megalink.pw/rNtfae
172.67.204.111301 Moved Permanently 0 B IP 172.67.204.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /rNtfae HTTP/1.1
Host: megalink.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Sep 2022 06:37:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 07:37:37 GMT
Location: https://megalink.pw/rNtfae
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5TgBZfa%2B94desDqGBfIMuHIK9F3i2posnqoRVqEgIBBg0MBKuSYuOJnnScUxkdHUxoAtP9LZ22tHovZzi6kwvtlDZ%2FvEBve3e66iRKyzqnfUg33YFCJmhYwwfmzWw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 748e65574e56b511-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15789
Expires: Sun, 11 Sep 2022 11:00:47 GMT
Date: Sun, 11 Sep 2022 06:37:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 06:07:22 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PgUGKdVh2qx7Mgrf9NPRq55_ZyF5npL6C3kx4etcRNgBV7KMSjqMbA==
Age: 1816
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BeNEG0689dM5SFQ6lLA2e-KtQOILba3GYAsVVyjlEqMEWe36unBnfQ==
age: 84026
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 05:56:07 GMT
Expires: Sun, 11 Sep 2022 06:17:39 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HHDt5JzHjjK0Sje5phlJFTq7KGf_mn_7_wrh9Wg4KuSjazgm9N5jFQ==
Age: 2491
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 36fe04277220227ba5ecfe7d2ff1d9d9
2eb9f6560336248cc45c1cd66d87505b5ebdf5d4
94f8f2f8f3b67db18825ea48740ff0ce218d7156fe851d6b023ef43b6bee4f7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6063
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:38 GMT
Last-Modified: Sun, 11 Sep 2022 04:56:35 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
44.237.163.41101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.163.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8xXqDIzMBkRHGuNnJHbqdQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NCb0jj/VwrClY3E6G9rx6ie2hck=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cbc67e77bf08d8ad6d667d1c636fb4b1
ffc063109b154bc2b791d903c91cbb4f3108061a
9d43731c37f8d892e3678ba1f1d56584e548177898d353240b235059d3796afb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D43731C37F8D892E3678BA1F1D56584E548177898D353240B235059D3796AFB"
Last-Modified: Sat, 10 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11557
Expires: Sun, 11 Sep 2022 09:50:16 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive
moundgrandmotherel.com/5c/38/51/5c3851391068a309eed36b1eec6217ca.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 moundgrandmotherel.com/5c/38/51/5c3851391068a309eed36b1eec6217ca.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37127), with no line terminators
Hash d0b424d4039cee8e3e8c6b11158ffea0
c57102d0ca8680a263f7acc66e62736e46972a00
47a3a347de9b6282c006d80fb9edcf37be4ae52a5502295ed719aaf9e8ea8363
GET /5c/38/51/5c3851391068a309eed36b1eec6217ca.js HTTP/1.1
Host: moundgrandmotherel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 11 Sep 2022 06:37:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f33c3e84ab2867b740c9897b0e27b11a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 40d316dc75a2f4f74dfdeceef1cd31d9
5554d0aacb124fc34b7810d53967cecdf701be3d
c28c8d0fde1e99e09fa20e0dead1af0241821ce8b43668e1a5cba54f496f2dd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C28C8D0FDE1E99E09FA20E0DEAD1AF0241821CE8B43668E1A5CBA54F496F2DD6"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1595
Expires: Sun, 11 Sep 2022 07:04:14 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
moundgrandmotherel.com/be25a95aa25af499fcbe3767f5a57a66/invoke.js
192.243.59.20200 OK 9.8 kB URL HTTP/1.1 moundgrandmotherel.com/be25a95aa25af499fcbe3767f5a57a66/invoke.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 143b22836ff4b1fa91a94e45474dce86
9efb55435860e9796d4256c96d00d0d861ad0a53
6133709751d4aa136914f02e8ec489f534808b386061e6e472476f18c0d1ec18
GET /be25a95aa25af499fcbe3767f5a57a66/invoke.js HTTP/1.1
Host: moundgrandmotherel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 11 Sep 2022 06:37:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 35e541f605c6a1ead4ca2180a0ef49a8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:10:21 GMT
expires: Wed, 06 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 394038
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a2349084590878b4d1086644ab3990a1
ea14e6188f8bbbe32a6d9f125322d4959ee06364
e4861bf5c385cf5ec5bddfffeb5bba940a1b90cf43b9ae74faf744a774ec300b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4861BF5C385CF5EC5BDDFFFEB5BBA940A1B90CF43B9AE74FAF744A774EC300B"
Last-Modified: Sat, 10 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11232
Expires: Sun, 11 Sep 2022 09:44:51 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23236, version 1.0\012- data
Hash 716309aab2bca045f9627f63ad79d0bf
38804233a29aaf975d557fe14e762c627bef76e0
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
GET /s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:17:25 GMT
expires: Wed, 06 Sep 2023 17:17:25 GMT
cache-control: public, max-age=31536000
age: 393614
last-modified: Tue, 26 Apr 2022 16:04:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:10:21 GMT
expires: Wed, 06 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 394038
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:15:31 GMT
expires: Wed, 06 Sep 2023 17:15:31 GMT
cache-control: public, max-age=31536000
age: 393728
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16cf00d369e24bcc42b4c23e244b375a
f656b94028e318328a7abb8872fdc9fd101441c9
c8234c29a40c4f976a9dd5a04b973533732bf3f3e791dfc579e9ae145d5977ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8234C29A40C4F976A9DD5A04B973533732BF3F3E791DFC579E9AE145D5977EC"
Last-Modified: Thu, 08 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17381
Expires: Sun, 11 Sep 2022 11:27:20 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2b0f78433df0c139945076ce3f7776b7
d2f6f40bc2045ffdbd1be1e55c02a91831bbacda
f405cb0d4d718252e4ce9ebffc148d3ad4f41cedbb92c40e4c594aab026acee0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F405CB0D4D718252E4CE9EBFFC148D3AD4F41CEDBB92C40E4C594AAB026ACEE0"
Last-Modified: Sat, 10 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7742
Expires: Sun, 11 Sep 2022 08:46:41 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 281 B IP 104.18.32.68:0
Hash f4bcbc6206dff24a91fa517e746c90a0
056bbe74180f46aba870c1e675d518c1c8143fba
cd68ab97526b228a4683f7ce006ac22be04df2e705aaca892a1eaae1203e59a7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:39 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 21:53:51 GMT
Expires: Fri, 16 Sep 2022 21:53:50 GMT
Etag: "056bbe74180f46aba870c1e675d518c1c8143fba"
Cache-Control: max-age=486370,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748e6564196bb4f3-OSL
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash baef0fa614bc20db5a714f7fbbb9f92e
d48d82e119e533b74d79286b5324ea5c4fdb1d78
c26f4b84732df6359f7caa0227f99100edaaf5ffa0f2a4a267d5931aaf7c2b9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C26F4B84732DF6359F7CAA0227F99100EDAAF5FFA0F2A4A267D5931AAF7C2B9F"
Last-Modified: Sat, 10 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6476
Expires: Sun, 11 Sep 2022 08:25:35 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 5ada5a3460ccb735aad6c923c1abfb02
105c3e13eac9750088629e1c200794b102c48e4d
503713d1d8dfca76a5efc81db761b240cee2fd8d832225be9f00efe6332dccc4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 06:37:39 GMT
Last-Modified: Sun, 11 Sep 2022 06:13:54 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DpcvYqe0ix6IDINliZKRBhgSiQ3OpKgebY6fpuiWfuOyY3-pKyHViQ==
Age: 1425
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash 22c77a195bc41b7267a02ad4f5262366
1be704b2c4873a0f32a8f1ac01f83779a2762c0b
85f44c89bdcc1bf8517d250e5eb84fcd39d71826878707e06d086ee74af8d8ad
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
set-cookie: uid_id2=92c67ce9-d647-43aa-b5a5-a3abef616f53:1:1; expires=Wed, 08 Sep 2032 06:37:39 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
content-length: 0
x-trace-id: fb4d7ee0fe3becd32efec502df399251
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 5ada5a3460ccb735aad6c923c1abfb02
105c3e13eac9750088629e1c200794b102c48e4d
503713d1d8dfca76a5efc81db761b240cee2fd8d832225be9f00efe6332dccc4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 06:37:39 GMT
Last-Modified: Sun, 11 Sep 2022 05:25:44 GMT
Server: ECS (nyb/1D0B)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ttXxPubtP0b7h76ZaUPnu0ZQrVYz_gzdJhzYg6RSRjERNGuMykU7_A==
Age: 4315
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash 7f0afc29c3a012292f231f29bad2b7a8
26ea71c04c330b67b50c50185f3af3f05f903ef7
5c0549d9b4b4650692c2ff5fda5dcec456c05c216120e9e3ccd4b79a18b73e36
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
set-cookie: uid_id2=d35daabf-5776-46d2-831a-b6886691c9a4:3:1; expires=Wed, 08 Sep 2032 06:37:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10955
Expires: Sun, 11 Sep 2022 09:40:15 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Lato:300,400,700,900
142.250.74.10200 OK 26 kB URL HTTP/2 fonts.googleapis.com/css?family=Lato:300,400,700,900
IP 142.250.74.10:0
Hash 0cd0e601d96a3c3ca28f268608e74c5f
03bdee19528554818fa9cf3f8d375a0fc7181e3b
c2baa5cd85690ce250bc47b874108d9b91af73ee5291dc95339a843b3de87ae5
GET /css?family=Lato:300,400,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Sep 2022 06:37:38 GMT
date: Sun, 11 Sep 2022 06:37:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10955
Expires: Sun, 11 Sep 2022 09:40:15 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10955
Expires: Sun, 11 Sep 2022 09:40:15 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12666d69f9af3ceb23fdfc2100bd3226
c4d17e3ea44ef6dee9819c1586424e5f056f149c
054236a4d1f88a486f48b8f3a8ac01d21ec2179d5b1f3fc9791d0982d07a88a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5752
