Report - thevirgin.pw/

Report Overview

Visited public
2024-07-13 02:39:56
Tags
URL
thevirgin.pw/
Finishing URL
thevirgin.pw/
IP / ASN
62.197.49.67
#58061 Scalaxy B.V.
Title
The Virgin

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
u3y8v8u4.aucdn.net	unknown	2022-06-27	2022-08-08 15:30:47	2024-07-12 07:26:50	456 B	2.7 MB	185.76.9.16
s3t3d2y8.afcdn.net	unknown	2022-06-27	2022-08-09 00:22:56	2024-07-11 19:33:48	2.3 kB	76 kB	185.76.9.25
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-11 18:12:19	2.9 kB	8.0 kB	23.33.119.57
thevirgin.pw	unknown	2023-12-02	2024-01-24 18:46:01	2024-01-24 18:46:01	2.4 kB	8.1 MB	62.197.49.67
a.magsrv.com	unknown	2023-08-01	2023-08-04 18:18:00	2024-07-12 07:26:57	6.0 kB	246 kB	185.76.9.24
s.magsrv.com	unknown	2023-08-01	2023-08-04 14:48:00	2024-07-12 07:26:57	4.9 kB	12 kB	95.211.229.248

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-13 02:39:29	high	62.197.49.67	Client IP	ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)
2024-07-13 02:39:29	low	Client IP	62.197.49.67	ET INFO HTTP Request to a *.pw domain
2024-07-13 02:39:30	low	Client IP	62.197.49.67	ET INFO HTTP Request to a *.pw domain
2024-07-13 02:39:30	low	Client IP	62.197.49.67	ET INFO HTTP Request to a *.pw domain
2024-07-13 02:39:30	low	Client IP	62.197.49.67	ET INFO HTTP Request to a *.pw domain
2024-07-13 02:39:30	low	Client IP	62.197.49.67	ET INFO HTTP Request to a *.pw domain
2024-07-13 02:39:30	low	Client IP	62.197.49.67	ET INFO HTTP Request to a *.pw domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	thevirgin.pw/	ScriptElement	199 B	2024-08-19	2024-08-19
Pretty URL thevirgin.pw/ IP 62.197.49.67 ASN #58061 Scalaxy B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 17:05 Last Seen2024-08-19 17:05 Times Seen1 Hash fb6b59ccc68cace6ac8c4d054c32649f 0a2f56eba3b85f51136b286ca4cfef01ade84263 68ba43ba6f709e8f668be2f7e6b273cfd4b2b7347f58cd223edfa595bdd07d98 Loading...

	thevirgin.pw/	ScriptElement	756 B	2024-07-10	2024-10-20
Pretty URL thevirgin.pw/ IP 62.197.49.67 ASN #58061 Scalaxy B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-10 16:49 Last Seen2024-10-20 02:02 Times Seen4 Hash 6a4d547d98d6ec95d8d6df7afa2d640e bbc62134ee1a0e9d04a6239b00112c6f863dab82 091f2534512d1f63afe7e3945586799bc4cbbf4812683db8c850e5d6fb4c9acd Loading...

	a.magsrv.com/ad-provider.js	ScriptElement	166 kB	2024-06-28	2024-08-21
Pretty URL a.magsrv.com/ad-provider.js IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-28 09:25 Last Seen2024-08-21 17:30 Times Seen612 Hash 710721b64ea5e3867ccff5f3de8ef294 18483d80947e14cf49f8c9ebbe3391e1f48fd0bc bc0563abe13d7d9aa2d4b78a528f19ab616341e43dbf486aabca10559ae58e64 Loading...

	a.magsrv.com/iframe.js?idzone=4838012&size=300x250	ScriptElement	2.3 kB	2024-05-23	2024-12-20
Pretty URL a.magsrv.com/iframe.js?idzone=4838012&size=300x250 IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-23 05:02 Last Seen2024-12-20 04:17 Times Seen11 Hash 37b7f903d4380f6064677226d8c4f7e4 a86791521569cc29518495534b5ecf277d738c90 a36e1f47f167dc711fa266f44800055d12c252ee60f7eb03a8806820184b9ba4 Loading...

	a.magsrv.com/build-iframe-js-url.js?idzone=4838012	ScriptElement	759 B	2024-05-23	2024-12-20
Pretty URL a.magsrv.com/build-iframe-js-url.js?idzone=4838012 IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-23 05:02 Last Seen2024-12-20 04:17 Times Seen11 Hash 7feb23a074b5c90be708943e226fae27 3600b531849fc20fc35b7ec8860fa148e258a8a9 f01d35e1823656ca838b0c7221d29abb126c5cd73f3991e3d84b93bf02bd0fae Loading...

	thevirgin.pw/	ScriptElement	354 B	2023-08-12	2024-10-20
Pretty URL thevirgin.pw/ IP 62.197.49.67 ASN #58061 Scalaxy B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-12 19:23 Last Seen2024-10-20 02:02 Times Seen6 Hash f825f3b19f41799190488fd8f48568bf a4179374f045e7af9d744032b2e9ee4b922657df 8e93ddf446b22db8765536f4c56969bfe1791218c6f2c5ac9eaf6c46ba86c557 Loading...

	thevirgin.pw/	ScriptElement	22 kB	2024-07-07	2024-12-20
Pretty URL thevirgin.pw/ IP 62.197.49.67 ASN #58061 Scalaxy B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-07 04:25 Last Seen2024-12-20 04:17 Times Seen6 Hash 553dc6cc0684e523d97a57923c5810df 087c5df759967fa0be075919e3f6b153666fabb3 42892e322c13160529b9454525fa0e46a88c777390b02f2c5fbd7f60b562ac53 Loading...

	a.magsrv.com/video-slider.js	ScriptElement	46 kB	2024-03-16	2025-04-08
Pretty URL a.magsrv.com/video-slider.js IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-16 03:04 Last Seen2025-04-08 01:44 Times Seen267 Hash 3f6b75fbd59723a6564e74a91ce3ddea c59f2fe6bc1834557e544c2b787778597ee40e80 ea8030a37b36fb35f4055a90eedae594932e6caa9c037927aa9b861debf4e6aa Loading...

	thevirgin.pw/	ScriptElement	0 B	0001-01-01	2025-05-06
Pretty URL thevirgin.pw/ IP 62.197.49.67 ASN #58061 Scalaxy B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-06 05:30 Times Seen4615281 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Write - 093b330084e58d31bcdf15532367b030	36 B	2024-08-19 17:05	2024-08-19 17:05
Pretty Observations First Seen2024-08-19 17:05 Last Seen2024-08-19 17:05 Times Seen1 Hash 093b330084e58d31bcdf15532367b030 4b9bdc15f95c17d543b51ca04c18370d11223043 039860a988035ed53374fbe6e10c0f817a50c8800e5d6c8c885ba2ee5850673e Loading...

