melishaccesories.de/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq
5.8.47.55301 Moved Permanently 178 B URL HTTP/1.1 melishaccesories.de/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq
IP 5.8.47.55:0
ASN #209813 Fast Content Delivery LTD
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq HTTP/1.1
Host: melishaccesories.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 26 Oct 2022 08:46:42 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://melishaccesories.de/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e36c852b5e145f2f09fe73111fb162e1
e439c6a462f86a3003d6464a8b9999b1c4d1e210
52a721168d0c41cb0854ff8c730fce3b79db2e804b383238e95ff1401922bd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52A721168D0C41CB0854FF8C730FCE3B79DB2E804B383238E95FF1401922BD74"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2581
Expires: Wed, 26 Oct 2022 09:29:44 GMT
Date: Wed, 26 Oct 2022 08:46:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c2bba4cad162918b17858b60e909e4d9
d9a1d4f7fb7635ab233ebbf776e6de1a2857032b
3a1d27ec3d034d6326b32f6054b6be46079a86a33e75d5a2a3796a0c4c5eadab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6559
Cache-Control: max-age=95627
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 08:46:43 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 11:20:30 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c2bba4cad162918b17858b60e909e4d9
d9a1d4f7fb7635ab233ebbf776e6de1a2857032b
3a1d27ec3d034d6326b32f6054b6be46079a86a33e75d5a2a3796a0c4c5eadab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6350
Cache-Control: max-age=95418
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 08:46:43 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 11:17:01 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8db408c487f7d35bba323046736e8d3a
01b91e2dce7c6d3de9adfe6ff4d38f9b24ab7db0
9aeafc72c1a969243e1fc96f68ce18888034a749ee70582208bf814bd40b61a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9475
Expires: Wed, 26 Oct 2022 11:24:38 GMT
Date: Wed, 26 Oct 2022 08:46:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Alt-Used: 0
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 26 Oct 2022 08:41:36 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 307
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: u0cQ8AwHV8o6FXZtKAw/jGL9d1/H0XMy+6v3yBGm/ZTDFJsgmxQeFZzoTPX571LjrsyGdSjJQG4=
x-amz-request-id: CCGCV27S2P0KMPNX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 26 Oct 2022 08:39:08 GMT
age: 455
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 08:46:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 067d578f397d5da6f38c325220868f6f
d00b683d16f9b06787cfd7c8c72cc13e511047ab
de39896c555c991fcbabfd0bb1fecee328ee8d0c83c7841b6c3509b901750f03
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE39896C555C991FCBABFD0BB1FECEE328EE8D0C83C7841B6C3509B901750F03"
Last-Modified: Tue, 25 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15134
Expires: Wed, 26 Oct 2022 12:58:57 GMT
Date: Wed, 26 Oct 2022 08:46:43 GMT
Connection: keep-alive
melishaccesories.de/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq
5.8.47.55200 OK 90 kB URL HTTP/1.1 melishaccesories.de/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq
IP 5.8.47.55:0
ASN #209813 Fast Content Delivery LTD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62479), with CRLF line terminators
Hash dd303d3353e975aa5384d91f6ad18638
364a6559e388b21ea6d3aa475c5445ddbbfe6ebb
1f0f010f1e560e8cf4daca7653939834d6629263734491435eb4a1200ee0f94f
GET /?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq HTTP/1.1
Host: melishaccesories.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:43 GMT
Content-Type: text/html
Content-Length: 90143
Connection: keep-alive
set-cookie: sid=t4~j31eljxhx3kaveya2lupbwie; path=/
sid=t4~j31eljxhx3kaveya2lupbwie; path=/
p1=https://lidgainoff.link/edksvnen/; path=/
s1=mntc7zcky41srewt; path=/
cache-control: private, no-transform
melishaccesories.de/media/mainstream/frame.html
5.8.47.55200 OK 39 B URL HTTP/1.1 melishaccesories.de/media/mainstream/frame.html
IP 5.8.47.55:0
ASN #209813 Fast Content Delivery LTD
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 086707e4369f60afedcafb16050a7618
8216b0cc6876cbd44f01c158e7dff3833ceccd41
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
GET /media/mainstream/frame.html HTTP/1.1