x-amzn-requestid: 622ffff0-1bd5-4eb4-a9ff-eb54c5ae44a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBrqiFiToAMF0tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f310-49efdcc572b4fad3543f857d;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:13:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VKsU4S6tKOso216JLUWn7b1bKDyfruIVukt98JooNCjwaXDT9bkPYQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:44:02 GMT
age: 32018
etag: "c4d17e3ea44ef6dee9819c1586424e5f056f149c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10955
Expires: Sun, 11 Sep 2022 09:40:15 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7a9494e-0e8b-451b-806d-72da68860cab.jpeg
34.120.237.76200 OK 17 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7a9494e-0e8b-451b-806d-72da68860cab.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c65d6ae04a64d9d01439fb4fca3f017
5ce0bc5b075b97639453d67d4f3cea61289b7698
eb48687a5974542d11882f854a86ff083528957b0fbc61c797167d8f04e0ffa9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7a9494e-0e8b-451b-806d-72da68860cab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16983
x-amzn-requestid: adf7a560-2f6c-41ba-97b2-860515511e5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YH-CxFp-oAMF9yg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631976de-5f4efe0a705012957cf8bbd4;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 05:00:14 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: uoEqiA2HIn5Nbw3RBIqKrCguG-0mLFNBtkB-r3RMitCoJE3fX6wq4w==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 05:27:48 GMT
age: 4192
etag: "5ce0bc5b075b97639453d67d4f3cea61289b7698"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234d0658-5bd0-4cc9-a828-3300a0005951.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234d0658-5bd0-4cc9-a828-3300a0005951.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash de6622cfd812509b317913e1a5e9cfc8
84e4a39c92ab111cc1072f898990cea6b05da6cf
6d41b564c2e15215d05ba74ba2ae08abf74f6aef9e58e808d31afc6d1ba123af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234d0658-5bd0-4cc9-a828-3300a0005951.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9319
x-amzn-requestid: 44d731e9-1da0-4ad0-9fbb-1b170fac3bf0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XnTxaFtpIAMFWAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c666f-2e155359546dae806f6dbfe2;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 07:10:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: a4f99UhuEWfzdGyMv22TnGq98xCUpM1at-u8BNxNrDUSNC4yfHLHVw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 32226
etag: "84e4a39c92ab111cc1072f898990cea6b05da6cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fea5dfc4a6a5093fd81899ee4a79d446
c893d7475856809a59486e0bcebd6d662d1fc56f
915fb97690be97d97cb298fc60ceb4cf7c3ed8fb437836beb2d590a8e238363c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7017
x-amzn-requestid: df5e57d7-e54c-4b5a-aa1b-a9aee889842e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_Et0oAMFSjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-50d15bba03579a935342e22f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LsqH-LbjMGWrhYB93Qkvq2qVhqNs-3MWgrrOFzC8qPcY3fF5ujSD_g==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:54:44 GMT
age: 31376
etag: "c893d7475856809a59486e0bcebd6d662d1fc56f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mNvNO0HJjZ1zwPKcjfqiVOnCL0CYXc8BPDSFbV6MXVW71IVt-2K3mQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:54 GMT
age: 31846
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ad.a-ads.com/1959918?size=320x100
213.239.209.209200 OK 11 kB URL HTTP/2 ad.a-ads.com/1959918?size=320x100
IP 213.239.209.209:0
ASN #24940 Hetzner Online GmbH
Hash 52d591bb0a8b77ff018e15362ba36780
7b8d3571e7cdd1f26533b8444f283dce50656779
274b783b77660ac7c9dea7bbfdbc0b607d2eba0db2999f9e47ef2d8cec446440
GET /1959918?size=320x100 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megalink.pw/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings
139.45.197.251200 OK 693 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (692)
Hash 72481a223a98b912ed0ce00820703df6
0d235897166143bb8a7cd2a8adff4b1078f22ca8
bce31b58adc15232d970f17c259f2eeaaed78a775053644a4b13cdc36e7706a4
GET /zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 6e763fc136a0faa697cfaccc0ce93fe5
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
static.a-ads.com/a-ads-banners/402060/320x100?region=eu-central-1
213.239.209.209200 OK 64 kB URL HTTP/2 static.a-ads.com/a-ads-banners/402060/320x100?region=eu-central-1
IP 213.239.209.209:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 320 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash c5d91f9d5e928ea39ab56a508637f531
d1f4fa901029feab781149c11040637e0d5830b0
d978bd7d26a67cc7df9894f8ebfa65e1dd85ffbcabc2e20a52b9662977e41816
GET /a-ads-banners/402060/320x100?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: image/png
content-length: 64235
x-amz-id-2: kCc4w1c9dnghPHEWNghZL8IKh5MoDfB97aXWT1jLEORBuoQcvFfMjpouHhji/EY3BUADHYHc1ws=
x-amz-request-id: 3E7FTRNFS5AKJQ0Z
x-amz-replication-status: COMPLETED
last-modified: Tue, 12 Jul 2022 11:33:36 GMT
etag: "c5d91f9d5e928ea39ab56a508637f531"
cache-control: max-age=315360000
x-amz-version-id: hqiIKL1mtUhyzYTnOmRYIO_6O8pp7MYs
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f789ec2f115b0eea7d015fd5b8dc48b5
67b3062db0bce51f965e34673a270a614f92a561
7fadce366cd829219a6788dbadcd8b53e4256fd97b8cf2cbd5805442e4dae670
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7FADCE366CD829219A6788DBADCD8B53E4256FD97B8CF2CBD5805442E4DAE670"
Last-Modified: Fri, 09 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13862
Expires: Sun, 11 Sep 2022 10:28:42 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=387459,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748e65675cc9b4f3-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=387459,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748e65679ae00b06-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash a9bae7771c9f230371c80ecf8f21872c
d7d7fa3f6c43a56eff4842b31be7a361599b5b83
b34b4e1e7dee29167a99f9209ccdef85b66259541f449632ea382865ff9befc2
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d7b5f1abdfc7d4825b08e72547a15eed
a2058a4d78d7202f0b12be9cc8bbf24045c5b235
da58b3cd5de013f45b0175190286eb420e661c09062d9987e2d5050036f56d29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA58B3CD5DE013F45B0175190286EB420E661C09062D9987E2D5050036F56D29"
Last-Modified: Sat, 10 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14646
Expires: Sun, 11 Sep 2022 10:41:46 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a3eece998ad4c67578e3ae9e0b3bf414
e663a73e47fdb1669e10ae42c314cdd53f1ea98f
7b201df703d754c1d247eff3a7594550fcb1618a79a128bb01571aa868bc9bfe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B201DF703D754C1D247EFF3A7594550FCB1618A79A128BB01571AA868BC9BFE"
Last-Modified: Sun, 11 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17576
Expires: Sun, 11 Sep 2022 11:30:36 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 88a5e0113fe9cf73ccb33121ca03d5b6
d98e5cf07e9092b39c45781ae05761a3d3e251e9
610fbbf227e0a06bba04e9e947e412ce1fb2537e30009d31771a71fbe429d9e7
GET /gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ffa15a22252949d8b2e21f78b594c9af; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 431bccffdaad5a26e75e6dd4f8b1abaa
e4b0ac57e7c2d6d00e508cd99231b0f8d58942af
d2b9c8db43c744d36bc73630962238d7fb9017730f8ef8df9b6af1913b08cf35
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:40 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 12:52:23 GMT
Expires: Thu, 15 Sep 2022 12:52:22 GMT
Etag: "e4b0ac57e7c2d6d00e508cd99231b0f8d58942af"
Cache-Control: max-age=367481,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748e6567ed57b4f3-OSL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: text/plain;charset=UTF-8
Origin: https://megalink.pw
Content-Length: 1998
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 11 Sep 2022 06:37:52 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
pseepsie.com/pfe/current/tag.min.js?z=4938390
139.45.197.250200 OK 6.1 kB URL HTTP/2 pseepsie.com/pfe/current/tag.min.js?z=4938390
IP 139.45.197.250:0
File type C source, ASCII text, with very long lines (14904), with no line terminators
Hash 8ba24e254e8cf4c30030be76cab3f59b
4862a4dadd99c622472827dc2cd445de99c3a08d
b1811da0aa9baab3b0393d89b9a36102334959e155e80c35043a024db6e347d1
GET /pfe/current/tag.min.js?z=4938390 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-3a38"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/42/38?z=4938389
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=4938389
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /42/38?z=4938389 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=acbc7162b31f4e7abf6fba8849d68469; oaidts=1662878260
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 64532444a6566fa8c843c79126b2b6f4
access-control-expose-headers: X-Sc
set-cookie: OAID=acbc7162b31f4e7abf6fba8849d68469; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ffff34c63921d13aa54cd91e3ec4e8c1
0c97e2456815735a69f5ba388e74f7f693aaee0d
7141212b147e753b73ed80dde317941bd35ef26637700918bc36ce22e08109ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7141212B147E753B73ED80DDE317941BD35EF26637700918BC36CE22E08109FF"
Last-Modified: Fri, 09 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17604
Expires: Sun, 11 Sep 2022 11:31:04 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 31d6fae447f2fe566c6a9a70e588825d
6248b5a173a856178cdfdd5ee4c717d207626675
cf01dbfc60ce075d1d9e1febfdd66b628ab3dcaddeb5f3c5e362e82203cb59a9
GET /zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 9e93f0b7641786cc9bbf55a23425f383
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/universal.min.js?v=3.1.392