HTTP Transactions (42)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ee5b6dc3e7ab972df60b36582e3eaaf4
2a5185acc539fcddac9c33895ec74faf552b62dd
be84262bbb3f3aabae368745bc3e85b816e372b16bc37327a1887d3a19992df6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BE84262BBB3F3AABAE368745BC3E85B816E372B16BC37327A1887D3A19992DF6"
Last-Modified: Wed, 10 Jul 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8817
Expires: Sat, 13 Jul 2024 05:06:26 GMT
Date: Sat, 13 Jul 2024 02:39:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
99ca9ac48d9c7dc638699b14599a47cc
3e19f65886cf5ced393284e0fe31bf830288078d
c52eade9addaf5b96532275714d3fa8c91a4e5f7b1287a3d17e8c2e9492f059a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C52EADE9ADDAF5B96532275714D3FA8C91A4E5F7B1287A3D17E8C2E9492F059A"
Last-Modified: Fri, 12 Jul 2024 03:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5910
Expires: Sat, 13 Jul 2024 04:17:59 GMT
Date: Sat, 13 Jul 2024 02:39:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4a4d81b1c193182fe2b1122877e94203
fd1f4427cb5867a8f63ae15825279827bbf768e6
4cd1772d378248e886ee96f55d956ff0856ba3f2eae9f15a10136e68f450ca70

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4CD1772D378248E886EE96F55D956FF0856BA3F2EAE9F15A10136E68F450CA70"
Last-Modified: Fri, 12 Jul 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8777
Expires: Sat, 13 Jul 2024 05:05:46 GMT
Date: Sat, 13 Jul 2024 02:39:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ec8baf60826f2f5b1e572fa2c5333328
e5e25bdce94aca9ac7fdba6115d13a7328ccbb26
20a4d98085df693785b82e60e9d84e87fd28671f922bc560f9a21dfed215639f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "20A4D98085DF693785B82E60E9D84E87FD28671F922BC560F9A21DFED215639F"
Last-Modified: Fri, 12 Jul 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4666
Expires: Sat, 13 Jul 2024 03:57:15 GMT
Date: Sat, 13 Jul 2024 02:39:29 GMT
Connection: keep-alive

thevirgin.pw/

62.197.49.67

17 kB

URL User Request GET
thevirgin.pw/
IP
62.197.49.67:0
ASN
#58061 Scalaxy B.V.

File type
HTML document, ASCII text, with very long lines (361), with CRLF, LF line terminators
Size
17 kB (17007 bytes)
Hash
fb74ba36c3187391b228e049f32edc94
2d331283e7890e3492171749346a6f8ff33e1c50
0432c189d88a26462a730e6c9061f65f361849360f958f433bf5b81380a1c81d

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET / HTTP/1.1
Host: thevirgin.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 13 Jul 2024 02:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.33
Content-Encoding: gzip

a.magsrv.com/iframe.php?idzone=4838012&size=300x250

185.76.9.24

200 OK

184 B

URL GET HTTP/1.1
a.magsrv.com/iframe.php?idzone=4838012&size=300x250
IP
185.76.9.24:80
ASN
#60068 Datacamp Limited

Requested by
http://thevirgin.pw/

File type
HTML document, ASCII text
Size
184 B (184 bytes)
Hash
c2dec76e4f6392d178ab054f98091489
534d62deff78b551206ce470120256b206e000e1
5538a73dae0cf0c36ef20bec0186c79b4fe8df713998cde41e91e09842edc5fd

HTTP Headers

GET /iframe.php?idzone=4838012&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 13 Jul 2024 02:39:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 13 Jul 2024 02:53:04 GMT
Cache-Control: max-age=10800
X-Robots-Tag: noindex, follow
Access-Control-Allow-Origin: *
X-77-NZT: EwwBuUwJFAH38SYAAAwBuUwKEwH3DAAAAAwBisclxAH3BQAAAA
X-77-NZT-Ray: af5856303fafdcc8e2e89166d40a380b
X-Accel-Expires: @1720839184
X-Accel-Date: 1720828401
X-77-Cache: HIT
X-77-Age: 9969
Vary: Accept-Encoding
Content-Encoding: gzip
Server: CDN77-Turbo
X-Accel-Date-Max: 1720828401
X-Cache: HIT
X-Age: 9969
X-77-POP: stockholmSE

a.magsrv.com/iframe.php?idzone=4838012&size=300x250

185.76.9.24

200 OK

184 B

URL GET HTTP/1.1
a.magsrv.com/iframe.php?idzone=4838012&size=300x250
IP
185.76.9.24:80
ASN
#60068 Datacamp Limited

Requested by
http://thevirgin.pw/

File type
HTML document, ASCII text
Size
184 B (184 bytes)
Hash
c2dec76e4f6392d178ab054f98091489
534d62deff78b551206ce470120256b206e000e1
5538a73dae0cf0c36ef20bec0186c79b4fe8df713998cde41e91e09842edc5fd

HTTP Headers

GET /iframe.php?idzone=4838012&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 13 Jul 2024 02:39:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 13 Jul 2024 02:53:04 GMT
Cache-Control: max-age=10800
X-Robots-Tag: noindex, follow
Access-Control-Allow-Origin: *
X-77-NZT: EwwBuUwJFAH38SYAAAwBuUwKEwH3DAAAAAwBisclxAH3BQAAAA
X-77-NZT-Ray: af58563057c1ddc8e2e89166efd43b0b
X-Accel-Expires: @1720839184
X-Accel-Date: 1720828401
X-77-Cache: HIT
X-77-Age: 9969
Vary: Accept-Encoding
Content-Encoding: gzip
Server: CDN77-Turbo
X-Accel-Date-Max: 1720828401
X-Cache: HIT
X-Age: 9969
X-77-POP: stockholmSE

a.magsrv.com/iframe.php?idzone=4838012&size=300x250

185.76.9.24

200 OK

184 B

URL GET HTTP/1.1
a.magsrv.com/iframe.php?idzone=4838012&size=300x250
IP
185.76.9.24:80
ASN
#60068 Datacamp Limited

Requested by
http://thevirgin.pw/

File type
HTML document, ASCII text
Size
184 B (184 bytes)
Hash
c2dec76e4f6392d178ab054f98091489
534d62deff78b551206ce470120256b206e000e1
5538a73dae0cf0c36ef20bec0186c79b4fe8df713998cde41e91e09842edc5fd

HTTP Headers

GET /iframe.php?idzone=4838012&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 13 Jul 2024 02:39:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 13 Jul 2024 02:53:04 GMT
Cache-Control: max-age=10800
X-Robots-Tag: noindex, follow
Access-Control-Allow-Origin: *
X-77-NZT: EwwBuUwJFAH38SYAAAwBuUwKEwH3DAAAAAwBisclxAH3BQAAAA
X-77-NZT-Ray: af58563054b0dfc8e2e891663b383e0b
X-Accel-Expires: @1720839184
X-Accel-Date: 1720828401
X-77-Cache: HIT
X-77-Age: 9969
Vary: Accept-Encoding
Content-Encoding: gzip
Server: CDN77-Turbo
X-Accel-Date-Max: 1720828401
X-Cache: HIT
X-Age: 9969
X-77-POP: stockholmSE

thevirgin.pw/img/hot_1613634850.gif

62.197.49.67

200 OK

671 B

URL GET HTTP/1.1
thevirgin.pw/img/hot_1613634850.gif
IP
62.197.49.67:80
ASN
#58061 Scalaxy B.V.