Host: melishaccesories.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://melishaccesories.de/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq
Cookie: sid=t4~j31eljxhx3kaveya2lupbwie; p1=https://lidgainoff.link/edksvnen/; s1=mntc7zcky41srewt
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:43 GMT
Content-Type: text/html
Content-Length: 39
Connection: keep-alive
Last-Modified: Wed, 19 May 2021 13:17:43 GMT
Vary: Accept-Encoding
ETag: "60a50ff7-27"
Cache-Control: no-transform
Accept-Ranges: bytes
melishaccesories.de/favicon.ico
5.8.47.55200 OK 0 B URL HTTP/1.1 melishaccesories.de/favicon.ico
IP 5.8.47.55:0
ASN #209813 Fast Content Delivery LTD
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: melishaccesories.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://melishaccesories.de/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq
Cookie: sid=t4~j31eljxhx3kaveya2lupbwie; p1=https://lidgainoff.link/edksvnen/; s1=mntc7zcky41srewt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:43 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
last-modified: Sat, 06 Jun 2020 22:52:46 GMT
accept-ranges: bytes
etag: "e2e33b32553cd61:0"
Cache-Control: no-transform
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 518ff04fd536958e285cf07aaf4a2786
fa5dad2391c2a9957340bd629f0462db4f412a5c
608c78964412d5dc7025e9cbfaef345d448a29eae0f11257c49a41f274917b9a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4509
Cache-Control: max-age=88514
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 08:46:43 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 09:21:57 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.187.102.159101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.102.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: P/jWr90YNeq6HojtToTyYA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: M1poSLuzvY3JzUes5I8KrqiRkp4=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2d42e0ccc69660fc7c3281473b8de980
04cb7a7d59218360211891c5ede059e2834232ec
be4ceca35023d124962e27eb4daec2b15376bbbe01e7271d6e51726d261502f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE4CECA35023D124962E27EB4DAEC2B15376BBBE01E7271D6E51726D261502F5"
Last-Modified: Tue, 25 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9654
Expires: Wed, 26 Oct 2022 11:27:38 GMT
Date: Wed, 26 Oct 2022 08:46:44 GMT
Connection: keep-alive
268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
54.36.116.88200 OK 21 kB URL HTTP/1.1 268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
IP 54.36.116.88:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (841), with CRLF line terminators
Hash 51fcb46d907026f7267ca5bf6786e67b
ffbf41cfe558230af7dd3f5acc15fd3614facf21
11ac8b88d1048a11c54783996abd7cdaf7d2d3fb7d08a466d5e63356f3a59f4c
Analyzer Verdict Alert quad9 Sinkholed
GET /edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://melishaccesories.de/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: text/html
Content-Length: 21328
Connection: keep-alive
cache-control: private, no-transform
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js
151.101.85.229200 OK 22 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (65297)
Hash b42d5b84d4ed3ea8e741d1f01f76eae5
d788cb207310f1be23336afa14e3dd481ab506a6
a9ac86748302a43acb528cfca2913be33dee6dde7c811cdc71ae60da67b717ae
GET /npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"1332b-JlpzPLf7xIH9JRCmWaha1VyTyJU"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 26 Oct 2022 08:46:44 GMT
age: 1331110
x-served-by: cache-fra19165-FRA, cache-bma1622-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 22291
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 19132f29a8811a10f90eca2d81e5deb8
3b9e0bbf9f40f46b57dad5567b008e58b5770565
708aeab241760b108d60c1462b1979e59cf473242222e9270705ba70642b04f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 08:46:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
142.250.74.170200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (65451)
Hash 903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 20:15:10 GMT
expires: Sun, 22 Oct 2023 20:15:10 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
age: 304294
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 41c041afa0fdeb7a537807c206f0d0a5
10ebc4336cec7e9782afadffd03a101597f23781
b0715be5cfd70614c5def0d258eb0b804c5f80d8c37b5b36ba4a3ed3aa6a80ad
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "F97A1AD1FF10FEFF62DD8F0E0B591AC9652A4D80"