139.45.197.250304 Not Modified 0 B URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.392
IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pfe/current/universal.min.js?v=3.1.392 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 05 Sep 2022 12:32:41 GMT
If-None-Match: W/"6315ec69-20481"
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: "6315ec69-20481"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 31d6fae447f2fe566c6a9a70e588825d
6248b5a173a856178cdfdd5ee4c717d207626675
cf01dbfc60ce075d1d9e1febfdd66b628ab3dcaddeb5f3c5e362e82203cb59a9
GET /zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 26582d6091f6901d8e642a109b60bd33
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
glizauvo.net/500/5293711?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 0 B URL HTTP/2 glizauvo.net/500/5293711?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5293711?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
eehuzaih.com/500/4943451?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 eehuzaih.com/500/4943451?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4943451?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
oaphoace.net/500/5293715?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 oaphoace.net/500/5293715?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5293715?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3ee1f861bc3271c7648d939f3dab2111
b419129bb6596e6954d867eedccff208eaf4a70c
b7ab0757be22eff55a38052ae741fc087ad317a904393010e7a529493b4317e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7AB0757BE22EFF55A38052AE741FC087AD317A904393010E7A529493B4317E4"
Last-Modified: Fri, 09 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6591
Expires: Sun, 11 Sep 2022 08:27:31 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3707e0761fcdc45fc6862d76cfc42ec1
f2e571473c3bbec4db1a9c7e30a2bbff550270a7
2d202b32d453153ecba07114225f07b281c8a69616533a8378a9983a6b24e303
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D202B32D453153ECBA07114225F07B281C8A69616533A8378A9983A6B24E303"
Last-Modified: Thu, 08 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7649
Expires: Sun, 11 Sep 2022 08:45:09 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive
eehuzaih.com/500/4943451?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 1.1 kB URL HTTP/2 eehuzaih.com/500/4943451?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1417), with no line terminators
Hash bf92884c33eb6369a109955ec49a3127
6eb67d0e1cfdc9ecb985fa34ce2025802b3ef4d9
1809256401de9f5b3f98fc89df8a011280fed8ded507e54649e86f2a08033e66
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4943451?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=37a17dafc2824bc9a06c49730da38532
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/javascript
x-trace-id: 6c0ef375c449b7ccc849b9706b169c35
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
perryvolleyball.com/watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1
192.243.59.13307 Temporary Redirect 0 B URL HTTP/1.1 perryvolleyball.com/watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1 HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sun, 11 Sep 2022 06:37:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://megalink.pw
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Credentials: true
Location: https://perryvolleyball.com/watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1&shu=562db793cbb3eef1b33d2cf5f24da55a4d98e646445a26ae849ede2a595a71d7decd5172fca0f7639b9e92ea3f768f361397d3e391ced196ba830ece2ffd8427b2cb020816cbbca6ee72675b51a05efef24d1c&pst=1662878320&rmtc=t
Set-Cookie: u_pl=17013292; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzAxMzI5MiwiayI6ImJlMjVhOTVhYTI1YWY0OTlmY2JlMzc2N2Y1YTU3YTY2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzkwODYxLCJwaWQiOjI3MDI4NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNCwiYWlkIjoyNywicHQiOjQsInBrIjoiZ3V4M3l4dnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVnYWxpbmsucHcvck50ZmFlIn19.axNZ0TFo3Q_En7zFjnxwYSs-v3h_NtOIRACZ0tJJ4pk; expires=Sun, 11 Sep 2022 06:38:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bb9f874862e09f7390ff41f0f364eec9
Strict-Transport-Security: max-age=0; includeSubdomains
dozubatan.com/500/4938388?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4938388?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4938388?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
phosphatepossible.com/sbar.json?key=5c3851391068a309eed36b1eec6217ca
173.233.137.52200 OK 4.0 kB URL HTTP/1.1 phosphatepossible.com/sbar.json?key=5c3851391068a309eed36b1eec6217ca
IP 173.233.137.52:0
File type JSON data\012- , ASCII text, with very long lines (5554), with no line terminators
Hash 0cc2c497ae0ca5768326c58e4cdfd925
76c4c8323ad793762d66a1c5b3febaa73ebbe507
bedec4da4487061bcf55a67cb5f3cfd4e623926ad004fc69930edcef199cd46a
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=5c3851391068a309eed36b1eec6217ca HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:40 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://megalink.pw
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17013269; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None
uncs=1; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None
slec5c3851391068a309eed36b1eec6217ca=[3364902]; expires=Sun, 11 Sep 2022 06:37:45 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8d76cbe747d0a691488a108608fb9d5b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
perryvolleyball.com/watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1&shu=562db793cbb3eef1b33d2cf5f24da55a4d98e646445a26ae849ede2a595a71d7decd5172fca0f7639b9e92ea3f768f361397d3e391ced196ba830ece2ffd8427b2cb020816cbbca6ee72675b51a05efef24d1c&pst=1662878320&rmtc=t
192.243.59.13200 OK 2.1 kB URL HTTP/1.1 perryvolleyball.com/watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1&shu=562db793cbb3eef1b33d2cf5f24da55a4d98e646445a26ae849ede2a595a71d7decd5172fca0f7639b9e92ea3f768f361397d3e391ced196ba830ece2ffd8427b2cb020816cbbca6ee72675b51a05efef24d1c&pst=1662878320&rmtc=t
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (2601)
Hash d7bf19afa98a9b1271fdf35a66faaf72
d87e4b555c1a374c2b3365c65604ad7fa32394ac
0378a76e48e876a65e53cc83f0287136c5e07577383ab4b22e4fe8e57746b2ff
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1&shu=562db793cbb3eef1b33d2cf5f24da55a4d98e646445a26ae849ede2a595a71d7decd5172fca0f7639b9e92ea3f768f361397d3e391ced196ba830ece2ffd8427b2cb020816cbbca6ee72675b51a05efef24d1c&pst=1662878320&rmtc=t HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Referer: https://megalink.pw/
Connection: keep-alive
Cookie: u_pl=17013292; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzAxMzI5MiwiayI6ImJlMjVhOTVhYTI1YWY0OTlmY2JlMzc2N2Y1YTU3YTY2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzkwODYxLCJwaWQiOjI3MDI4NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNCwiYWlkIjoyNywicHQiOjQsInBrIjoiZ3V4M3l4dnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVnYWxpbmsucHcvck50ZmFlIn19.axNZ0TFo3Q_En7zFjnxwYSs-v3h_NtOIRACZ0tJJ4pk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 11 Sep 2022 06:37:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://megalink.pw
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d35daabf-5776-46d2-831a-b6886691c9a4:3:1; expires=Sun, 18 Sep 2022 06:37:41 GMT; secure; SameSite=None
iprca82575d9cc0ea673a847326914bb31bb=3569807; expires=Sun, 11 Sep 2022 10:37:41 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 12 Sep 2022 06:37:41 GMT; secure; SameSite=None
uncs=1; expires=Mon, 12 Sep 2022 06:37:41 GMT; secure; SameSite=None
pdhtkv27=true; expires=Mon, 12 Sep 2022 06:37:41 GMT; secure; SameSite=None
uncs27=1; expires=Mon, 12 Sep 2022 06:37:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4e06b142cb2d367dfdac43af786b8170
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 948acca30381a2178ac8673c9399431a
55d6a2433c134aedf598159742c34756e47e5894
5b5317cd9ddf0e1c710aa8c54d360d4fbfa7fcaaa6c704a068a08f34fa223b05
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6133
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:41 GMT
Last-Modified: Sun, 11 Sep 2022 04:55:28 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280
pseepsie.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
104.22.32.172200 OK 66 kB URL HTTP/2 offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
IP 104.22.32.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 3d08aacb36c7474e0d13b60f8f4adc14
e4af2de372b5e3a2211579a5973ef7ed160e7be4
54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c
GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:41 GMT
content-type: image/png
content-length: 66121
last-modified: Mon, 12 Oct 2020 05:50:58 GMT
etag: "5f83eec2-10249"
expires: Sun, 11 Sep 2022 12:30:54 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 65207
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e656c1b020d3e-ARN
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 365
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 02806e079f74783e87e1162843beaeef
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tovanillitechan.com/11?rnd=2875222327&z=4938389&b=14170811&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=319
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/11?rnd=2875222327&z=4938389&b=14170811&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=319
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=2875222327&z=4938389&b=14170811&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=319 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; oaidts=1662878260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: fd4ee4b79859d33ebd4ffcd1a9a4298c
access-control-expose-headers: X-Sc
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:41 GMT; secure; SameSite=None
oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