Requested by
http://thevirgin.pw/

File type
GIF image data, version 89a, 47 x 10
Size
671 B (671 bytes)
Hash
47489e13c6e6bcd769fe8899171932de
e5bd2b1491dd15131c0b9166716cc5c168568cde
417ba5378352abb89940c02b28e835f2d3ead02baaa51c7f9f1d1986d937ad71

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /img/hot_1613634850.gif HTTP/1.1
Host: thevirgin.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Cookie: 9a3bc=bm9yZWZ8fHwxfDB8MHxub25lfDA6; 9a3bcb=1720838293
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 13 Jul 2024 02:38:13 GMT
Content-Type: image/gif
Content-Length: 671
Last-Modified: Mon, 17 Oct 2022 20:01:10 GMT
Connection: keep-alive
ETag: "634db486-29f"
Accept-Ranges: bytes

a.magsrv.com/iframe.php?idzone=4838012&size=300x250

185.76.9.24

200 OK

184 B

URL GET HTTP/1.1
a.magsrv.com/iframe.php?idzone=4838012&size=300x250
IP
185.76.9.24:80
ASN
#60068 Datacamp Limited

Requested by
http://thevirgin.pw/

File type
HTML document, ASCII text
Size
184 B (184 bytes)
Hash
c2dec76e4f6392d178ab054f98091489
534d62deff78b551206ce470120256b206e000e1
5538a73dae0cf0c36ef20bec0186c79b4fe8df713998cde41e91e09842edc5fd

HTTP Headers

GET /iframe.php?idzone=4838012&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 13 Jul 2024 02:39:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 13 Jul 2024 02:53:04 GMT
Cache-Control: max-age=10800
X-Robots-Tag: noindex, follow
Access-Control-Allow-Origin: *
X-77-NZT: EwwBuUwJFAH38SYAAAwBuUwKEwH3DAAAAAwBisclxAH3BQAAAA
X-77-NZT-Ray: af5856303fafdcc8e2e8916605fc030c
X-Accel-Expires: @1720839184
X-Accel-Date: 1720828401
X-77-Cache: HIT
X-77-Age: 9969
Vary: Accept-Encoding
Content-Encoding: gzip
Server: CDN77-Turbo
X-Accel-Date-Max: 1720828401
X-Cache: HIT
X-Age: 9969
X-77-POP: stockholmSE

thevirgin.pw/img/null.png

62.197.49.67

200 OK

2.5 kB

URL GET HTTP/1.1
thevirgin.pw/img/null.png
IP
62.197.49.67:80
ASN
#58061 Scalaxy B.V.

Requested by
http://thevirgin.pw/

File type
PNG image data, 600 x 600, 8-bit gray+alpha, non-interlaced
Size
2.5 kB (2460 bytes)
Hash
428d32c8089fda01e2f63b072cb9038c
9c69483488edc21ec9e949b408721d9447ebab01
a867e9fb30b5a2283a93b3c60985ff228e2e1123a9d413a759fa5ed9eeecc3b9

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /img/null.png HTTP/1.1
Host: thevirgin.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Cookie: 9a3bc=bm9yZWZ8fHwxfDB8MHxub25lfDA6; 9a3bcb=1720838293
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 13 Jul 2024 02:38:13 GMT
Content-Type: image/png
Content-Length: 2460
Last-Modified: Mon, 17 Oct 2022 20:01:18 GMT
Connection: keep-alive
ETag: "634db48e-99c"
Accept-Ranges: bytes

thevirgin.pw/img/fsdg5h6.gif

62.197.49.67

200 OK

210 kB

URL GET HTTP/1.1
thevirgin.pw/img/fsdg5h6.gif
IP
62.197.49.67:80
ASN
#58061 Scalaxy B.V.

Requested by
http://thevirgin.pw/

File type
GIF image data, version 89a, 800 x 800
Size
210 kB (209649 bytes)
Hash
7716842a21949efb5b8d3af1bbcb01ff
f83ab1e6a875874a3bc2e3671b3bdf97bfddd207
56fcfe07c0cadd24d0a34ff3d84c09e1d2c955819551b12c8c26b323635ce637

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /img/fsdg5h6.gif HTTP/1.1
Host: thevirgin.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Cookie: 9a3bc=bm9yZWZ8fHwxfDB8MHxub25lfDA6; 9a3bcb=1720838293
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 13 Jul 2024 02:38:13 GMT
Content-Type: image/gif
Content-Length: 209649
Last-Modified: Mon, 17 Oct 2022 20:00:56 GMT
Connection: keep-alive
ETag: "634db478-332f1"
Accept-Ranges: bytes

thevirgin.pw/img/526.gif

62.197.49.67

200 OK

7.8 MB

URL GET HTTP/1.1
thevirgin.pw/img/526.gif
IP
62.197.49.67:80
ASN
#58061 Scalaxy B.V.

Requested by
http://thevirgin.pw/

File type
GIF image data, version 89a, 300 x 279
Size
7.8 MB (7826584 bytes)
Hash
64eb958c623ed07e5ef16db8fb65eea2
701076395a06b19335c507cc26476bc0d5908d8d
1dde90a8eb0b310b4b7901daeaaf4e9e724b233d6d4c25b84d05564b718ee99e

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /img/526.gif HTTP/1.1
Host: thevirgin.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Cookie: 9a3bc=bm9yZWZ8fHwxfDB8MHxub25lfDA6; 9a3bcb=1720838293
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 13 Jul 2024 02:38:13 GMT
Content-Type: image/gif
Content-Length: 7826584
Last-Modified: Thu, 20 Oct 2022 05:31:28 GMT
Connection: keep-alive
ETag: "6350dd30-776c98"
Accept-Ranges: bytes

a.magsrv.com/ad-provider.js

185.76.9.24

200 OK

46 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
JavaScript source, ASCII text, with very long lines (35849)
Size
46 kB (45872 bytes)
Hash
da855d8d0d8ca3f515a5caff58c70a69
b23a21064136a8d39a0515a70f5d3b29a8de3e48
d656f4a088f8a3d6be592f4d20245a261e2a405d88f2ebf120bd9768efd2534d

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"18483d80947e14cf49f8c9ebbe3"
expires: Thu, 11 Jul 2024 17:52:17 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3JicAAAwBuUwKAQH37gIAAAwBJRPCLgH3BQAAAA
x-77-nzt-ray: af5856302ea7dac8e2e89166b29df21c
x-accel-expires: @1720839148
x-accel-date: 1720828348
x-77-cache: HIT
x-77-age: 10022
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710292
x-cache: HIT
x-age: 10022
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

a.magsrv.com/ad-provider.js

185.76.9.24

200 OK

44 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
JavaScript source, ASCII text, with very long lines (35849)
Size
44 kB (44274 bytes)
Hash
ac3d90d697fad22f602f8d0a8c3cf327
cd5b1ec14ba7fc9c06e89210a20703b5a8bf5eed
256a314a84e4faeecd9c6decead5e3288b6541dc7a0bccce00e058dd3c55adbf