Expires: Wed, 26 Oct 2022 19:00:00 GMT
Last-Modified: Wed, 26 Oct 2022 07:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1220
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7601ec5a2ba5b4fa-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 19132f29a8811a10f90eca2d81e5deb8
3b9e0bbf9f40f46b57dad5567b008e58b5770565
708aeab241760b108d60c1462b1979e59cf473242222e9270705ba70642b04f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 08:46:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
268.lidgainoff.link/media/mainstream/all/ab/no/2.js
54.36.116.88200 OK 416 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/no/2.js
IP 54.36.116.88:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 9075531370b86e49402928b23fc26c0e
b88fc53cd5ef41285a5c1be4b1aecc1a54a7ce0e
31e764b82e550f1e27b814ac8047f8832da32e4a3d7045043f8de1e312112ca3
Analyzer Verdict Alert urlquery Scam / Brand infringement
quad9 Sinkholed
GET /media/mainstream/all/ab/no/2.js HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: application/javascript
Content-Length: 416
Connection: keep-alive
Last-Modified: Mon, 19 Jul 2021 15:30:43 GMT
Vary: Accept-Encoding
ETag: "60f59aa3-1a0"
Cache-Control: no-transform
Accept-Ranges: bytes
268.lidgainoff.link/media/mainstream/all/ab/like.png
54.36.116.88200 OK 357 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/like.png
IP 54.36.116.88:0
File type PNG image data, 15 x 14, 8-bit colormap, non-interlaced\012- data
Hash 17586a0aeb3f7b2aa7fb15a9251fbcd4
6adffad1183c93bc0dc114c89c77365734ec0dd6
8bf8dc3a4b6f7e4fa2a6fa74495c212f37a301311980cbc758050993ed9c07e1
Analyzer Verdict Alert urlquery Scam / Brand infringement
quad9 Sinkholed
GET /media/mainstream/all/ab/like.png HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/png
Content-Length: 357
Connection: keep-alive
Last-Modified: Thu, 08 Jul 2021 14:13:27 GMT
Vary: Accept-Encoding
ETag: "60e70807-165"
Cache-Control: no-transform
Accept-Ranges: bytes
268.lidgainoff.link/media/mainstream/all/ab/fr11.jpg
54.36.116.88200 OK 3.6 kB URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/fr11.jpg
IP 54.36.116.88:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3\012- data
Hash 3f7b7c5c292ba28e148e577ae0d4263b
f773352d3f827e1addaf2f1fc51bfbe047038309
dd2daa0b54d5e405ae57c345ab8792b4dce1e00b4d6d7810ca382afad4ef2891
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/fr11.jpg HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/jpeg
Connection: close
Last-Modified: Thu, 08 Jul 2021 14:13:25 GMT
Vary: Accept-Encoding
ETag: W/"60e70805-c55"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/fr6.jpg
54.36.116.88200 OK 3.3 kB URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/fr6.jpg
IP 54.36.116.88:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3\012- data
Hash f57eebd5a9620c8008104f49b1676b4c
b3737db2bd7135be0ada494105fcbcc12bc287c5
809086aa37599a1a08455493d53160f4c1ba933568d5c96580e44532ba2e2da6
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/fr6.jpg HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/jpeg
Connection: close
Last-Modified: Thu, 08 Jul 2021 14:13:26 GMT
Vary: Accept-Encoding
ETag: W/"60e70806-afe"
Content-Encoding: br
Cache-Control: no-transform
fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
216.58.207.195200 OK 9.1 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 9132, version 1.0\012- data
Hash 358d3070946a90b4960cd111154fdc12
a0ba0bf47a7f905f9aa1a3ce15a39cdac62466ee
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
GET /s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://268.lidgainoff.link
Connection: keep-alive
Referer: https://268.lidgainoff.link/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9132
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 01:28:19 GMT
expires: Sun, 22 Oct 2023 01:28:19 GMT
cache-control: public, max-age=31536000
age: 371906
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e4f7139b125683bac76c2b5638a1a643
2f84ea7104d659754e5962f88f504a7189f6f914
c9c550489201a92e8bbe162bca49d4aa6b21fa22b254a6a29502186423b3b579
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 08:46:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
268.lidgainoff.link/media/mainstream/all/ab/fr2.jpg
54.36.116.88200 OK 3.2 kB URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/fr2.jpg
IP 54.36.116.88:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3\012- data