tovanillitechan.com/121?rnd=307997228&z=4938389&b=14170811&c=5908031&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&bag=WTDpa5LbPNp_QJZCOXRSRPShLn18N4_b&ruid=c76f09c3-9347-49f9-933e-4db612908674
139.45.197.239302 Found 0 B URL HTTP/2 tovanillitechan.com/121?rnd=307997228&z=4938389&b=14170811&c=5908031&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&bag=WTDpa5LbPNp_QJZCOXRSRPShLn18N4_b&ruid=c76f09c3-9347-49f9-933e-4db612908674
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /121?rnd=307997228&z=4938389&b=14170811&c=5908031&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&bag=WTDpa5LbPNp_QJZCOXRSRPShLn18N4_b&ruid=c76f09c3-9347-49f9-933e-4db612908674 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; oaidts=1662878260
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 0
location: https://mediasama.com/starharem/01/s/index_rt.html
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: e3f205817a749e87f1a7b52b0cfb1e74
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
104.22.32.172200 OK 76 kB URL HTTP/2 offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
IP 104.22.32.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a563edd673308b2cd8cc1ec9c0543417
bff09cb9d8c3dadb244db8d24b6f58b8dfab6469
bbd22caad95af25c9ccf019fe7499c74743b7ef4eaceeffe0781c3f64f054b0c
GET /www/images/a563edd673308b2cd8cc1ec9c0543417.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:41 GMT
content-type: image/png
content-length: 76281
last-modified: Tue, 07 Jun 2022 21:58:32 GMT
etag: "629fca08-129f9"
expires: Sun, 11 Sep 2022 22:09:32 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 30489
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e656d2c060d3e-ARN
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a1543fa75949583b4223a1d3f0f8b937
fe06a05582a0cdc1cde39f17fac440a1d43495ab
46fa93a75d4bb081e5f0e3c098d97e5b9364364d29f6b1c814ae582dc675c110
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46FA93A75D4BB081E5F0E3C098D97E5B9364364D29F6B1C814AE582DC675C110"
Last-Modified: Fri, 09 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17743
Expires: Sun, 11 Sep 2022 11:33:24 GMT
Date: Sun, 11 Sep 2022 06:37:41 GMT
Connection: keep-alive
phosphatepossible.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bxRfHZ5scftLvBCoHQAWLAwIJObteZ23TQ0UJQRFpUxoQvcHszNgZPLuzmtnxOjlFrUC5IJkrp83XSaPSCoHElQo5lXqIQOpyyoH8DwipJw7IboThSav33n6%2Fh897b77cd2fEh6OnK9f0jlSKLi3X%2Fdobt4Lgcm1dpm5YG7ajT6Pm5ZoZvN2J6v6btfcF6%2Bulhh%2F4fuAHtVVpRFcPl6YiZPagE9Q7fr3ZqAfLTQzNf3vrPFjqgQ%2FOyPOQvFp85F2EZBOkyfcrwvZznb31XuIUzbXBgB99nPZTXaRI5mXXeOimR%2BduaPtk9SF0ejjDhR78Y4xlRbzHDxGnR%2BeQiAcHM85YQaSI%2Bf9RDCYQagJJJ2D6DiR%2FQgDGcX0DaXL3ujYF3X6m0qlakcWnf0IWFVn8%2FSLS5LurSg5rm1q5XOrUYtgtIYcTyN4EmTtGvnMBsjgGy29D8l%2FJ0tN1pMnBhlUakpez2aWcQHYnUGIEaj246Sc9uK4Hl3lI%2BGmNBUHQ8jmjfrvDWMhbIo64H9BWN6CBH7Xh2BRvhDwbgakRmNlFZnbRlyMY9zPsVgnLPdi8It6HuxjwEoUgKCxBQQkKSVDkBMWgPOTKNmx5lyvr4uA8N85zWI513tunhzrviZTsZ2fkuelevIVvXkBfnNaWWdheDsLOlIqGfkcIHkZxIASLGkGLUVhZQtoLs1F3ZEVe3vwKmazI4qu%2FIKbHsOoYTL4G6i6BFuNWwwfdGjfbPnbS%2B4noUSXTfj0rwHWJLF9Evu3tqzPy4uw84a3XIdjJlc%2Fia9Uf9%2F4CMyUyU%2BJz%2BYigp%2FbGN3VBDm7qwpIfNrJcJnKHTk%2B3mdNcLHz7gdgutOFrK3Z07x02Fablg4%2BEzddpymXas%2BT%2BVcm5MKvaMEF%2BWrOfiPiGs1tXnUldtn7j3dW1JDPCWqnTCaisCHl8AiYr8r8fD2ev8qUv9iDNBMaVSNwJOQ9IfQyW7cJmc36rF2DU3BNnHgpXjk0jnv9UkkCJeU%2FjEvZffTyv9%2B0eeuYV0PwO0qTEwJQYqBJUjWDdwjjPzMmV38JZIFbeOFbGO4iVUV8%2FW66Vp7VWGPo06iwHrRYVrbjZaHejgFPaaEaNKKIhcluxS7ebfwMAAP%2F%2FAQAA%2F%2F9h5%2FZdYAQAAA%3D%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 phosphatepossible.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bxRfHZ5scftLvBCoHQAWLAwIJObteZ23TQ0UJQRFpUxoQvcHszNgZPLuzmtnxOjlFrUC5IJkrp83XSaPSCoHElQo5lXqIQOpyyoH8DwipJw7IboThSav33n6%2Fh897b77cd2fEh6OnK9f0jlSKLi3X%2Fdobt4Lgcm1dpm5YG7ajT6Pm5ZoZvN2J6v6btfcF6%2Bulhh%2F4fuAHtVVpRFcPl6YiZPagE9Q7fr3ZqAfLTQzNf3vrPFjqgQ%2FOyPOQvFp85F2EZBOkyfcrwvZznb31XuIUzbXBgB99nPZTXaRI5mXXeOimR%2BduaPtk9SF0ejjDhR78Y4xlRbzHDxGnR%2BeQiAcHM85YQaSI%2Bf9RDCYQagJJJ2D6DiR%2FQgDGcX0DaXL3ujYF3X6m0qlakcWnf0IWFVn8%2FSLS5LurSg5rm1q5XOrUYtgtIYcTyN4EmTtGvnMBsjgGy29D8l%2FJ0tN1pMnBhlUakpez2aWcQHYnUGIEaj246Sc9uK4Hl3lI%2BGmNBUHQ8jmjfrvDWMhbIo64H9BWN6CBH7Xh2BRvhDwbgakRmNlFZnbRlyMY9zPsVgnLPdi8It6HuxjwEoUgKCxBQQkKSVDkBMWgPOTKNmx5lyvr4uA8N85zWI513tunhzrviZTsZ2fkuelevIVvXkBfnNaWWdheDsLOlIqGfkcIHkZxIASLGkGLUVhZQtoLs1F3ZEVe3vwKmazI4qu%2FIKbHsOoYTL4G6i6BFuNWwwfdGjfbPnbS%2B4noUSXTfj0rwHWJLF9Evu3tqzPy4uw84a3XIdjJlc%2Fia9Uf9%2F4CMyUyU%2BJz%2BYigp%2FbGN3VBDm7qwpIfNrJcJnKHTk%2B3mdNcLHz7gdgutOFrK3Z07x02Fablg4%2BEzddpymXas%2BT%2BVcm5MKvaMEF%2BWrOfiPiGs1tXnUldtn7j3dW1JDPCWqnTCaisCHl8AiYr8r8fD2ev8qUv9iDNBMaVSNwJOQ9IfQyW7cJmc36rF2DU3BNnHgpXjk0jnv9UkkCJeU%2FjEvZffTyv9%2B0eeuYV0PwO0qTEwJQYqBJUjWDdwjjPzMmV38JZIFbeOFbGO4iVUV8%2FW66Vp7VWGPo06iwHrRYVrbjZaHejgFPaaEaNKKIhcluxS7ebfwMAAP%2F%2FAQAA%2F%2F9h5%2FZdYAQAAA%3D%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bxRfHZ5scftLvBCoHQAWLAwIJObteZ23TQ0UJQRFpUxoQvcHszNgZPLuzmtnxOjlFrUC5IJkrp83XSaPSCoHElQo5lXqIQOpyyoH8DwipJw7IboThSav33n6%2Fh897b77cd2fEh6OnK9f0jlSKLi3X%2Fdobt4Lgcm1dpm5YG7ajT6Pm5ZoZvN2J6v6btfcF6%2Bulhh%2F4fuAHtVVpRFcPl6YiZPagE9Q7fr3ZqAfLTQzNf3vrPFjqgQ%2FOyPOQvFp85F2EZBOkyfcrwvZznb31XuIUzbXBgB99nPZTXaRI5mXXeOimR%2BduaPtk9SF0ejjDhR78Y4xlRbzHDxGnR%2BeQiAcHM85YQaSI%2Bf9RDCYQagJJJ2D6DiR%2FQgDGcX0DaXL3ujYF3X6m0qlakcWnf0IWFVn8%2FSLS5LurSg5rm1q5XOrUYtgtIYcTyN4EmTtGvnMBsjgGy29D8l%2FJ0tN1pMnBhlUakpez2aWcQHYnUGIEaj246Sc9uK4Hl3lI%2BGmNBUHQ8jmjfrvDWMhbIo64H9BWN6CBH7Xh2BRvhDwbgakRmNlFZnbRlyMY9zPsVgnLPdi8It6HuxjwEoUgKCxBQQkKSVDkBMWgPOTKNmx5lyvr4uA8N85zWI513tunhzrviZTsZ2fkuelevIVvXkBfnNaWWdheDsLOlIqGfkcIHkZxIASLGkGLUVhZQtoLs1F3ZEVe3vwKmazI4qu%2FIKbHsOoYTL4G6i6BFuNWwwfdGjfbPnbS%2B4noUSXTfj0rwHWJLF9Evu3tqzPy4uw84a3XIdjJlc%2Fia9Uf9%2F4CMyUyU%2BJz%2BYigp%2FbGN3VBDm7qwpIfNrJcJnKHTk%2B3mdNcLHz7gdgutOFrK3Z07x02Fablg4%2BEzddpymXas%2BT%2BVcm5MKvaMEF%2BWrOfiPiGs1tXnUldtn7j3dW1JDPCWqnTCaisCHl8AiYr8r8fD2ev8qUv9iDNBMaVSNwJOQ9IfQyW7cJmc36rF2DU3BNnHgpXjk0jnv9UkkCJeU%2FjEvZffTyv9%2B0eeuYV0PwO0qTEwJQYqBJUjWDdwjjPzMmV38JZIFbeOFbGO4iVUV8%2FW66Vp7VWGPo06iwHrRYVrbjZaHejgFPaaEaNKKIhcluxS7ebfwMAAP%2F%2FAQAA%2F%2F9h5%2FZdYAQAAA%3D%3D HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 93433343bb803cf0df498ee3d23714b0
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png
45.133.44.10200 OK 67 kB URL HTTP/2 cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash a98b4585db1c6db06d6857c73bb75fcb
02a896b08a79e873b2dd26200ee1f0665dc1c80a
fc08e863ffafe25aa63fe8b60c2d5135fc5f52caf0abae4da3f1a90e0f8ed96c
GET /cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:41 GMT
content-type: image/png
content-length: 67174
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:43 GMT
etag: "62e11c7f-10666"
expires: Tue, 13 Sep 2022 06:37:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 51ac63e78394a2aee62bfebab43a1173
31d610f11b9608fccee7796817122e5aafe732ec
72091528600d4a22313af10af5adc9b58f612f12232f7d83f905021eab0a05ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72091528600D4A22313AF10AF5ADC9B58F612F12232F7D83F905021EAB0A05FF"
Last-Modified: Fri, 09 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12994
Expires: Sun, 11 Sep 2022 10:14:15 GMT
Date: Sun, 11 Sep 2022 06:37:41 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 519 B IP 142.250.74.3:0
Hash cacabcf7e13d6a02c783ca3bdbd0974b
df80b678957f25a12910218b15c79a0c9042a65d
3e7c5193b78f421cc629cd262d74e4c7d8703ca80905026c1b72e2819d308cc5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
142.250.74.131200 OK 589 B URL HTTP/2 www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
IP 142.250.74.131:0
File type ASCII text, with very long lines (921), with no line terminators
Hash ccc21d0d49199fd4bd9459478d13cb73
133ae31908d06b58ddd61e1db51c277fd4cba47a
208faf9933968aa2e7d8ef5b5080d54e87d06c08c70824487213b0785fc8e0b6
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 11 Sep 2022 06:37:41 GMT
date: Sun, 11 Sep 2022 06:37:41 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 589
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/index_rt.html
144.217.67.42200 OK 1.5 kB URL HTTP/1.1 mediasama.com/starharem/01/s/index_rt.html
IP 144.217.67.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 30597b59f3cb1eadf603fcfb21952340
baca3a552764959edd4fc56947acc9a4f33822de
6ac92da5b37d94c53f231a18bb88be006ae20f1724a63151a97ed918d86cb25d
GET /starharem/01/s/index_rt.html HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:41 GMT
Server: Apache
Last-Modified: Wed, 20 Jul 2022 09:11:51 GMT
ETag: "17a0-5e438fdce23c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1525
Content-Type: text/html
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 2.1 kB IP 142.250.74.3:0
Hash 6c3301db90d6626d55f36ddb9c65ec2c
eb3f5c5e8d680215584354337ec10acaed0f0a56
54d781deaa474ab2f4424b6e6ba7f2858f3862d559750789c38f03ec1a63aa3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 06:37:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
216.58.211.10200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 216.58.211.10:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Sep 2022 02:36:40 GMT
expires: Mon, 11 Sep 2023 02:36:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 14461
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 373
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ed5f19be2ddeba40c1a1f0df2aef171c
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=3106d95ed79548d2854e3614b450589e&zoneId=4938390&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=3106d95ed79548d2854e3614b450589e&zoneId=4938390&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 88a5e0113fe9cf73ccb33121ca03d5b6
d98e5cf07e9092b39c45781ae05761a3d3e251e9
610fbbf227e0a06bba04e9e947e412ce1fb2537e30009d31771a71fbe429d9e7
GET /gid.js?pub=0&userId=3106d95ed79548d2854e3614b450589e&zoneId=4938390&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Cookie: ID=ffa15a22252949d8b2e21f78b594c9af