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"18483d80947e14cf49f8c9ebbe3"
expires: Thu, 11 Jul 2024 17:52:17 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3JicAAAwBuUwKAQH37gIAAAwBJRPCLgH3BQAAAA
x-77-nzt-ray: af5856302ea7dac8e2e89166abccde18
x-accel-expires: @1720839148
x-accel-date: 1720828348
x-77-cache: HIT
x-77-age: 10022
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710292
x-cache: HIT
x-age: 10022
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

a.magsrv.com/ad-provider.js

185.76.9.24

200 OK

45 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
JavaScript source, ASCII text, with very long lines (35849)
Size
45 kB (45363 bytes)
Hash
d346a72baecb11236fd9dd93f1bf4f58
9654c74aab8cbc7b1ec06d58f5e0bbd357d6b717
fef5b347cea82d5c88d44207dd2ad4bce59ddc1fa421b3fa8e7966ed4e396c5a

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"18483d80947e14cf49f8c9ebbe3"
expires: Thu, 11 Jul 2024 17:52:17 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3JicAAAwBuUwKAQH37gIAAAwBJRPCLgH3BQAAAA
x-77-nzt-ray: af5856302ea7dac8e2e89166aea49c18
x-accel-expires: @1720839148
x-accel-date: 1720828348
x-77-cache: HIT
x-77-age: 10022
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710292
x-cache: HIT
x-age: 10022
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

a.magsrv.com/ad-provider.js

185.76.9.24

200 OK

43 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
gzip compressed data, from Unix
Size
43 kB (43420 bytes)
Hash
d7b727563905fa4f668da2cae5a4ec1e
be0d19f797f311f0bf3f0c86c7bfaf4f348f29bd
9ae388260c1599c418592f63857f27b0bdfd7238fa822587ebe01e832c6efb23

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"18483d80947e14cf49f8c9ebbe3"
expires: Thu, 11 Jul 2024 17:52:17 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3JicAAAwBuUwKAQH37gIAAAwBJRPCLgH3BQAAAA
x-77-nzt-ray: af5856302ea7dac8e2e8916635fd001c
x-accel-expires: @1720839148
x-accel-date: 1720828348
x-77-cache: HIT
x-77-age: 10022
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710292
x-cache: HIT
x-age: 10022
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

s.magsrv.com/v1/api.php

95.211.229.248

200 OK

1.3 kB

URL POST HTTP/1.1
s.magsrv.com/v1/api.php
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint8E:61:86:2F:82:07:61:43:48:51:5B:D9:4A:30:13:C5:56:73:0F:42
ValidityMon, 01 Jul 2024 10:24:45 GMT - Sun, 29 Sep 2024 10:24:44 GMT

File type
JSON text data
Size
1.3 kB (1275 bytes)
Hash
6cb3ea357f0b205bef386306a631c70d
8dc83618aac5c6e6f5fa136f1c598a5a90c771cb
ce934887ba6bd334e32d3d021750c39ddffa5aaf3c14edff4bcfedba9e3a0b26

HTTP Headers

POST /v1/api.php HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 311
Origin: http://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 13 Jul 2024 02:39:32 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://a.magsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226691e8e46b1b25.070897742047526609%22%3B%7D; expires=Mon, 13-Jul-2026 02:39:32 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s.magsrv.com/v1/api.php

95.211.229.248

200 OK

1.3 kB

URL POST HTTP/1.1
s.magsrv.com/v1/api.php
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint8E:61:86:2F:82:07:61:43:48:51:5B:D9:4A:30:13:C5:56:73:0F:42
ValidityMon, 01 Jul 2024 10:24:45 GMT - Sun, 29 Sep 2024 10:24:44 GMT

File type
JSON text data
Size
1.3 kB (1276 bytes)
Hash
e8ba421616dc083a869816a8f6938494
6b1eb5a10c3b1274f784706a49a7e65dd7a6eb15
3a33bb893c7580c7a79bad236e46989ba113364e7b16513761cab77956b2ac2d

HTTP Headers

POST /v1/api.php HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 311
Origin: http://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 13 Jul 2024 02:39:32 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://a.magsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226691e8e46b37a2.215474163210460436%22%3B%7D; expires=Mon, 13-Jul-2026 02:39:32 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

u3y8v8u4.aucdn.net/library/141372/4075fab111680ff29320723c5a464014cdca157a.mp4

185.76.9.16

206 Partial Content

2.7 MB

URL GET HTTP/1.1
u3y8v8u4.aucdn.net/library/141372/4075fab111680ff29320723c5a464014cdca157a.mp4
IP
185.76.9.16:80
ASN
#60068 Datacamp Limited

Requested by
http://thevirgin.pw/

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
2.7 MB (2709886 bytes)
Hash
c7cc06eb7a07d5941e27dcce3cf326fa
4075fab111680ff29320723c5a464014cdca157a
d014d8e1d1e853dc4cbfcac423d89685d3d0779953e2b0f44069d62836b9c26c

HTTP Headers

GET /library/141372/4075fab111680ff29320723c5a464014cdca157a.mp4 HTTP/1.1
Host: u3y8v8u4.aucdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Date: Sat, 13 Jul 2024 02:39:32 GMT
Content-Type: video/mp4
Content-Length: 2709886
Connection: keep-alive
Last-Modified: Thu, 04 May 2023 14:20:20 GMT
ETag: "6453bf24-29597e"
Expires: Thu, 16 May 2024 10:01:05 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
X-Robots-Tag: noindex, follow
X-Cache-OP: HIT
Server: CDN77-Turbo
X-77-NZT: EQwBuUwJDQH3Pg9MAA
X-77-NZT-Ray: c0a4cc2801e6bbb3e4e89166b8983f19
X-Accel-Expires: @1734039190
X-Accel-Date: 1715853734
X-Accel-Date-Max: 1684317732
X-Cache: HIT
X-Age: 4984638
X-77-POP: stockholmSE
X-77-Cache: HIT
X-77-Age: 4984638
Content-Range: bytes 0-2709885/2709886

a.magsrv.com/build-iframe-js-url.js?idzone=4838012

185.76.9.24

200 OK

2.2 kB

URL GET HTTP/2
a.magsrv.com/build-iframe-js-url.js?idzone=4838012
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
JavaScript source, ASCII text, with very long lines (3300), with no line terminators
Size
2.2 kB (2178 bytes)
Hash
e4887bfd960c396098f88ad2b9c8c374
70cc3ea59f09939493b12b691f14c78900e4eafd
3d567fb88aa3e066603a8a88d53c510d88e1b25d7cd041949479fa4ab75add73

HTTP Headers

GET /build-iframe-js-url.js?idzone=4838012 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"3600b531849fc20fc35b7ec8860"
expires: Thu, 11 Jul 2024 17:52:44 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH38SYAAAwBuUwKEwH3yAIAAAwBnJIhHwH32wAAAA
x-77-nzt-ray: af5856302ea7dac8e2e8916684fdc618
x-accel-expires: @1720839192
x-accel-date: 1720828401
x-77-cache: HIT
x-77-age: 9969
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710495
x-cache: HIT
x-age: 9969
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA12OQU7EMAxFr8IFGn07TuLMmjVIIA7QNimwGEYaBOrCh8fpSAiRp8hfyYtjBsuEMhHfMZ9iPUVYpVARhAMlsYfHJxOy/a19fLUe1svZhDVRMmWm6nbJVNlEo4LYqnrMSVStADVLzeZyNDicoshIAQC5YC/P98cmhy0COyd4Ht+awMQz9vEWmoGlLVnXLqU11dQTL3XG1ln6PESbw3l+/bx+H3PiRgD7XKM9fpmGHEki+zy+YMfx+3adz93sjzkoR+/BqP9vbzCyD5uHYkvXRXvbSl5bUq6xqVf0jSstZaUfEwNiOXUBAAA=&dbt=e2e_6691e8e2f3dba4.57342565&scr_info=YXN5bmN8fDM%3D