Hash 94dcd7e17002d5d85be7d03d0a1e8a21
3a84e73bd25f7544df36f49754a56eae6716899d
9f875ef0f3749019e72f4e1dfb6c89ef35aff6d8f9b7ca7f76914c76209e143b
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/fr2.jpg HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/jpeg
Connection: close
Last-Modified: Thu, 08 Jul 2021 14:13:26 GMT
Vary: Accept-Encoding
ETag: W/"60e70806-aff"
Content-Encoding: br
Cache-Control: no-transform
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 358ecd0ec047d700042e2a62f9847199
7bf4c552f47536fe451dc6ccfb0930c592084ef9
e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2300
Expires: Wed, 26 Oct 2022 09:25:05 GMT
Date: Wed, 26 Oct 2022 08:46:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 358ecd0ec047d700042e2a62f9847199
7bf4c552f47536fe451dc6ccfb0930c592084ef9
e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2300
Expires: Wed, 26 Oct 2022 09:25:05 GMT
Date: Wed, 26 Oct 2022 08:46:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b946c4f2f177828cf7b76c5764e97157
c3856686b98e1883133aa1824c496d34512769a0
be818a015fc9c745ea561a0b9c2aca6ba25ade24acd696fa651163d47b195371
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13796
x-amzn-requestid: 90b1e032-78c6-499d-b564-f25c15e20304
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2OG0SoAMFx-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568e-599d0f526fc6a01f77b67dcf;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qxBQMJAnYNJVLBf5LSOTC7v3hPl9sh-G-OIqrK7d5KpdVITaQCcGMA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:47:18 GMT
age: 39567
etag: "c3856686b98e1883133aa1824c496d34512769a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc71e44d1-f914-4275-89fb-d23dd55d6827.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc71e44d1-f914-4275-89fb-d23dd55d6827.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 31b4aeea1b2ae94ffa8c30670ae59c76
4fa5babe829c0a1d1666bea9962ab15898fdee06
4bf0180c987d1387746c0feebf244f3599a1e92e7e785bf50139158297956ac8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc71e44d1-f914-4275-89fb-d23dd55d6827.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9452
x-amzn-requestid: 6919dfeb-fcaa-4a8c-8314-1c1f5ea02d6b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ajLO3FAeIAMFbtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63578bf8-0364907e17f894504adf64bf;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 07:10:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NWg0cuQafdGfaKgypa0lUvJybQPS1XUMajdLc13AzxSUxjghMxnRzQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 05:44:16 GMT
age: 10949
etag: "4fa5babe829c0a1d1666bea9962ab15898fdee06"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f8e8b2-cbee-42dd-a8d8-d4165e9a97ae.jpeg
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f8e8b2-cbee-42dd-a8d8-d4165e9a97ae.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6dbedb2a47310dcc21ddb2f9c15ca08a
aa1c7300ce49a977fc7ed17534d48c04ec8c34fc
dc4edcfaa03bcccfd66cdacba33167877be7b0b746b9028fe9d82d71feefed2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f8e8b2-cbee-42dd-a8d8-d4165e9a97ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3695
x-amzn-requestid: 969f155c-e60f-4ecc-bdc8-29e85a803c46
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alK9KEvqIAMFf4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585854-116ea1e74504dd416825d1ec;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:42:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: SDTaQGxFhSOc7XaFxoZzpo_z_BtH_F_K5pkIeLB4qo8KdJM5r_Ldqg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:21 GMT
age: 39444
etag: "aa1c7300ce49a977fc7ed17534d48c04ec8c34fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae122c0f-a41b-4abc-a703-a5de223ae39a.png
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae122c0f-a41b-4abc-a703-a5de223ae39a.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db946866312c734e0c5f91ca76255b2f
e8b8236baab9106a426a415eb01494cc4cc91ad1
a695e7bc87da2c6d9f5669c09e662fe22982e69cb139466efa5093429fe19866
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae122c0f-a41b-4abc-a703-a5de223ae39a.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8439