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ffa15a22252949d8b2e21f78b594c9af; expires=Mon, 11 Sep 2023 06:37:41 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/styles.css
144.217.67.42200 OK 2.4 kB URL HTTP/1.1 mediasama.com/starharem/01/s/styles.css
IP 144.217.67.42:0
File type ASCII text, with very long lines (420)
Hash 8e7117f5f47cb6cde0a8e8eb38b16dbb
617fd3f0d3f420ee1967a20fb0b0af4ac34eca03
794f8aa66b6afcf9b7d9bfe5952860436dcfee6bf82e4368af6bc838ce89be98
GET /starharem/01/s/styles.css HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:41 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:29 GMT
ETag: "2638-5dc0be6400e82-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2406
Content-Type: text/css
www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
142.250.74.163200 OK 157 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (539)
Size 157 kB (157166 bytes)
Hash 026df0dfed2314af108e700900288961
51c2a55bca7d65c549ef138d1294cac2aa98dd96
24eefc59f5d298ce40bdd33c8157ad14631984159fca8e5980037366c44c2b34
GET /recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157166
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:23:20 GMT
expires: Wed, 06 Sep 2023 17:23:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Sep 2022 00:04:24 GMT
content-type: text/javascript
age: 393261
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 11a62de4541037ab66a1ee3a198916bd
767beb0fd7d3ef086d2dff0a984f54f6b6f9d0e4
1f6a4b80a80691e041057bf8a0a5beb9440df1a1a9af8d2447af252055850d1a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3656
Expires: Sun, 11 Sep 2022 07:38:38 GMT
Date: Sun, 11 Sep 2022 06:37:42 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 11a62de4541037ab66a1ee3a198916bd
767beb0fd7d3ef086d2dff0a984f54f6b6f9d0e4
1f6a4b80a80691e041057bf8a0a5beb9440df1a1a9af8d2447af252055850d1a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3656
Expires: Sun, 11 Sep 2022 07:38:38 GMT
Date: Sun, 11 Sep 2022 06:37:42 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 11a62de4541037ab66a1ee3a198916bd
767beb0fd7d3ef086d2dff0a984f54f6b6f9d0e4
1f6a4b80a80691e041057bf8a0a5beb9440df1a1a9af8d2447af252055850d1a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3656
Expires: Sun, 11 Sep 2022 07:38:38 GMT
Date: Sun, 11 Sep 2022 06:37:42 GMT
Connection: keep-alive
mediasama.com/starharem/01/s/js/main.js
144.217.67.42200 OK 549 B URL HTTP/1.1 mediasama.com/starharem/01/s/js/main.js
IP 144.217.67.42:0
Hash d8fa8e233a4db9fbce0c20d9a57a06fe
2366b2969771aa164bfdca6b5baf916806f6758a
f496e19ead804367daa801860cd95a7ec6854965a7c5cf2c49dda71532c19932
GET /starharem/01/s/js/main.js HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:50 GMT
ETag: "516-5dc0be78000b5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 549
Content-Type: application/javascript
phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Findex.html&l=1688&fd=598
173.233.137.52502 Bad Gateway 157 B URL HTTP/1.1 phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Findex.html&l=1688&fd=598
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d41a93f6d3a61aa8e32d7a0afcfbb2d0
77718bef53accc9fd03bea992dc25e4086a17d50
3f72ba697c379550b6005be4ed325a33b228eea31e056a4dfa1150c6ace3f6cd
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Findex.html&l=1688&fd=598 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 502 Bad Gateway
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Type: text/html
Content-Length: 157
Connection: keep-alive
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/img/icon.jpg
104.21.51.177200 OK 60 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/img/icon.jpg
IP 104.21.51.177:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=821, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1232], progressive, precision 8, 281x290, components 3\012- data
Hash 9337eb4f9526f6d16e6d1602d8fee3ae
203c7272c5a60a752db43857b2d337d644f690f5
1e803197ccab280a9285cdae1adbea170504d59ef0bbf02aab3d9785c0871422
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/img/icon.jpg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:42 GMT
content-type: image/jpeg
content-length: 59931
last-modified: Tue, 08 Feb 2022 14:18:00 GMT
etag: "62027b98-ea1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3357196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rwDQ9jz%2FvqiOJOlJzVINVoikgcNvkdlGhMNaqptRWbd3w7cZq2rAqsdsKdmYBLBr3HZkdiCkRz0U0mOWiSJMwDrRTGFtUBb8B1g7aYUO%2FNLtuCDOd2ziVluQlFKjD4rz%2Bbk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e65723c761c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tovanillitechan.com/15?rnd=2645750261&z=4938389&var=&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.347%2C%22location%22%3A%22https%3A%2F%2Fmegalink.pw%2FrNtfae%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 660 B URL HTTP/2 tovanillitechan.com/15?rnd=2645750261&z=4938389&var=&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.347%2C%22location%22%3A%22https%3A%2F%2Fmegalink.pw%2FrNtfae%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
File type gzip compressed data, max compression\012- data
Hash 5860c780c8e9daa4f852038f02b5bdc2
c75c8b4db36bffe075ce493f06d011f855d5541a
f11b9f8e851e15c0c6abd53a9994c6dcef78ceeebd0f0b8bbde610fec8332c85
GET /15?rnd=2645750261&z=4938389&var=&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.347%2C%22location%22%3A%22https%3A%2F%2Fmegalink.pw%2FrNtfae%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; oaidts=1662878260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 11 Sep 2022 06:37:42 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: d355bb6f7131f1702dac145ccf603fc6
access-control-expose-headers: X-Sc
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:42 GMT; secure; SameSite=None
oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:42 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/css/style.css
104.21.51.177200 OK 2.8 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/css/style.css
IP 104.21.51.177:0
Hash 8c3bcadfd5b929f0f4d3f293cba7c22b
97f6bcdcc91175c0e4873037ec51d2cf5aadc418
e78d0abb7add714aaa69cee0fb319f6d203446f0ee0a57b899465fb73871efa5
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:42 GMT
content-type: text/css
last-modified: Wed, 09 Feb 2022 11:16:21 GMT
etag: W/"6203a285-2751"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2BqI2aGLapkwrSH0BASqSy8Z4ZXp2BYoW%2F6L4F%2Fbh5QVi7bSLr52VXRRfuoY2kn2YcF1F4QSjg5HpK9RO3D662DHpKgZf5iRPTDzZofQcXZLXK9akW1aYYO7T%2B%2B0oY0I1Vo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e6571ac091c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/index.html
104.26.6.19200 OK 5.4 kB URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/index.html
IP 104.26.6.19:0
File type HTML document text\012- HTML document, ASCII text
Hash 66391e813c4314720c7804642500df38
5fbfc80703ef82676aa4fd78f885327d83fc1cf7
d1c785dc7ba17e83ad6db0c17c777da04c946b21249085d6abac1dce0a68af1f
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:41 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 11:16:34 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bEnXIY7xmcfBvo4VEoKL7tikt9MtYPKWJlPHaluZhXatXQ8vcU1F6BzCoLvM2XSGJ%2B7RoRrcaO7tEoGVJSjZzQrnW7aDHmJFc1OGMxbgp%2FA2knejzC1hi2R%2FAEEvECSl1TQ7zeM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e656d3e4cb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/audio/btn_1.mp3
144.217.67.42206 Partial Content 20 kB URL HTTP/1.1 mediasama.com/starharem/01/s/audio/btn_1.mp3
IP 144.217.67.42:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, JntStereo\012- data
Hash d857acaef2cdf5ec88ea6128c1ceb7b3
5f67419243f34232a4da8cb1a1eaecfc192ff1a7
df83bc888086ae84b5d532a39023b0db17e8f3ccd3ffdcd6f35c8d4f39558d24
GET /starharem/01/s/audio/btn_1.mp3 HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:31 GMT
ETag: "4f61-5dc0be65fcb81"
Accept-Ranges: bytes
Content-Length: 20321
Content-Range: bytes 0-20320/20321
Content-Type: audio/mpeg
onmarshtompor.com/?rb=9lWOfQkmdTq4VOQvX8OjLWGDy1Di-dB9gXRH4e4yg6lYAHPj9VkMDhm9sLbhSM0vgFaXJt9OYy6OLFjhFZbrMRu53vufKV3yuttoZgdoLBNgxTVlTiq2nXIGYtljyl3YuI-TQSAcuzKetbWVDybg49b2qK3QMUZmRdp_Rw_a-WZI2LDYkZDkl-t5C44_YmxTafW4izMHnBo-tB1cvWhbjw%3D%3D&request_ab2=0&zoneid=4938391&js_build=iclick-v1.425.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.425.0&bs=120c069b-9d2f-4aee-9446-ba360b379820&userId=5c8b0a45c4fb4961a57f3ed00ad4fbc1&m=link
139.45.197.243200 OK 17 kB URL HTTP/2 onmarshtompor.com/?rb=9lWOfQkmdTq4VOQvX8OjLWGDy1Di-dB9gXRH4e4yg6lYAHPj9VkMDhm9sLbhSM0vgFaXJt9OYy6OLFjhFZbrMRu53vufKV3yuttoZgdoLBNgxTVlTiq2nXIGYtljyl3YuI-TQSAcuzKetbWVDybg49b2qK3QMUZmRdp_Rw_a-WZI2LDYkZDkl-t5C44_YmxTafW4izMHnBo-tB1cvWhbjw%3D%3D&request_ab2=0&zoneid=4938391&js_build=iclick-v1.425.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.425.0&bs=120c069b-9d2f-4aee-9446-ba360b379820&userId=5c8b0a45c4fb4961a57f3ed00ad4fbc1&m=link
IP 139.45.197.243:0
Hash 167b3917600cea53ac1b791c5bc92d14
b048baee1045d106f790709eb7442246991ff5b7
6a046e64b69a8ba48365d885968b73fd8a6d35ea2339cd4cf1181078b4ecbd44
GET /?rb=9lWOfQkmdTq4VOQvX8OjLWGDy1Di-dB9gXRH4e4yg6lYAHPj9VkMDhm9sLbhSM0vgFaXJt9OYy6OLFjhFZbrMRu53vufKV3yuttoZgdoLBNgxTVlTiq2nXIGYtljyl3YuI-TQSAcuzKetbWVDybg49b2qK3QMUZmRdp_Rw_a-WZI2LDYkZDkl-t5C44_YmxTafW4izMHnBo-tB1cvWhbjw%3D%3D&request_ab2=0&zoneid=4938391&js_build=iclick-v1.425.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.425.0&bs=120c069b-9d2f-4aee-9446-ba360b379820&userId=5c8b0a45c4fb4961a57f3ed00ad4fbc1&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/json
x-trace-id: 58a5b8a7eb2937e23a836027358ed992
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 18 Sep 2022 06:37:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 299014
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Fcss%2Fanimate.css&l=79245&fd=348