95.211.229.248

200 OK

20 B

URL GET HTTP/1.1
s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA12OQU7EMAxFr8IFGn07TuLMmjVIIA7QNimwGEYaBOrCh8fpSAiRp8hfyYtjBsuEMhHfMZ9iPUVYpVARhAMlsYfHJxOy/a19fLUe1svZhDVRMmWm6nbJVNlEo4LYqnrMSVStADVLzeZyNDicoshIAQC5YC/P98cmhy0COyd4Ht+awMQz9vEWmoGlLVnXLqU11dQTL3XG1ln6PESbw3l+/bx+H3PiRgD7XKM9fpmGHEki+zy+YMfx+3adz93sjzkoR+/BqP9vbzCyD5uHYkvXRXvbSl5bUq6xqVf0jSstZaUfEwNiOXUBAAA=&dbt=e2e_6691e8e2f3dba4.57342565&scr_info=YXN5bmN8fDM%3D
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint8E:61:86:2F:82:07:61:43:48:51:5B:D9:4A:30:13:C5:56:73:0F:42
ValidityMon, 01 Jul 2024 10:24:45 GMT - Sun, 29 Sep 2024 10:24:44 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA12OQU7EMAxFr8IFGn07TuLMmjVIIA7QNimwGEYaBOrCh8fpSAiRp8hfyYtjBsuEMhHfMZ9iPUVYpVARhAMlsYfHJxOy/a19fLUe1svZhDVRMmWm6nbJVNlEo4LYqnrMSVStADVLzeZyNDicoshIAQC5YC/P98cmhy0COyd4Ht+awMQz9vEWmoGlLVnXLqU11dQTL3XG1ln6PESbw3l+/bx+H3PiRgD7XKM9fpmGHEki+zy+YMfx+3adz93sjzkoR+/BqP9vbzCyD5uHYkvXRXvbSl5bUq6xqVf0jSstZaUfEwNiOXUBAAA=&dbt=e2e_6691e8e2f3dba4.57342565&scr_info=YXN5bmN8fDM%3D HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226691e8e46b37a2.215474163210460436%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 13 Jul 2024 02:39:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://a.magsrv.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 13 Jul 2024 04:15:55 GMT
Date: Sat, 13 Jul 2024 02:39:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 13 Jul 2024 04:15:55 GMT
Date: Sat, 13 Jul 2024 02:39:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 13 Jul 2024 04:15:55 GMT
Date: Sat, 13 Jul 2024 02:39:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 13 Jul 2024 04:15:55 GMT
Date: Sat, 13 Jul 2024 02:39:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 13 Jul 2024 04:15:55 GMT
Date: Sat, 13 Jul 2024 02:39:32 GMT
Connection: keep-alive

s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA12OwU4EIRBEf8UfGFLdNNDs2bMma/wAZmDUw7jJGjdz6I8XZhNj5IVQgaqmGCwT0kT8wHzy+eTZMrkMJ+woiD09n03I9vf6+V2bWy6bCWugYMpMGZZTpMwm6hXUw9plDKJqCchRslg3e0OHgxcZygGgbrDXl8djU4fNAzsHdD2+NYH1sGEfWWgE5jpHXZqkWlVDCzzngrWxtDKMVtxW3r6ut6Mn7jhwSsd4/DINsyfx3Pv0BTuuP9Zr2ZrZH+cgHbMH4/z/eodj7xqHw9JSgsQVuoDmWhqFUpEkxFRAQvoDHjRHzXQBAAA=&dbt=e2e_6691e8e47c1c07.41244937&scr_info=YXN5bmN8fDM%3D

95.211.229.248

200 OK

20 B

URL GET HTTP/1.1
s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA12OwU4EIRBEf8UfGFLdNNDs2bMma/wAZmDUw7jJGjdz6I8XZhNj5IVQgaqmGCwT0kT8wHzy+eTZMrkMJ+woiD09n03I9vf6+V2bWy6bCWugYMpMGZZTpMwm6hXUw9plDKJqCchRslg3e0OHgxcZygGgbrDXl8djU4fNAzsHdD2+NYH1sGEfWWgE5jpHXZqkWlVDCzzngrWxtDKMVtxW3r6ut6Mn7jhwSsd4/DINsyfx3Pv0BTuuP9Zr2ZrZH+cgHbMH4/z/eodj7xqHw9JSgsQVuoDmWhqFUpEkxFRAQvoDHjRHzXQBAAA=&dbt=e2e_6691e8e47c1c07.41244937&scr_info=YXN5bmN8fDM%3D
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint8E:61:86:2F:82:07:61:43:48:51:5B:D9:4A:30:13:C5:56:73:0F:42
ValidityMon, 01 Jul 2024 10:24:45 GMT - Sun, 29 Sep 2024 10:24:44 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA12OwU4EIRBEf8UfGFLdNNDs2bMma/wAZmDUw7jJGjdz6I8XZhNj5IVQgaqmGCwT0kT8wHzy+eTZMrkMJ+woiD09n03I9vf6+V2bWy6bCWugYMpMGZZTpMwm6hXUw9plDKJqCchRslg3e0OHgxcZygGgbrDXl8djU4fNAzsHdD2+NYH1sGEfWWgE5jpHXZqkWlVDCzzngrWxtDKMVtxW3r6ut6Mn7jhwSsd4/DINsyfx3Pv0BTuuP9Zr2ZrZH+cgHbMH4/z/eodj7xqHw9JSgsQVuoDmWhqFUpEkxFRAQvoDHjRHzXQBAAA=&dbt=e2e_6691e8e47c1c07.41244937&scr_info=YXN5bmN8fDM%3D HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226691e8e46b37a2.215474163210460436%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 13 Jul 2024 02:39:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://a.magsrv.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA12Q0UoEMQxFf8UfmHKbpm2yzz4rKH5AZzqjPqwLK8o85ONNZ0HEHkou7U16KYF4Qp0i3RGdkp4SmcagCEwhZraHxyfjaPtb//jqa1guZ2OSHLMJUVSY1hKVjCUJojeLy5JZxCqghZXNzcngUE7MQwUA0Q328nx/7OiQJWCnDNfjWWOYNxv20QspwNznIsvKtXeRvGaatWFbidc2jNbCub1+Xr+PnLgRQFqP8fhlGuYUOZHn8QU7jt+3azuvZn+cg3rMHoz6//YGFc9ahsNqS4rsnyRJpYhuuS7ErfWZ0GrcfgAtJTVrdAEAAA==&dbt=e2e_6691e8e47bb762.06147742&scr_info=YXN5bmN8fDM%3D