x-amzn-requestid: e0eed725-0725-4f5a-9c91-fec13ad0ebe5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ajKYQGWhIAMFdhw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63578a9b-2a0115120e75f5271cea992f;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 07:04:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: WVz4PqWqT9Pk1juQ95Xzi-7HcEDBqKb5VAncjXxOYFfKTnjRbmodoA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 04:44:59 GMT
age: 14506
etag: "e8b8236baab9106a426a415eb01494cc4cc91ad1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91ee720c15dc69de45080d0c951353af
5292b31a99d90bcb7071f327b93d52034bdf9dcb
7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OV7g4Y4fcQGijljebzHQtnpKdcPKw6LTxqORxxBJL2lFPYQLLoyNuQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 00:34:40 GMT
age: 29525
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F710265b5-7594-45dd-ae3b-49cf84887c51.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F710265b5-7594-45dd-ae3b-49cf84887c51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 656b64fb178a96cdeab7d54d0d3df5ba
f628269fc4ba16b1c4b11a8bc965a7dba93755cb
eb1126cfc2a686ea8d845a4898d904a133ff3284578f3a42a45fe01138df6c8c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F710265b5-7594-45dd-ae3b-49cf84887c51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7971
x-amzn-requestid: d7e1e331-09cc-4bdd-83a3-594b65e50d79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alK-TEWXIAMFoCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358585b-6e2c04ed0d36eea85de94a22;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:42:51 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XHxcZGaZvSBzOOUBp85RIirtQl05uAQ-b-Lzy0LOjav3avtSzXPPIA==
via: 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:21 GMT
age: 39444
etag: "f628269fc4ba16b1c4b11a8bc965a7dba93755cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
268.lidgainoff.link/media/mainstream/all/ab/box_closed.png
54.36.116.88200 OK 5.8 kB URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/box_closed.png
IP 54.36.116.88:0
File type PNG image data, 258 x 184, 8-bit colormap, non-interlaced\012- data
Hash e0684f72b63b8e8f68d231b5cc417690
f4c3edc7f6e4ceda417fe90986672a26bbdcdc1b
1f1ce0db483f5fa2ec3d574f1ee1af36b55c71f64bdac906642ddb1bea7e119a
Analyzer Verdict Alert urlquery Scam / Brand infringement
quad9 Sinkholed
GET /media/mainstream/all/ab/box_closed.png HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/png
Connection: close
Last-Modified: Thu, 08 Jul 2021 14:13:24 GMT
Vary: Accept-Encoding
ETag: W/"60e70804-16cc"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/flag-icon/flags/1x1/no.svg
54.36.116.88200 OK 331 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/flag-icon/flags/1x1/no.svg
IP 54.36.116.88:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash d748f0d9f64c0ca1a40a0f6ec6bbb746
a76adb95e9ea9a737c72e4640b8d49b9e28cbb38
bdfbd626e4e76d0dc506e10be7dd429e4c4da684986cbd45e5398f1e9e1f28cc
Analyzer Verdict Alert urlquery Scam / Brand infringement
quad9 Sinkholed
GET /media/mainstream/flag-icon/flags/1x1/no.svg HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/media/mainstream/flag-icon/css/flag-icon.css
Cookie: cookie1=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/svg+xml
Content-Length: 331
Connection: keep-alive
Last-Modified: Wed, 19 May 2021 13:17:22 GMT
Vary: Accept-Encoding
ETag: "60a50fe2-14b"
Cache-Control: no-transform
Accept-Ranges: bytes
268.lidgainoff.link/media/mainstream/all/ab/box_open.png
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/box_open.png
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/box_open.png HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/png
Connection: close
Last-Modified: Thu, 08 Jul 2021 14:13:24 GMT
Vary: Accept-Encoding
ETag: W/"60e70804-a7d"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/alert.mp3
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/alert.mp3
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/alert.mp3 HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Cookie: cookie1=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: audio/mpeg
Connection: close
Last-Modified: Wed, 19 May 2021 13:13:55 GMT
Vary: Accept-Encoding
ETag: W/"60a50f13-2262"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/2008_1.js
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/2008_1.js
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/2008_1.js HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: application/javascript
Connection: close
Last-Modified: Sun, 21 Aug 2022 11:54:17 GMT