173.233.137.52502 Bad Gateway 157 B URL HTTP/1.1 phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Fcss%2Fanimate.css&l=79245&fd=348
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d41a93f6d3a61aa8e32d7a0afcfbb2d0
77718bef53accc9fd03bea992dc25e4086a17d50
3f72ba697c379550b6005be4ed325a33b228eea31e056a4dfa1150c6ace3f6cd
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Fcss%2Fanimate.css&l=79245&fd=348 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 502 Bad Gateway
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Type: text/html
Content-Length: 157
Connection: keep-alive
pseepsie.com/event
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /event HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:42 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/img/2.jpg
144.217.67.42200 OK 369 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/2.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 369 kB (369239 bytes)
Hash b7d3bd4ae3d5f8477e040e6410517866
2b255c9583c47e5da4069d9c055d3430a0c1e03a
7bb68d5a9a92a500956397e156beb117a0ef605b6747800cacf9c9440b6fc7e4
GET /starharem/01/s/img/2.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5a257-5dc622e1424eb"
Accept-Ranges: bytes
Content-Length: 369239
Content-Type: image/jpeg
phosphatepossible.com/pixel/sbs?c=1
173.233.137.52502 Bad Gateway 157 B URL HTTP/1.1 phosphatepossible.com/pixel/sbs?c=1
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d41a93f6d3a61aa8e32d7a0afcfbb2d0
77718bef53accc9fd03bea992dc25e4086a17d50
3f72ba697c379550b6005be4ed325a33b228eea31e056a4dfa1150c6ace3f6cd
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 502 Bad Gateway
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Type: text/html
Content-Length: 157
Connection: keep-alive
pseepsie.com/event
139.45.197.250200 OK 94 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 5763817b6b732e3f9702d5ea847640d8
7ab16586736d55396fe95fa2668756615431938c
be348b0f2669e5cb9c875ff5522940035738daff9d23dc1ee3fd66b39f0b0043
Analyzer Verdict Alert fortinet Malware
POST /event HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 1031
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:42 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 524e3e17d505d7e9e467a29b9164a238
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Fjs%2Fscript.js&l=468&fd=339
173.233.137.52502 Bad Gateway 157 B URL HTTP/1.1 phosphatepossible.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Fjs%2Fscript.js&l=468&fd=339
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d41a93f6d3a61aa8e32d7a0afcfbb2d0
77718bef53accc9fd03bea992dc25e4086a17d50
3f72ba697c379550b6005be4ed325a33b228eea31e056a4dfa1150c6ace3f6cd
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Fjs%2Fscript.js&l=468&fd=339 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 502 Bad Gateway
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Type: text/html
Content-Length: 157
Connection: keep-alive
mediasama.com/starharem/01/s/img/1.jpg
144.217.67.42200 OK 397 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/1.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 397 kB (397097 bytes)
Hash 43c140ec16ce96d582782ea93eeaa4fe
3390bf8e8708620fc0a851455e4729cb4f0248a2
3e176a04debe08dd522e7f0fbc9f7530880a92fb9845afd7391bbaa764a4ad55
GET /starharem/01/s/img/1.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "60f29-5dc622dfac0e8"
Accept-Ranges: bytes
Content-Length: 397097
Content-Type: image/jpeg
phosphatepossible.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72uyEFwpdaFSHVyIgkzem99jF8UYI8G0qY1id3p%2FzeQ69737uPfdeZOsQouSjTBuXb18J2moLaLg1iKTQhdBoeMqC%2FM%2FiNCVC5lpcOyBxznnfb%2BLzznnfr3vz0gIT09XrpodpTVdqpfD0ls3o%2BhyaV0lflAatBqfN2qXS7b%2FbrtRDt8ufSh5zyxVwigMozAqrSorO2awNBWh0vvtqNwOy7VKOarXMLDP9s4HcDSA6J%2BRF6HEZPFhcBGKj5HEP65I18tM%2Bs4Hsdc0MxZ9cfRp0ktMniCelx0boJMcnbth3OPVBzDJ4QwXpv%2BfkakJCR49AEuOziHB%2BgczTqYhEzDxPPL%2BGFKPoegY3NyGEo8JwAWubSCJ71wzNqfbT1U6VSdk8cnfUPmELP55EUn8w7JWg9Km0T5TJnEYdAqowRiqO0bqj5HtXIDKj8GzW1Did7L0ZB1JfLDhtIESxWx2pcZQnTG0HIK6AH76qQC%2BE8CnAWJxWuJRFDVDwWnYanNeFU3JGiKMaLMT0ShstOD5FG%2BILB2C6yG43UVqd9FTQ1j%2FK9xWAScCuGxCgo930RcFckmQO4KcEuSKIM8I8n5xKLSruOKO0M6z6DxXznO1GJmsu08PTdaVCdlPz8gL070EC9%2B9hJ48LdV5tVWPqu0pFa2GbSlFtcEiKXmjEjU5hVMFlLswG3VHTcirm98gVROy%2BPpvYPQYTh%2BDqzdA%2FSXQfNSshKBbo1orxE5yL5ZdqlXSK6c5hCmQZovItoN9fUZenp2nevNNSH5y5Qt2dfLX3X%2FAbYHUFvhSPSTo6r3RDZOTgxsmd%2BSnjTRTsdqh09NtZjSTC99%2FJLdzY8XaihvefY9PhWl5%2FxPpsnWaCJV0Hbm3rISQdtVYLskva%2B4zya57t7XsbeLT9evvr67FqZXOKZOMQdWEkEcn4GpCnvv5cPYqX%2FlqD8qOYX2B2J%2BQ84Ayx%2BDpLlw653dmAVbPPSwNkPtiZCts%2FlMrAi3nPWUF3P96Nq%2F33R669jXQ7DaSuEDfFujrAlQP4fzCKEvtyZU%2FqrMA08GIaRscMG31t0%2BX69RpqRqKJpMd2WSyVq91JBesXmch73BWFa0WR%2BYm%2FNKt2r8AAAD%2F%2FwEAAP%2F%2F4TMjtWAEAAA%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 phosphatepossible.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72uyEFwpdaFSHVyIgkzem99jF8UYI8G0qY1id3p%2FzeQ69737uPfdeZOsQouSjTBuXb18J2moLaLg1iKTQhdBoeMqC%2FM%2FiNCVC5lpcOyBxznnfb%2BLzznnfr3vz0gIT09XrpodpTVdqpfD0ls3o%2BhyaV0lflAatBqfN2qXS7b%2FbrtRDt8ufSh5zyxVwigMozAqrSorO2awNBWh0vvtqNwOy7VKOarXMLDP9s4HcDSA6J%2BRF6HEZPFhcBGKj5HEP65I18tM%2Bs4Hsdc0MxZ9cfRp0ktMniCelx0boJMcnbth3OPVBzDJ4QwXpv%2BfkakJCR49AEuOziHB%2BgczTqYhEzDxPPL%2BGFKPoegY3NyGEo8JwAWubSCJ71wzNqfbT1U6VSdk8cnfUPmELP55EUn8w7JWg9Km0T5TJnEYdAqowRiqO0bqj5HtXIDKj8GzW1Did7L0ZB1JfLDhtIESxWx2pcZQnTG0HIK6AH76qQC%2BE8CnAWJxWuJRFDVDwWnYanNeFU3JGiKMaLMT0ShstOD5FG%2BILB2C6yG43UVqd9FTQ1j%2FK9xWAScCuGxCgo930RcFckmQO4KcEuSKIM8I8n5xKLSruOKO0M6z6DxXznO1GJmsu08PTdaVCdlPz8gL070EC9%2B9hJ48LdV5tVWPqu0pFa2GbSlFtcEiKXmjEjU5hVMFlLswG3VHTcirm98gVROy%2BPpvYPQYTh%2BDqzdA%2FSXQfNSshKBbo1orxE5yL5ZdqlXSK6c5hCmQZovItoN9fUZenp2nevNNSH5y5Qt2dfLX3X%2FAbYHUFvhSPSTo6r3RDZOTgxsmd%2BSnjTRTsdqh09NtZjSTC99%2FJLdzY8XaihvefY9PhWl5%2FxPpsnWaCJV0Hbm3rISQdtVYLskva%2B4zya57t7XsbeLT9evvr67FqZXOKZOMQdWEkEcn4GpCnvv5cPYqX%2FlqD8qOYX2B2J%2BQ84Ayx%2BDpLlw653dmAVbPPSwNkPtiZCts%2FlMrAi3nPWUF3P96Nq%2F33R669jXQ7DaSuEDfFujrAlQP4fzCKEvtyZU%2FqrMA08GIaRscMG31t0%2BX69RpqRqKJpMd2WSyVq91JBesXmch73BWFa0WR%2BYm%2FNKt2r8AAAD%2F%2FwEAAP%2F%2F4TMjtWAEAAA%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72uyEFwpdaFSHVyIgkzem99jF8UYI8G0qY1id3p%2FzeQ69737uPfdeZOsQouSjTBuXb18J2moLaLg1iKTQhdBoeMqC%2FM%2FiNCVC5lpcOyBxznnfb%2BLzznnfr3vz0gIT09XrpodpTVdqpfD0ls3o%2BhyaV0lflAatBqfN2qXS7b%2FbrtRDt8ufSh5zyxVwigMozAqrSorO2awNBWh0vvtqNwOy7VKOarXMLDP9s4HcDSA6J%2BRF6HEZPFhcBGKj5HEP65I18tM%2Bs4Hsdc0MxZ9cfRp0ktMniCelx0boJMcnbth3OPVBzDJ4QwXpv%2BfkakJCR49AEuOziHB%2BgczTqYhEzDxPPL%2BGFKPoegY3NyGEo8JwAWubSCJ71wzNqfbT1U6VSdk8cnfUPmELP55EUn8w7JWg9Km0T5TJnEYdAqowRiqO0bqj5HtXIDKj8GzW1Did7L0ZB1JfLDhtIESxWx2pcZQnTG0HIK6AH76qQC%2BE8CnAWJxWuJRFDVDwWnYanNeFU3JGiKMaLMT0ShstOD5FG%2BILB2C6yG43UVqd9FTQ1j%2FK9xWAScCuGxCgo930RcFckmQO4KcEuSKIM8I8n5xKLSruOKO0M6z6DxXznO1GJmsu08PTdaVCdlPz8gL070EC9%2B9hJ48LdV5tVWPqu0pFa2GbSlFtcEiKXmjEjU5hVMFlLswG3VHTcirm98gVROy%2BPpvYPQYTh%2BDqzdA%2FSXQfNSshKBbo1orxE5yL5ZdqlXSK6c5hCmQZovItoN9fUZenp2nevNNSH5y5Qt2dfLX3X%2FAbYHUFvhSPSTo6r3RDZOTgxsmd%2BSnjTRTsdqh09NtZjSTC99%2FJLdzY8XaihvefY9PhWl5%2FxPpsnWaCJV0Hbm3rISQdtVYLskva%2B4zya57t7XsbeLT9evvr67FqZXOKZOMQdWEkEcn4GpCnvv5cPYqX%2FlqD8qOYX2B2J%2BQ84Ayx%2BDpLlw653dmAVbPPSwNkPtiZCts%2FlMrAi3nPWUF3P96Nq%2F33R669jXQ7DaSuEDfFujrAlQP4fzCKEvtyZU%2FqrMA08GIaRscMG31t0%2BX69RpqRqKJpMd2WSyVq91JBesXmch73BWFa0WR%2BYm%2FNKt2r8AAAD%2F%2FwEAAP%2F%2F4TMjtWAEAAA%3D HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 448d924d4bddacdd248caf0e65e6b607
Strict-Transport-Security: max-age=0; includeSubdomains
mediasama.com/starharem/01/s/img/7.jpg
144.217.67.42200 OK 327 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/7.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 327 kB (326553 bytes)
Hash c67c9fb0268eea7d188c4c9bc54a0bf4
216b83374ba6f011041b31dd381f22e99ea7a8c1
95ae6eba3fad2ff05cadc95b27fc79a198a9e873371ab5fb7bb97c1661cd4654
GET /starharem/01/s/img/7.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:45 GMT
ETag: "4fb99-5dc622e5033f2"
Accept-Ranges: bytes
Content-Length: 326553
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/5.jpg
144.217.67.42200 OK 461 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/5.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 461 kB (461412 bytes)
Hash 42ad3cffde2e4081df94ded8a30a1dc5
7b064f0fcb96e5b5c498c0c03bcbb9ab15e999b0
be788428faee6157125228734e5510d4f49212766eff23a1a1b178e456f153d1
GET /starharem/01/s/img/5.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "70a64-5dc622e35f52f"
Accept-Ranges: bytes
Content-Length: 461412
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/6.jpg
144.217.67.42200 OK 261 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/6.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 261 kB (261364 bytes)
Hash 4b7cf78d93f3f009f850bedb6829d7f6
cc55cad898df47a2f089946aee9398fea7fa2ae6
44d0a6f8e7f7fe0354c05417445137070431686d671c51e9f3d3869867f2448f
GET /starharem/01/s/img/6.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:44 GMT
ETag: "3fcf4-5dc622e471bd1"
Accept-Ranges: bytes
Content-Length: 261364
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/3.jpg
144.217.67.42200 OK 375 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/3.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 375 kB (375159 bytes)
Hash 84c5f704120f28ad7bcde2ebab7442a0
fd2745300ba7ad59ff8044c7e9f76b1326ddd120
6227de9cf2198a85639d3808c134b85dc1e6a5ee5ee5709189c5e58d1b91b7c2
GET /starharem/01/s/img/3.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5b977-5dc622e17edac"
Accept-Ranges: bytes
Content-Length: 375159
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/4.jpg
144.217.67.42200 OK 325 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/4.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 325 kB (325446 bytes)
Hash ec18d276822ab5772f3458da7dbedfbc
f7a38f944aaba3e6b848f496bf4b8fee50b58161
da6b7082767f0ddffbec031c7f84b859c7a1f20624445bb26aa93895b75d7c09