95.211.229.248

200 OK

20 B

URL GET HTTP/1.1
s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA12Q0UoEMQxFf8UfmHKbpm2yzz4rKH5AZzqjPqwLK8o85ONNZ0HEHkou7U16KYF4Qp0i3RGdkp4SmcagCEwhZraHxyfjaPtb//jqa1guZ2OSHLMJUVSY1hKVjCUJojeLy5JZxCqghZXNzcngUE7MQwUA0Q328nx/7OiQJWCnDNfjWWOYNxv20QspwNznIsvKtXeRvGaatWFbidc2jNbCub1+Xr+PnLgRQFqP8fhlGuYUOZHn8QU7jt+3azuvZn+cg3rMHoz6//YGFc9ahsNqS4rsnyRJpYhuuS7ErfWZ0GrcfgAtJTVrdAEAAA==&dbt=e2e_6691e8e47bb762.06147742&scr_info=YXN5bmN8fDM%3D
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint8E:61:86:2F:82:07:61:43:48:51:5B:D9:4A:30:13:C5:56:73:0F:42
ValidityMon, 01 Jul 2024 10:24:45 GMT - Sun, 29 Sep 2024 10:24:44 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA12Q0UoEMQxFf8UfmHKbpm2yzz4rKH5AZzqjPqwLK8o85ONNZ0HEHkou7U16KYF4Qp0i3RGdkp4SmcagCEwhZraHxyfjaPtb//jqa1guZ2OSHLMJUVSY1hKVjCUJojeLy5JZxCqghZXNzcngUE7MQwUA0Q328nx/7OiQJWCnDNfjWWOYNxv20QspwNznIsvKtXeRvGaatWFbidc2jNbCub1+Xr+PnLgRQFqP8fhlGuYUOZHn8QU7jt+3azuvZn+cg3rMHoz6//YGFc9ahsNqS4rsnyRJpYhuuS7ErfWZ0GrcfgAtJTVrdAEAAA==&dbt=e2e_6691e8e47bb762.06147742&scr_info=YXN5bmN8fDM%3D HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226691e8e46b37a2.215474163210460436%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 13 Jul 2024 02:39:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://a.magsrv.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s3t3d2y8.afcdn.net/library/428515/ede74c7bceaa7703fd30a60d5d9f04ca5eac5716.mp4

185.76.9.25

206 Partial Content

33 kB

URL GET HTTP/2
s3t3d2y8.afcdn.net/library/428515/ede74c7bceaa7703fd30a60d5d9f04ca5eac5716.mp4
IP
185.76.9.25:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
Fingerprint22:9F:54:A2:AF:3E:A2:6B:FB:1A:C6:F4:B8:E8:E1:C3:A8:02:B3:29
ValidityTue, 30 Apr 2024 07:42:02 GMT - Mon, 29 Jul 2024 07:42:01 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
33 kB (33263 bytes)
Hash
1413cd1c8cc4a6653851bdfc54fdb32f
ede74c7bceaa7703fd30a60d5d9f04ca5eac5716
41f006ad3d3978487383e7cdf609bbd8041bb1fd2af17b81874d80eaad003235

HTTP Headers

GET /library/428515/ede74c7bceaa7703fd30a60d5d9f04ca5eac5716.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Sat, 13 Jul 2024 02:39:32 GMT
content-type: video/mp4
content-length: 33263
last-modified: Fri, 31 Dec 2021 10:19:17 GMT
etag: "61ced925-81ef"
accept-ch: 
expires: Wed, 16 Apr 2025 14:32:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-77-nzt: EwwBuUwJFAH37VxzAAwBuUwKEwH3BwAAAAgB1GY4EQGB
x-77-nzt-ray: af585630a9a989e1e4e891669990122b
x-accel-expires: @1744813936
x-77-cache: HIT
x-accel-date: 1713277943
x-77-age: 7560429
server: CDN77-Turbo
x-accel-date-max: 1713277943
x-cache: HIT
x-age: 7560429
x-77-pop: stockholmSE
content-range: bytes 0-33262/33263
X-Firefox-Spdy: h2

s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA12QwUpEMQxFf8UfmHKTpm06a9cKih/Q99qnLsaBEWUW+XjTNyBiD6WX5ia9lMFyQDkQ3zEfYz1GtkqhIggHSmIPj08mZNe3/vHVR1jPJxPWRMmUmSqslkyVTTQqyJvVZU6iagWoWbzm5mhwOEWRqQIAcoO9PN/vmxy2CFw5wfV81gQmrnGdvdAMLH3Jug4pvaumkXipDdtgGW0arYVTe/28fO85cSMgUt3H45fDNEeSyJ7HF2y/ft8u7TTM/jgnZZ89mef/6g0unjVPh6FJG1siVXZVhP1v1rGtnXIp2pcflJ5hTnQBAAA=&dbt=e2e_6691e8e48fe565.85903938&scr_info=YXN5bmN8fDM%3D

95.211.229.248

200 OK

20 B

URL GET HTTP/1.1
s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA12QwUpEMQxFf8UfmHKTpm06a9cKih/Q99qnLsaBEWUW+XjTNyBiD6WX5ia9lMFyQDkQ3zEfYz1GtkqhIggHSmIPj08mZNe3/vHVR1jPJxPWRMmUmSqslkyVTTQqyJvVZU6iagWoWbzm5mhwOEWRqQIAcoO9PN/vmxy2CFw5wfV81gQmrnGdvdAMLH3Jug4pvaumkXipDdtgGW0arYVTe/28fO85cSMgUt3H45fDNEeSyJ7HF2y/ft8u7TTM/jgnZZ89mef/6g0unjVPh6FJG1siVXZVhP1v1rGtnXIp2pcflJ5hTnQBAAA=&dbt=e2e_6691e8e48fe565.85903938&scr_info=YXN5bmN8fDM%3D
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint8E:61:86:2F:82:07:61:43:48:51:5B:D9:4A:30:13:C5:56:73:0F:42
ValidityMon, 01 Jul 2024 10:24:45 GMT - Sun, 29 Sep 2024 10:24:44 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA12QwUpEMQxFf8UfmHKTpm06a9cKih/Q99qnLsaBEWUW+XjTNyBiD6WX5ia9lMFyQDkQ3zEfYz1GtkqhIggHSmIPj08mZNe3/vHVR1jPJxPWRMmUmSqslkyVTTQqyJvVZU6iagWoWbzm5mhwOEWRqQIAcoO9PN/vmxy2CFw5wfV81gQmrnGdvdAMLH3Jug4pvaumkXipDdtgGW0arYVTe/28fO85cSMgUt3H45fDNEeSyJ7HF2y/ft8u7TTM/jgnZZ89mef/6g0unjVPh6FJG1siVXZVhP1v1rGtnXIp2pcflJ5hTnQBAAA=&dbt=e2e_6691e8e48fe565.85903938&scr_info=YXN5bmN8fDM%3D HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226691e8e466dfd6.283942273415866902%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 13 Jul 2024 02:39:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://a.magsrv.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s3t3d2y8.afcdn.net/library/428515/afaf6b58a8d6050615369f81598d4bd126bd021e.webp