Vary: Accept-Encoding
ETag: W/"63021ce9-39a7"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/2008.css
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/2008.css
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/2008.css HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: text/css
Connection: close
Last-Modified: Sun, 21 Aug 2022 12:32:12 GMT
Vary: Accept-Encoding
ETag: W/"630225cc-542a"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/box-iphone13pro.png
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/box-iphone13pro.png
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/box-iphone13pro.png HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: image/png
Connection: close
Last-Modified: Mon, 11 Oct 2021 16:58:52 GMT
Vary: Accept-Encoding
ETag: W/"61646d4c-d95"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/iphone13pro.png
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/iphone13pro.png
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/iphone13pro.png HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/png
Connection: close
Last-Modified: Mon, 11 Oct 2021 16:58:52 GMT
Vary: Accept-Encoding
ETag: W/"61646d4c-7200"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/fr4.jpg
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/fr4.jpg
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/fr4.jpg HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/jpeg
Connection: close
Last-Modified: Mon, 19 Jul 2021 16:41:49 GMT
Vary: Accept-Encoding
ETag: W/"60f5ab4d-10d3"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/fr1.jpg
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/fr1.jpg
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/fr1.jpg HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/jpeg
Connection: close
Last-Modified: Thu, 08 Jul 2021 14:13:25 GMT
Vary: Accept-Encoding
ETag: W/"60e70805-b7b"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/top_red.png
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/top_red.png
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/top_red.png HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/png
Connection: close
Last-Modified: Sun, 27 Jun 2021 23:25:02 GMT
Vary: Accept-Encoding
ETag: W/"60d908ce-11d0"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/fr3.jpg
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/fr3.jpg
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/fr3.jpg HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/jpeg
Connection: close
Last-Modified: Thu, 08 Jul 2021 14:13:26 GMT
Vary: Accept-Encoding
ETag: W/"60e70806-e11"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/muti_iphone13pro.png
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/muti_iphone13pro.png
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/muti_iphone13pro.png HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/png
Connection: close
Last-Modified: Mon, 11 Oct 2021 16:58:52 GMT
Vary: Accept-Encoding
ETag: W/"61646d4c-67e4"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/2008_2.css
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/2008_2.css
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/2008_2.css HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: text/css
Connection: close
Last-Modified: Sun, 21 Aug 2022 15:13:38 GMT
Vary: Accept-Encoding
ETag: W/"63024ba2-1f21"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/sound.js
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/sound.js
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/sound.js HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: application/javascript
Connection: close
Last-Modified: Fri, 02 Jul 2021 23:05:00 GMT
Vary: Accept-Encoding
ETag: W/"60df9b9c-1396"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/u.js
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/u.js
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/u.js HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: application/javascript
Connection: close
Last-Modified: Fri, 15 Jul 2022 22:33:08 GMT
Vary: Accept-Encoding
ETag: W/"62d1eb24-6259"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/2008_3.js
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/2008_3.js
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/2008_3.js HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: application/javascript
Connection: close