GET /starharem/01/s/img/4.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "4f746-5dc622e2da82e"
Accept-Ranges: bytes
Content-Length: 325446
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/8.jpg
144.217.67.42200 OK 682 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/8.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-3584, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 211035008.000000\012- data
Size 682 kB (682050 bytes)
Hash cedcd46e956dee6a28f87198962b0477
7b38f1de654971e436983fb6a34a71540ba526c9
08c08ef6f1ed9da65259719bbcc97e9aec700d3b486a9f0a741cb5800be34db5
GET /starharem/01/s/img/8.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "a6842-5dc622e757ed6"
Accept-Ranges: bytes
Content-Length: 682050
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/9.jpg
144.217.67.42200 OK 342 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/9.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 342 kB (341673 bytes)
Hash a3a888cf217de9be2aa727dd1cc64757
b7bd361dfdceecfc5775d0ed32e5798abd271d5e
2fd4025336ad8a5edd704651a216cf6b9739089ad1c204bd1ea8e114d11770b9
GET /starharem/01/s/img/9.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "536a9-5dc622e6fb276"
Accept-Ranges: bytes
Content-Length: 341673
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/10.jpg
144.217.67.42200 OK 237 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/10.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 237 kB (236974 bytes)
Hash e0046cc1f34ff0701ec4874a0a8c5d43
c6a46db14dfc50d67307a9855f4dd2688d576a01
8589d73053f4bb258d888488403564bdcc94fb2d87c7388f943bf06fb85865a1
GET /starharem/01/s/img/10.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "39dae-5dc622df755e8"
Accept-Ranges: bytes
Content-Length: 236974
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/11.jpg
144.217.67.42200 OK 403 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/11.jpg
IP 144.217.67.42:0
File type JPEG image data, baseline, precision 8, 1920x1080, components 3\012- data
Size 403 kB (402740 bytes)
Hash c10654a068f849e614885c983ac9ab02
8d69da78045560f1c2de7bafc47b2c8a12e86424
3a864743d27da3ef1cea10d293532f84f9d564a98b34afef2a8f4b380472dfc2
GET /starharem/01/s/img/11.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 09:18:06 GMT
ETag: "62534-5dc5d6c134c3d"
Accept-Ranges: bytes
Content-Length: 402740
Content-Type: image/jpeg
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 729
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:43 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b9322a53344ef2396eb2c7d38fec4c87
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 090a097732f15b625208ab10faeea110
33b4fbb528d5b24e6edeebec3887e9b92bed4272
dd912cb8f4b18a02f086446af981c96af8de389bb8872f8bb6dd76cb5b018194
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD912CB8F4B18A02F086446AF981C96AF8DE389BB8872F8BB6DD76CB5B018194"
Last-Modified: Sat, 10 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7046
Expires: Sun, 11 Sep 2022 08:35:09 GMT
Date: Sun, 11 Sep 2022 06:37:43 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=d35daabf-5776-46d2-831a-b6886691c9a4&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=d35daabf-5776-46d2-831a-b6886691c9a4&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=d35daabf-5776-46d2-831a-b6886691c9a4&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 11 Sep 2022 06:37:43 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aadbb6b91946397be3e755be500447af
Strict-Transport-Security: max-age=0; includeSubdomains
tovanillitechan.com/15?rnd=2645750261&z=4938389&var=&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.349%2C%22location%22%3A%22https%3A%2F%2Fmegalink.pw%2FrNtfae%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/15?rnd=2645750261&z=4938389&var=&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.349%2C%22location%22%3A%22https%3A%2F%2Fmegalink.pw%2FrNtfae%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /15?rnd=2645750261&z=4938389&var=&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.349%2C%22location%22%3A%22https%3A%2F%2Fmegalink.pw%2FrNtfae%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; oaidts=1662878260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 11 Sep 2022 06:37:44 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 9cbe520ff46078cfa905de240d85f5b8
access-control-expose-headers: X-Sc
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:44 GMT; secure; SameSite=None
oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:44 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/img/close.svg
104.21.51.177200 OK 494 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/img/close.svg
IP 104.21.51.177:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 3b5b8ce2b94df2e327d2cc99d59e364e
538abf78a49d47623260a0c2e63b918c8bfbcd84
3261ee1c514ffcaf3469a526707f7e68d1743294e4ddc6b37782a89e46276d39
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/img/close.svg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:42 GMT
content-type: image/svg+xml
last-modified: Mon, 17 Jan 2022 14:26:00 GMT
etag: W/"61e57c78-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3357196
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfN2%2Bu3bWCqDIFKNujFR9H%2Fj9%2Bnfk6ZYjKy%2BxgqFDX4oBM7kfianC0xmKarThoY5k9zWbb3GWmd96P16nAk%2FCu3exxs7N%2BtItQA0mmN0i72CTzy7Yq0NdxT6ey%2FfvLVnuZg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e65723c751c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dozubatan.com/impression/FG3WpFNssug1fw5UInR8yi2J9eHlzR5NxT5x6OwigT-zm404n7pJ1_K2oAaicyAqjihRbuoiHBvjPfy1El-7BPR5UyizIuumdbcmSzNongCs1t_aQoo-AbV0kWykUZjjaCTfw8gEyReSsCFOf8DzEPBBK0uysObPtivhUfOsaAOrT9qJK-hj_Z92ySDbftavuM9K4aPGVpBxF-MSfOAoZVpQYr6vmBhpkFUTSg4dC0c92dzay1PqNa_6extbxNyyIOjuU-_N-xY8Oz7fFHKUcJN45xSAphxWO5XVJxlNI30Sfa1A3J9hJClM9r3b5-gPgFtgDNqm3_kmVdxxO1xBfOIBQnU_eZsXKYk3-5GvMfGlmW-xO6qmO_vW9F9olcRVMbArZ_bgR56WVQma7ZfWW9S5EBjNVpD2vK4qTMACEphTZQ34gyic76Iny5sUsa5vN54GRH3p2kV2ivWen9Nt2YadtKUrQMOlSm7KKydmOZxBkkOKVOX1H9S1amGjDhK34WRLYaoJXOXv7kHtVfUx_nF6Agsv4cOA1KBOJyW2bbCfE1TR97HlxRrWKuajZYI8oj8VagSlubCLPi0ti4uEGNEY0cVCZ_6SnfuSU0g8rMYHNo7Oygg4wt_zsxs8idYWoFMUcJs98Fg0psru3oAzET9PMC1oyG9TRYTOGlYy4tI0maT39XQG9SpUinjHTlLpw2PGf_aqrRg=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/FG3WpFNssug1fw5UInR8yi2J9eHlzR5NxT5x6OwigT-zm404n7pJ1_K2oAaicyAqjihRbuoiHBvjPfy1El-7BPR5UyizIuumdbcmSzNongCs1t_aQoo-AbV0kWykUZjjaCTfw8gEyReSsCFOf8DzEPBBK0uysObPtivhUfOsaAOrT9qJK-hj_Z92ySDbftavuM9K4aPGVpBxF-MSfOAoZVpQYr6vmBhpkFUTSg4dC0c92dzay1PqNa_6extbxNyyIOjuU-_N-xY8Oz7fFHKUcJN45xSAphxWO5XVJxlNI30Sfa1A3J9hJClM9r3b5-gPgFtgDNqm3_kmVdxxO1xBfOIBQnU_eZsXKYk3-5GvMfGlmW-xO6qmO_vW9F9olcRVMbArZ_bgR56WVQma7ZfWW9S5EBjNVpD2vK4qTMACEphTZQ34gyic76Iny5sUsa5vN54GRH3p2kV2ivWen9Nt2YadtKUrQMOlSm7KKydmOZxBkkOKVOX1H9S1amGjDhK34WRLYaoJXOXv7kHtVfUx_nF6Agsv4cOA1KBOJyW2bbCfE1TR97HlxRrWKuajZYI8oj8VagSlubCLPi0ti4uEGNEY0cVCZ_6SnfuSU0g8rMYHNo7Oygg4wt_zsxs8idYWoFMUcJs98Fg0psru3oAzET9PMC1oyG9TRYTOGlYy4tI0maT39XQG9SpUinjHTlLpw2PGf_aqrRg=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/FG3WpFNssug1fw5UInR8yi2J9eHlzR5NxT5x6OwigT-zm404n7pJ1_K2oAaicyAqjihRbuoiHBvjPfy1El-7BPR5UyizIuumdbcmSzNongCs1t_aQoo-AbV0kWykUZjjaCTfw8gEyReSsCFOf8DzEPBBK0uysObPtivhUfOsaAOrT9qJK-hj_Z92ySDbftavuM9K4aPGVpBxF-MSfOAoZVpQYr6vmBhpkFUTSg4dC0c92dzay1PqNa_6extbxNyyIOjuU-_N-xY8Oz7fFHKUcJN45xSAphxWO5XVJxlNI30Sfa1A3J9hJClM9r3b5-gPgFtgDNqm3_kmVdxxO1xBfOIBQnU_eZsXKYk3-5GvMfGlmW-xO6qmO_vW9F9olcRVMbArZ_bgR56WVQma7ZfWW9S5EBjNVpD2vK4qTMACEphTZQ34gyic76Iny5sUsa5vN54GRH3p2kV2ivWen9Nt2YadtKUrQMOlSm7KKydmOZxBkkOKVOX1H9S1amGjDhK34WRLYaoJXOXv7kHtVfUx_nF6Agsv4cOA1KBOJyW2bbCfE1TR97HlxRrWKuajZYI8oj8VagSlubCLPi0ti4uEGNEY0cVCZ_6SnfuSU0g8rMYHNo7Oygg4wt_zsxs8idYWoFMUcJs98Fg0psru3oAzET9PMC1oyG9TRYTOGlYy4tI0maT39XQG9SpUinjHTlLpw2PGf_aqrRg=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:45 GMT
content-type: image/gif
content-length: 43
x-trace-id: 2ffa10556d266542fd879d4f47284472
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
glizauvo.net/impression/MWNGoJWLS2v8J5VSJUAza5CQBhbEE1jDrifBXoJ0yZXFIZ9_JvzPwInHhBtGPMRnglzHb9P_iYdpHYVNQjAfgu7-lp_CPppLqetHV4sjjoX40wx3e74in8XpjmtfcQ5zUL0ANfdKwfsaj0sIlyeiHTQ3jq95vNkNgonJ6BjjMtEf_dbawjKBisLyCq-sKJfj9-sBCgt5taYtGqjbMj0Z-RQSw00hsZoSSTyCn-kwIP5bw-E8yjxqVCUVEPDVXvNFleNxDwSZQMoLjpKYxGJedXPWPccqV-l4n4gaoNHfLvO7pB4A7r4SbhbHGlxux_wqNsJpFlChQF4N6yUElHavlAZuz41cTd5mu2I8R33PEwXRS4IM6Z6eWswXX1btzn9MCAGC4UfmNJyVk5513pK8J5C6A21crEZNpvfTK6eyjKnArQLFBbGUcIZod-rxpwE1DgrnC4jnFjvoNgdobGbs1f8QmNyWdOaypjxJWQ0itNdNMHL2hr_Np09nLG2P1OjHpv7ANdE3-4Gf3owItyT5UjY-6ujr1GJD7mfKmZpawBnI04gxFpfuGhQypekmCxcj5BxkU_HyAauS1Vjwl_t5zBpdzho=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 43 B URL HTTP/2 glizauvo.net/impression/MWNGoJWLS2v8J5VSJUAza5CQBhbEE1jDrifBXoJ0yZXFIZ9_JvzPwInHhBtGPMRnglzHb9P_iYdpHYVNQjAfgu7-lp_CPppLqetHV4sjjoX40wx3e74in8XpjmtfcQ5zUL0ANfdKwfsaj0sIlyeiHTQ3jq95vNkNgonJ6BjjMtEf_dbawjKBisLyCq-sKJfj9-sBCgt5taYtGqjbMj0Z-RQSw00hsZoSSTyCn-kwIP5bw-E8yjxqVCUVEPDVXvNFleNxDwSZQMoLjpKYxGJedXPWPccqV-l4n4gaoNHfLvO7pB4A7r4SbhbHGlxux_wqNsJpFlChQF4N6yUElHavlAZuz41cTd5mu2I8R33PEwXRS4IM6Z6eWswXX1btzn9MCAGC4UfmNJyVk5513pK8J5C6A21crEZNpvfTK6eyjKnArQLFBbGUcIZod-rxpwE1DgrnC4jnFjvoNgdobGbs1f8QmNyWdOaypjxJWQ0itNdNMHL2hr_Np09nLG2P1OjHpv7ANdE3-4Gf3owItyT5UjY-6ujr1GJD7mfKmZpawBnI04gxFpfuGhQypekmCxcj5BxkU_HyAauS1Vjwl_t5zBpdzho=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/MWNGoJWLS2v8J5VSJUAza5CQBhbEE1jDrifBXoJ0yZXFIZ9_JvzPwInHhBtGPMRnglzHb9P_iYdpHYVNQjAfgu7-lp_CPppLqetHV4sjjoX40wx3e74in8XpjmtfcQ5zUL0ANfdKwfsaj0sIlyeiHTQ3jq95vNkNgonJ6BjjMtEf_dbawjKBisLyCq-sKJfj9-sBCgt5taYtGqjbMj0Z-RQSw00hsZoSSTyCn-kwIP5bw-E8yjxqVCUVEPDVXvNFleNxDwSZQMoLjpKYxGJedXPWPccqV-l4n4gaoNHfLvO7pB4A7r4SbhbHGlxux_wqNsJpFlChQF4N6yUElHavlAZuz41cTd5mu2I8R33PEwXRS4IM6Z6eWswXX1btzn9MCAGC4UfmNJyVk5513pK8J5C6A21crEZNpvfTK6eyjKnArQLFBbGUcIZod-rxpwE1DgrnC4jnFjvoNgdobGbs1f8QmNyWdOaypjxJWQ0itNdNMHL2hr_Np09nLG2P1OjHpv7ANdE3-4Gf3owItyT5UjY-6ujr1GJD7mfKmZpawBnI04gxFpfuGhQypekmCxcj5BxkU_HyAauS1Vjwl_t5zBpdzho=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:45 GMT