185.76.9.25

200 OK

13 kB

URL GET HTTP/2
s3t3d2y8.afcdn.net/library/428515/afaf6b58a8d6050615369f81598d4bd126bd021e.webp
IP
185.76.9.25:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
Fingerprint22:9F:54:A2:AF:3E:A2:6B:FB:1A:C6:F4:B8:E8:E1:C3:A8:02:B3:29
ValidityTue, 30 Apr 2024 07:42:02 GMT - Mon, 29 Jul 2024 07:42:01 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
13 kB (13180 bytes)
Hash
8da76954e810412b8ec5378d8480ab45
afaf6b58a8d6050615369f81598d4bd126bd021e
4f186cbdc1268f6ab21f0e5bc6dfa6dce0c52fb60dec007a79e2c41d41bc4293

HTTP Headers

GET /library/428515/afaf6b58a8d6050615369f81598d4bd126bd021e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:32 GMT
content-type: image/webp
content-length: 13180
last-modified: Fri, 31 Dec 2021 10:19:16 GMT
etag: "61ced924-337c"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
expires: Wed, 16 Apr 2025 14:32:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-77-nzt: EwwBuUwJFAH36FxzAAwBuUwKDAH3DQAAAAgBisclwQGB
x-77-nzt-ray: af585630a9a989e1e4e8916684cc3a2b
x-accel-expires: @1744813935
x-77-cache: HIT
x-accel-date: 1713277948
x-77-age: 7560424
server: CDN77-Turbo
x-accel-date-max: 1713277948
x-cache: HIT
x-age: 7560424
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/library/428515/afaf6b58a8d6050615369f81598d4bd126bd021e.webp

185.76.9.25

200 OK

13 kB

URL GET HTTP/2
s3t3d2y8.afcdn.net/library/428515/afaf6b58a8d6050615369f81598d4bd126bd021e.webp
IP
185.76.9.25:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
Fingerprint22:9F:54:A2:AF:3E:A2:6B:FB:1A:C6:F4:B8:E8:E1:C3:A8:02:B3:29
ValidityTue, 30 Apr 2024 07:42:02 GMT - Mon, 29 Jul 2024 07:42:01 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
13 kB (13180 bytes)
Hash
8da76954e810412b8ec5378d8480ab45
afaf6b58a8d6050615369f81598d4bd126bd021e
4f186cbdc1268f6ab21f0e5bc6dfa6dce0c52fb60dec007a79e2c41d41bc4293

HTTP Headers

GET /library/428515/afaf6b58a8d6050615369f81598d4bd126bd021e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:32 GMT
content-type: image/webp
content-length: 13180
last-modified: Fri, 31 Dec 2021 10:19:16 GMT
etag: "61ced924-337c"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
expires: Wed, 16 Apr 2025 14:32:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-77-nzt: EwwBuUwJFAH36FxzAAwBuUwKDAH3DQAAAAgBisclwQGB
x-77-nzt-ray: af585630a9a989e1e4e8916641a74a2b
x-accel-expires: @1744813935
x-77-cache: HIT
x-accel-date: 1713277948
x-77-age: 7560424
server: CDN77-Turbo
x-accel-date-max: 1713277948
x-cache: HIT
x-age: 7560424
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/library/428515/5ceded664676db96d2b3b5382cb17da5e728eefc.webp

185.76.9.25

200 OK

12 kB

URL GET HTTP/2
s3t3d2y8.afcdn.net/library/428515/5ceded664676db96d2b3b5382cb17da5e728eefc.webp
IP
185.76.9.25:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
Fingerprint22:9F:54:A2:AF:3E:A2:6B:FB:1A:C6:F4:B8:E8:E1:C3:A8:02:B3:29
ValidityTue, 30 Apr 2024 07:42:02 GMT - Mon, 29 Jul 2024 07:42:01 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
12 kB (12098 bytes)
Hash
f873befbe3e52bba71c605062b1ff845
5ceded664676db96d2b3b5382cb17da5e728eefc
480a21117ecb1dac929af83d77cf4e57cb2342a2d424c5b798edf6379d472a41

HTTP Headers

GET /library/428515/5ceded664676db96d2b3b5382cb17da5e728eefc.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:32 GMT
content-type: image/webp
content-length: 12098
last-modified: Fri, 31 Dec 2021 10:19:16 GMT
etag: "61ced924-2f42"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
expires: Wed, 16 Apr 2025 14:32:18 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-77-nzt: EwwBuUwJFAH33lxzAAwBuUwKCQH3FAAAAAgBnJIhJwGB
x-77-nzt-ray: af585630a9a989e1e4e891661f644d2b
x-accel-expires: @1744813938
x-77-cache: HIT
x-accel-date: 1713277958
x-77-age: 7560414
server: CDN77-Turbo
x-accel-date-max: 1713277958
x-cache: HIT
x-age: 7560414
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

a.magsrv.com/iframe.js?idzone=4838012&size=300x250

185.76.9.24

200 OK

2.3 kB

URL GET HTTP/2
a.magsrv.com/iframe.js?idzone=4838012&size=300x250
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
JavaScript source, ASCII text, with very long lines (2413), with no line terminators
Size
2.3 kB (2292 bytes)
Hash
2de27c55c243fb06964525117091e05b
f1f28e0adae103296ffd610cbdf9c5a7220a95d9
28cdb4d6978664806ec0f2d657f18f4f76b11311848f1019970c828e74d51edd

HTTP Headers

GET /iframe.js?idzone=4838012&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"a86791521569cc29518495534b5"
expires: Thu, 11 Jul 2024 17:52:44 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH38SYAAAwBuUwKCQH3zgAAAAwB1GY4EQH33wIAAA
x-77-nzt-ray: af5856302ea7dac8e2e89166c992471e
x-accel-expires: @1720839193
x-accel-date: 1720828401
x-77-cache: HIT
x-77-age: 9969
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710505
x-cache: HIT
x-age: 9969
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

a.magsrv.com/iframe.js?idzone=4838012&size=300x250

185.76.9.24

200 OK

2.3 kB

URL GET HTTP/2
a.magsrv.com/iframe.js?idzone=4838012&size=300x250
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
JavaScript source, ASCII text, with very long lines (2413), with no line terminators
Size
2.3 kB (2292 bytes)
Hash
2de27c55c243fb06964525117091e05b
f1f28e0adae103296ffd610cbdf9c5a7220a95d9
28cdb4d6978664806ec0f2d657f18f4f76b11311848f1019970c828e74d51edd

HTTP Headers

GET /iframe.js?idzone=4838012&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"a86791521569cc29518495534b5"
expires: Thu, 11 Jul 2024 17:52:44 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH38SYAAAwBuUwKCQH3zgAAAAwB1GY4EQH33wIAAA
x-77-nzt-ray: af5856302ea7dac8e2e8916682326c1f
x-accel-expires: @1720839193
x-accel-date: 1720828401
x-77-cache: HIT
x-77-age: 9969
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710505
x-cache: HIT
x-age: 9969
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/images/close-icon-circle.png

185.76.9.25

200 OK

405 B

URL GET HTTP/1.1
s3t3d2y8.afcdn.net/images/close-icon-circle.png
IP
185.76.9.25:80
ASN
#60068 Datacamp Limited

