubatan.com/500/4938388?excludes=14745758&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4938388?excludes=14745758&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4938388?excludes=14745758&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:39 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
glizauvo.net/500/5293711?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 0 B URL HTTP/2 glizauvo.net/500/5293711?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5293711?excludes=&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=979c211f00594a7ea324c34544fa3634
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:35 GMT
content-type: application/javascript
x-trace-id: 996a52afbafd4f5f0094518d0fa2a477
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=c71a1ca85d23488abea373322cfb067e; expires=Sat, 09 Sep 2023 06:38:35 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/css/style.css
172.67.183.56200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/css/style.css
IP 172.67.183.56:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: text/css
last-modified: Mon, 31 Jan 2022 14:46:40 GMT
etag: W/"61f7f650-2516"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ptxl3Z7ItyYpJGzPMeM3YtK086FrmvlhgJw6DFd1UDHIns1CqJmkTHnXWFhH2V%2BzQKcx0jCckascQBfawfYC846X3EHawWP%2B9AhdhWn7j6UOEZz4ZFFvqgZ%2BlyBqNFtGfug%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec040aa20b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.425.0
139.45.197.234200 OK 0 B URL HTTP/2 bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.425.0
IP 139.45.197.234:0
GET /5/4938391/?oo=1&js_build=iclick-v1.425.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/json
x-trace-id: d0f76b23467dbda1dd7f9cb3921f0fb2
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=53842e4cc0f5494eab0a6cc48998e2d1; expires=Sat, 09 Sep 2023 06:38:34 GMT; path=/; secure; SameSite=None
oaidts=1662705514; expires=Sat, 09 Sep 2023 06:38:34 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/js/script.js
172.67.183.56200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/js/script.js
IP 172.67.183.56:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: application/javascript
last-modified: Fri, 21 May 2021 10:10:50 GMT
etag: W/"60a7872a-2c7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JU3khNvS5LOtw0aorl4JQa%2BiPEXfvgvwpXsUo8140%2Fn4AQ72ratT6xq1O1%2ByoBuFQr5PsJWJfaY4GZRh2ikn69xvvb%2FJ4oyUVPLmed2z6bj58tKD1Z0W0Tv4ueEnix3ct8E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec04bb300b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/index.html
104.26.7.19200 OK 0 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/index.html
IP 104.26.7.19:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 14:12:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dC3hJpCMe%2BWbf5g%2BAl0%2Byn5DJBQocQrDK0Lj6YWrAT3FrsxAKegC3FiJEnvZC%2FKQI3%2FmeK8cvoW4ZLOa%2FgQ1JwlsieN4hXNEzmOAMZo2tkK84VGOZVtJErOyOMZC5U6%2BPNZ%2FoI4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec000e001c0e-OSL
content-encoding: br
X-Firefox-Spdy: h2
oaphoace.net/401/5293715
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5293715 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/javascript
x-trace-id: 1f58224c6e93b6a3f26e588e2da9737d
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=e8c0da0b6f9e49afb45ee7e1a2d49e4f; expires=Sat, 09 Sep 2023 06:38:34 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/css/animate.css
172.67.183.56200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/css/animate.css
IP 172.67.183.56:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: text/css
last-modified: Fri, 21 May 2021 10:10:46 GMT
etag: W/"60a78726-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9XC%2BxTzVezD676gzZ%2FKIrZUz4BykxaQZqTpN04G91VoZ4EWoDVQBOE7b55yu4RcJR7mtSB3BtKBtpnj4RPCNZ03PKtoxxbUCP%2FSRd8t8gxHWbEi%2FO8e02VEMD88PY4aZXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec040aa50b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dozubatan.com/500/4938388?excludes=14745758&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4938388?excludes=14745758&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/4938388?excludes=14745758&oaid=c71a1ca85d23488abea373322cfb067e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2Ftk8VS1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=c71a1ca85d23488abea373322cfb067e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 06:38:39 GMT
content-type: application/javascript
x-trace-id: 3b4a417abb4304f4cdd8fa39539af34f
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=c71a1ca85d23488abea373322cfb067e; expires=Sat, 09 Sep 2023 06:38:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/js/jquery.min.js
172.67.183.56200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/js/jquery.min.js
IP 172.67.183.56:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/js/jquery.min.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:36 GMT
content-type: application/javascript
last-modified: Fri, 21 May 2021 10:10:50 GMT
etag: W/"60a7872a-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3184458
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5RBsVDIaC7L8HvJhz3kEbNWVUKqle5YG6itzGVmjjPTAHAbTBAEFlcFoKeq9iuf%2BlLnitfhRcN0kwYVvBP3WLhyPWfFD%2BkAAcc3W0ONOvEbHyLIwH68BSRpqWQcEf3WOrz0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747dec045af10b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.205.240200 OK 0 B IP 172.67.205.240:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 06:38:34 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 13:22:43 GMT
etag: W/"6319eca3-7f9d"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2060
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2FlqxGy7HDXF9pFSm%2F9U%2B7oT4Hg4wX3cDlFdw9JBN0FdAAB0H8xez9ad6lv5AChIjdLo0XWOuhVOXGKvWITIKX2xUUqjd%2B0yqEJ2le%2BwUz4IOVfNxirK2mIPjscU9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 747debf88edfb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2