Last-Modified: Sun, 21 Aug 2022 11:54:17 GMT
Vary: Accept-Encoding
ETag: W/"63021ce9-1d39"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/icon.js
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/icon.js
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/icon.js HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: application/javascript
Connection: close
Last-Modified: Fri, 02 Jul 2021 23:04:10 GMT
Vary: Accept-Encoding
ETag: W/"60df9b6a-19aa"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/flag-icon/css/flag-icon.css
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/flag-icon/css/flag-icon.css
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/flag-icon/css/flag-icon.css HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:44 GMT
Content-Type: text/css
Connection: close
Last-Modified: Wed, 19 May 2021 13:17:10 GMT
Vary: Accept-Encoding
ETag: W/"60a50fd6-9b7e"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/x1.png
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/x1.png
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/x1.png HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/png
Connection: close
Last-Modified: Sun, 27 Jun 2021 23:25:02 GMT
Vary: Accept-Encoding
ETag: W/"60d908ce-251"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/fr5.jpg
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/fr5.jpg
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/fr5.jpg HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/jpeg
Connection: close
Last-Modified: Thu, 08 Jul 2021 14:13:26 GMT
Vary: Accept-Encoding
ETag: W/"60e70806-be3"
Content-Encoding: br
Cache-Control: no-transform
268.lidgainoff.link/media/mainstream/all/ab/logo.png
54.36.116.88200 OK 0 B URL HTTP/1.1 268.lidgainoff.link/media/mainstream/all/ab/logo.png
IP 54.36.116.88:0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/all/ab/logo.png HTTP/1.1
Host: 268.lidgainoff.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://268.lidgainoff.link/edksvnen/?u=qdbp60t&o=w7fwgyx&cid=11587959971&t=de_all_uniq&f=1&sid=t4~j31eljxhx3kaveya2lupbwie&fp=IZVTo4K7gl1InJF8erStEKKN8KuoP9ruq3GaVCctv6ZSF4wVl%2BWs99kkfhbm%2B7fR7rK3zMjSOwd6nmuZFEDSOYFXYNdUcY0nR94ZYwhS2Kq3Ebr06%2BLMtkDGbYkP%2B0taSF4y6y7873QaJWWcKmBujkqPp%2BGX7Ux7qwKx9YMys2iffuq5No3suYSOk5GBnzj%2B7AjpNL6Ct%2BW%2B3gmkMIZ6vhX0OL5j1wVJqRGnl9quKcereUCygRliwkZPD5jmViXuilErfOGGzEeVF1PcQjbvG5kz3A6840SqiOZSYLBcD%2F7ufgHRKXfaqeD7ceYEmnsnJPwJVGBDfCHCuV3SEg4QsbhLdBzGXJO2Wtx9pOVWNtGy7CaAOUVSlcmngWY5BnFQbaeUY8J41nX7ArJZnbfnpcRt%2F2doz8ToFZLYHK1xGgO9yAzHutiw7HnjWc3HkLhBTqGPLWAvCGTFXJ%2BsEtUqrujH%2FcgGVL6zEMBWJ2e%2Bhe2fUjpisgtlU47vRnZUcnomVmU4O5hWPpWrEVmEkhov1YoPLQ8IOszv%2BVbbHw576vY1lcavYU7qZ3ZTQ4khwUM9R8CL%2F06BD1C5gX0Y22VwnZcRDiL1OUBmSwpt%2BAf8fRxHEl%2FvmrUKLmxWZrbXYs3QC7YAjxFPA9QuBypN%2BMdHZUUBBvRwCA6sKj4FnKc062V3rhV9CzpBMpQUm%2BMhcHIyK5x41zL4nj4XT%2B6fnH2EadqrmB8GsKm9baYVHq41lyxDA19IoDcB9q1x9EJV0DWipelAkOlLBfV9M50Xh8bm1qLHhl1dR7V3tNxqK4aGvH46RdZz%2BYo3CsVzAUlVEgU5cQV9kxPTTzGBw96NtWMa1oQwpRbSgExibc9gQeUn9OVa%2BHfnyYYwIVEq86xo%2FZ1ZlVA3qYKOLTuQsO3XZ9RRkZ3qTClpPRvTuhta8DnlrpisPGQwHWIXYuCyZgZamyQGKQz%2BZ6aNUQiR50HUbfIg93DE2Ig5UnKnWK%2BN0bI%2BwDII%2BLbYvdxhhXg0d%2BATMvWK0n5iFdbo%2Bu9VpXE8uIuM%2FGCqc6iElcTSBCebC3mYE44LkNgUMpajFXj830AYF1Dq%2B7uQ%2FGKaWIEjIHku7%2FycdPGIXK0ApNzzOjcitpxSim43ph6ZYukZUh9bOSqFAu3zN%2BknNFbL9ArSR42wwNSTn%2B%2BVCvKpfn4a%2FUPy0SOFivjCKOTFdxS3oEYua3g6kJKoKIDYCcrZCt86h%2FdhPpGnRstEGglFXyBZ8WPfjDrQDUvfN3rPnhwma8FdDHfyP98LMSrGcQWucY6aGjwS7Wz36fZD%2F0PpbDRKCwuxcwAccEMFFzCIlvKSvYk7R1WZgBPXqP6TVmECq2R867Nyu8TGspDSL4qOvl2cxVGM1uRpfGw6ZpUczP2rbAsWedZp1kDYF37z%2BB1QrFUQ5BNU2D6xit8gQh06%2B9kSwzmH2r1XobvFHyMDEkvcp2AyIC%2BjNgUBXj8ff253ZCaquWGEKuIjqM%2FqdAv%2B0MEbicWxb3PM1s7O6eZW8GixWtsuO6HooMGv66rG0RWqKTCZbTedRnUMqaDfbQhGERazoTLhs72gtMGIncY5yE%2Btb4O6wdbKGXFGpKJ0CFvvurP9DpsFZB5%2F7sjaCKLKbyN0UHpLekLzVefRijS3B0sOlkVf3HFzgZlRU2s2bOz4fo%2FdekUA%2FKI%2F0LcsCZq8ZYckiCye9FCYoJgNuoIg1F%2BrieFa2vG3VLO27ut3XGKuJPiNMyPaSdWjy3mDQXX6899faYH%2FwYlI21chCAkUazsUViE5hz%2F8zdx9m6J3csHl0PiZUEMPucHhK9P1bLdxZL%2B735FY22%2FuUEE4IgQt23R7AHdAQQvV0xIniVwrT76i92FzueWO1PlpxuDclwPJXP9bWiGN%2BeO3BVfcbwG0ZAFwF8VyFZX4YZ1LUw60jlzE%2BGQTL2mF6VF4cg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 08:46:45 GMT
Content-Type: image/png
Connection: close
Last-Modified: Wed, 25 Aug 2021 15:47:52 GMT
Vary: Accept-Encoding
ETag: W/"61266628-4914"
Content-Encoding: br
Cache-Control: no-transform