content-type: image/gif
content-length: 43
x-trace-id: 17226b46a976a9f08089009cfdd11001
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
oaphoace.net/500/5293715?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 1.2 kB URL HTTP/2 oaphoace.net/500/5293715?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash 828cc881db894e137ac66d5ade0d7b9a
e1938e9d16635cb95a564b4a6170a8eee8c8e925
930f3ee939495988e9f0edbec9f330636b81d1f1802267beee28c4497bfaeea8
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5293715?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=0ee7121ff38b459c847753da03068836
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/javascript
x-trace-id: 258ecaf7df638b5779a12947f1381e7b
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/4938388?excludes=14745758&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 760 B URL HTTP/2 dozubatan.com/500/4938388?excludes=14745758&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type gzip compressed data, max compression\012- data
Hash 24badabba487ae623eec35a101f55ecc
1d146f28493e89c1aab6f8f113ed42e4b75c5467
2e20c4a1e248ade5ec10c1cb76ebde7b13d5b8e1bd2de1ae5c3e6962b66d73c7
OPTIONS /500/4938388?excludes=14745758&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:45 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
eehuzaih.com/401/4943451
139.45.197.237200 OK 0 B IP 139.45.197.237:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4943451 HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
content-type: application/javascript
x-trace-id: 84617cfdfafdc9d98d327eeecc458eb4
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=37a17dafc2824bc9a06c49730da38532; expires=Mon, 11 Sep 2023 06:37:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ad.a-ads.com/1959918?size=320x100
213.239.209.209200 OK 0 B URL HTTP/2 ad.a-ads.com/1959918?size=320x100
IP 213.239.209.209:0
ASN #24940 Hetzner Online GmbH
GET /1959918?size=320x100 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megalink.pw/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.425.0
139.45.197.234200 OK 0 B URL HTTP/2 bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.425.0
IP 139.45.197.234:0
GET /5/4938391/?oo=1&js_build=iclick-v1.425.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/json
x-trace-id: 186fd84311511919686cc8538cc32512
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=ef0ca7616d694d2f91e841a5ab3a787f; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.22.169200 OK 0 B IP 104.21.22.169:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6547
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gFJUCv2qiPEK0LC2g95dLWVPqC1M%2BsOFD0tu8iy%2BOa6vtxGYwfNtvA0dI2qhqbuU1iCccee%2Bumapc3jD9Kmps%2BhXX7S5KYYra1hJ1kAJ61mI13X0hvqI%2FckyFktBuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e65658c05b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1
IP 139.45.197.239:0
POST /9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 257
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=6866551d57cc4f318e1bab88d9c0daae; oaidts=1662878260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f6213660697790fc108060a997a69d41
access-control-expose-headers: X-Sc
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
redrotou.net/pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js
139.45.197.251200 OK 0 B URL HTTP/2 redrotou.net/pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js
IP 139.45.197.251:0
GET /pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-1a29e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
oaphoace.net/401/5293715
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5293715 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
content-type: application/javascript
x-trace-id: b4f64390dd25e580b01b52d9c93c3e2f
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=0ee7121ff38b459c847753da03068836; expires=Mon, 11 Sep 2023 06:37:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=4938389
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/1?z=4938389
IP 139.45.197.239:0
GET /1?z=4938389 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2cd0b062a6d4a1bbe083ca747e012ca9
access-control-expose-headers: X-Sc
x-sc: Br8EqkPTSn_vUvk3MyU1EWoxzKHQiU88vgmLswKsxoEdrkEElfC5fF8pEI9qBTakM67nJpEtHeJZds3yUMknPN8O0JA=
set-cookie: scm=1; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
OAID=acbc7162b31f4e7abf6fba8849d68469; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
glizauvo.net/500/5293711?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 0 B URL HTTP/2 glizauvo.net/500/5293711?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5293711?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=7e54159335154a2fb63c612a7848d9b6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/javascript
x-trace-id: d1d2023bd3b03d02de6ac30b017b6a5c
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/27/55dfd372293146a7ca113106d0d608dd
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/27/55dfd372293146a7ca113106d0d608dd
IP 139.45.197.239:0
GET /27/55dfd372293146a7ca113106d0d608dd HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=acbc7162b31f4e7abf6fba8849d68469; oaidts=1662878260
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Wed, 07 Sep 2022 05:02:06 GMT
expires: Wed, 07 Oct 2082 05:02:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/400/4938388
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/4938388
IP 139.45.197.237:0
GET /400/4938388 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/javascript
x-trace-id: a3f2b598e1e92d36f61009cc52a28e08
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=83ede79a59764e7c8de432480794b96f; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/4938388?excludes=14745758&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4938388?excludes=14745758&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/4938388?excludes=14745758&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:45 GMT
content-type: application/javascript
x-trace-id: 1f121b3b8ff887cb12ce8a3889a7ba75
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/js/script.js
104.21.51.177200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/js/script.js
IP 104.21.51.177:0
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:42 GMT
content-type: application/javascript
last-modified: Mon, 17 Jan 2022 14:40:54 GMT
etag: W/"61e57ff6-1e8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQW1ISLFZOgv%2Bc%2B8YnrEhqSbKrnfs%2BZW0pfDJZNni5Y%2FVA3YWbrMZZiIVgnUTZtT9%2Feflla1MtEY0u5n6jBog1DAEYrTHqfVIJ%2BPqlqdFh2cOdKhRXKj3fZHDpSlEATpqf0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e6571bc111c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megalink.pw/rNtfae
172.67.204.111200 OK 0 B IP 172.67.204.111:0
Analyzer Verdict Alert fortinet Malware
GET /rNtfae HTTP/1.1
Host: megalink.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:38 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
set-cookie: AppSession=4ef8d04565b8deffdd7a9ed958a49b2c; path=/; HttpOnly; secure
csrfToken=83e78f2c2d9e8ac6ff1c838118f6d34956707fad89cff37395cd67de81a3ff88b9641bd4e79e71c0bd194300d7998e16b17a298307e73879e11ceb52798e06fe; path=/; HttpOnly; secure
app_visitor=Q2FrZQ%3D%3D.NWE3MDhmNWI2OWM0NGY1ODkwZTZmYWFlMDgxN2Y1NDgwOWJjYzRhMzNkNzNlNjcwZGQzYWQxZWNlNzMwNmUzOJ6crJ1u6p8tEYqT8d0zMq4v2uCjKWmMfKn4pWtF8W%2BfwaIRL%2BHBInqySJqhJiT2Bp1HrRL2p6OimDHGE6%2BYqL30LNVRFC9%2FTAfzfR4grHDH; expires=Mon, 12-Sep-2022 06:37:38 GMT; Max-Age=86400; path=/; HttpOnly; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mikr7zDV6X6r933ldWTPzpJQ7Q5c6k6w2bvOjBWglv3mOhsqrSZwZOjSWT8hxRtPDnf72a8oHV%2Fq7H8WaVAPP1qKU2a7gDHFa6pUZbg0MpK5jZmefpWnevDNzcL3qA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748e6558e9ca0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
glizauvo.net/401/5293711
139.45.197.236200 OK 0 B IP 139.45.197.236:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5293711 HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
content-type: application/javascript
x-trace-id: 751f1f0e19f11ab3bfdd0b994b737b83
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7e54159335154a2fb63c612a7848d9b6; expires=Mon, 11 Sep 2023 06:37:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.425.0
139.45.197.234200 OK 0 B URL HTTP/2 bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.425.0
IP 139.45.197.234:0
GET /5/4938391/?oo=1&js_build=iclick-v1.425.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
content-type: application/json
x-trace-id: 7bd1fec9d5b0d268a87fc40987d41745
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=5b925cc96efe49349302a7b2c8de364a; expires=Mon, 11 Sep 2023 06:37:39 GMT; path=/; secure; SameSite=None
oaidts=1662878259; expires=Mon, 11 Sep 2023 06:37:39 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
104.21.234.233200 OK 0 B URL HTTP/2 creepingbrings.com/sfp.js
IP 104.21.234.233:0
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 06:37:39 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e0823edfd3fb45b28867b0fcecc2d29f
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 11 Sep 2022 06:37:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJgcNXG2l4KnAII0FEsOFjDZCVjsP2AsUYOfqG2zsIm%2BfD2w2%2FfcGcYyD3QAL7F3T%2FbfPPfbiGk30b3zIP%2FhSt0W23Y7FMi7sZnJtsA%2FjDrQqHCkT4CIiFUGgl1QvrwhLGe%2B2Mg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e6563df5d753d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/universal.min.js?v=3.1.392
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.392
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.392 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-20481"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2