Requested by
http://thevirgin.pw/

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Size
405 B (405 bytes)
Hash
bc8bf5d1633e548e9a178bf29be30b7b
bd290b6eabd73d2c95db053620797503e9178484
94f575abdb5c45476f9c2b62bbe06fbfacce9d25e95796ffcd07680bd7c6c0bb

HTTP Headers

GET /images/close-icon-circle.png HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 13 Jul 2024 02:39:32 GMT
Content-Type: image/png
Content-Length: 405
Connection: keep-alive
Last-Modified: Thu, 11 Jan 2024 11:39:45 GMT
ETag: "659fd381-195"
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
Expires: Sun, 12 Jan 2025 20:00:36 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
X-Robots-Tag: noindex, follow
X-77-NZT: EwwBuUwJFAH33uQQAAgBuUwKEwGBDAElE8IxAfciGN4A
X-77-NZT-Ray: af585630a3c109dfe4e891662bff1319
X-Accel-Expires: @1736712036
X-Accel-Date: 1719731206
X-77-Cache: HIT
X-77-Age: 1107166
Server: CDN77-Turbo
X-Accel-Date-Max: 1719731206
X-Cache: HIT
X-Age: 1107166
X-77-POP: stockholmSE
Accept-Ranges: bytes

thevirgin.pw/favicon.ico

62.197.49.67

404 Not Found

209 B

URL GET HTTP/1.1
thevirgin.pw/favicon.ico
IP
62.197.49.67:80
ASN
#58061 Scalaxy B.V.

Requested by
http://thevirgin.pw/

File type
HTML document, ASCII text, with no line terminators
Size
209 B (209 bytes)
Hash
8ace35f18ab1832bacfde13597767517
22e4ee51bbdba11b19a2d6879bc60126dc89eecd
f87134d32dc903f27ed9c905bfd824f31192dac9e05887b2dedbb1ca416d1280

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: thevirgin.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Cookie: 9a3bc=bm9yZWZ8fHwxfDB8MHxub25lfDA6; 9a3bcb=1720838293
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.22.0
Date: Sat, 13 Jul 2024 02:38:14 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

s.magsrv.com/splash.php?idzone=4838034&cookieconsent=true

95.211.229.248

200 OK

6.2 kB

URL GET HTTP/1.1
s.magsrv.com/splash.php?idzone=4838034&cookieconsent=true
IP
95.211.229.248:80
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
http://thevirgin.pw/

File type
XML document, ASCII text, with very long lines (6247), with no line terminators
Size
6.2 kB (6179 bytes)
Hash
dff3d0051df9f8858387a483803c8df1
58fe783238eb22a4cfaf518611c7ed841d8470d5
237f75f44b1e494f532aa63f946b1db7a4eab37c6c7a56740de9bc5810459993

HTTP Headers

GET /splash.php?idzone=4838034&cookieconsent=true HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://thevirgin.pw
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 13 Jul 2024 02:39:30 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: X-CH-VALUES
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226691e8e289cf39.775319012994108484%22%3B%7D; expires=Mon, 13 Jul 2026 02:39:30 GMT; path=; domain=.magsrv.com;
c-tag=%7B%22tag-video%22%3A%22v4%7C%7CNOR%7C4838034%7C82332900%7C0%7C%7C98%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C%7C%7C0%7Cthevirgin.pw%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1720838370%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C425a81e0b5aa637a34d8fea51643a6bf%7Cok%22%7D; expires=Sun, 14 Jul 2024 02:39:30 GMT; path=/; domain=.magsrv.com;
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: http://thevirgin.pw
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

a.magsrv.com/iframe.js?idzone=4838012&size=300x250

185.76.9.24

200 OK

2.3 kB

URL GET HTTP/2
a.magsrv.com/iframe.js?idzone=4838012&size=300x250
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
JavaScript source, ASCII text, with very long lines (2413), with no line terminators
Size
2.3 kB (2292 bytes)
Hash
2de27c55c243fb06964525117091e05b
f1f28e0adae103296ffd610cbdf9c5a7220a95d9
28cdb4d6978664806ec0f2d657f18f4f76b11311848f1019970c828e74d51edd

HTTP Headers

GET /iframe.js?idzone=4838012&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"a86791521569cc29518495534b5"
expires: Thu, 11 Jul 2024 17:52:44 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH38SYAAAwBuUwKCQH3zgAAAAwB1GY4EQH33wIAAA
x-77-nzt-ray: af5856302ea7dac8e2e891664c5fbc22
x-accel-expires: @1720839193
x-accel-date: 1720828401
x-77-cache: HIT
x-77-age: 9969
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710505
x-cache: HIT
x-age: 9969
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

a.magsrv.com/iframe.js?idzone=4838012&size=300x250

185.76.9.24

200 OK

2.3 kB

URL GET HTTP/2
a.magsrv.com/iframe.js?idzone=4838012&size=300x250
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://a.magsrv.com/iframe.php?idzone=4838012&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
JavaScript source, ASCII text, with very long lines (2413), with no line terminators
Size
2.3 kB (2292 bytes)
Hash
2de27c55c243fb06964525117091e05b
f1f28e0adae103296ffd610cbdf9c5a7220a95d9
28cdb4d6978664806ec0f2d657f18f4f76b11311848f1019970c828e74d51edd

HTTP Headers

GET /iframe.js?idzone=4838012&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a.magsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"a86791521569cc29518495534b5"
expires: Thu, 11 Jul 2024 17:52:44 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH38SYAAAwBuUwKCQH3zgAAAAwB1GY4EQH33wIAAA
x-77-nzt-ray: af5856302ea7dac8e2e89166af37c123
x-accel-expires: @1720839193
x-accel-date: 1720828401
x-77-cache: HIT
x-77-age: 9969
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710505
x-cache: HIT
x-age: 9969
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

a.magsrv.com/video-slider.js

185.76.9.24

200 OK

46 kB

URL GET HTTP/2
a.magsrv.com/video-slider.js
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
http://thevirgin.pw/
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
FingerprintE9:B1:06:11:C7:80:11:9F:62:6C:E8:AF:35:69:C6:21:29:87:60:51
ValidityTue, 30 Apr 2024 07:49:25 GMT - Mon, 29 Jul 2024 07:49:24 GMT

File type
JavaScript source, ASCII text, with very long lines (31701)
Size
46 kB (45757 bytes)
Hash
3f6b75fbd59723a6564e74a91ce3ddea
c59f2fe6bc1834557e544c2b787778597ee40e80
ea8030a37b36fb35f4055a90eedae594932e6caa9c037927aa9b861debf4e6aa

HTTP Headers

GET /video-slider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://thevirgin.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 13 Jul 2024 02:39:30 GMT
content-type: application/javascript
etag: W/"c59f2fe6bc1834557e544c2b787"
expires: Thu, 11 Jul 2024 17:51:23 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3XCcAAAwBuUwKCQH32AIAAAwBJRPCMQH3VQAAAA
x-77-nzt-ray: af5856302ea7dac8e2e89166253b680c
x-accel-expires: @1720839094
x-accel-date: 1720828294
x-77-cache: HIT
x-77-age: 10076
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720710296
x-cache: HIT
x-age: 10076
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (42)

URL