Overview

URL megalink.pw/rNtfae
IP172.67.204.111
ASNCLOUDFLARENET
Location United States
Report completed2022-09-11 06:37:49 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-11 2 megalink.pw/rNtfae Malware
2022-09-11 2 pseepsie.com/custom Malware
2022-09-11 2 pseepsie.com/custom Malware
2022-09-11 2 pseepsie.com/custom Malware
2022-09-11 2 pseepsie.com/event Malware
2022-09-11 2 pseepsie.com/event Malware
2022-09-11 2 pseepsie.com/custom Malware
2022-09-11 2 megalink.pw/rNtfae Malware
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-10 2 fleraprt.com Sinkholed
2022-09-11 2 glizauvo.net Sinkholed
2022-09-11 2 eehuzaih.com Sinkholed
2022-09-11 2 oaphoace.net Sinkholed
2022-09-11 2 eehuzaih.com Sinkholed
2022-09-10 2 perryvolleyball.com Sinkholed
2022-09-10 2 phosphatepossible.com Sinkholed
2022-09-10 2 perryvolleyball.com Sinkholed
2022-09-10 2 phosphatepossible.com Sinkholed
2022-09-10 2 phosphatepossible.com Sinkholed
2022-09-10 2 phosphatepossible.com Sinkholed
2022-09-10 2 phosphatepossible.com Sinkholed
2022-09-10 2 phosphatepossible.com Sinkholed
2022-09-10 2 phosphatepossible.com Sinkholed
2022-09-10 2 unseenreport.com Sinkholed
2022-09-11 2 glizauvo.net Sinkholed
2022-09-11 2 oaphoace.net Sinkholed
2022-09-11 2 eehuzaih.com Sinkholed
2022-09-11 2 oaphoace.net Sinkholed
2022-09-11 2 glizauvo.net Sinkholed
2022-09-11 2 glizauvo.net Sinkholed


Files

URL tovanillitechan.com/15?rnd=2645750261&z=4938389&var=&rb=jtLFRALHz7gbA49CGre (...)
IP  139.45.197.239
Magic gzip compressed data, max compression\012- data
Size 660
MD5 5860c780c8e9daa4f852038f02b5bdc2
SHA1 c75c8b4db36bffe075ce493f06d011f855d5541a
SHA256 f11b9f8e851e15c0c6abd53a9994c6dcef78ceeebd0f0b8bbde610fec8332c85
Analyzer Analysed Verdict Comment
VirusTotal 0/0
URL dozubatan.com/500/4938388?excludes=14745758&oaid=5c8b0a45c4fb4961a57f3ed00a (...)
IP  139.45.197.237
Magic gzip compressed data, max compression\012- data
Size 760
MD5 24badabba487ae623eec35a101f55ecc
SHA1 1d146f28493e89c1aab6f8f113ed42e4b75c5467
SHA256 2e20c4a1e248ade5ec10c1cb76ebde7b13d5b8e1bd2de1ae5c3e6962b66d73c7
Analyzer Analysed Verdict Comment
VirusTotal 0/0


Passive DNS (42)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS r3.o.lencr.org (20) 344 2020-12-02 08:52:13 UTC 2022-09-11 04:30:20 UTC 95.101.11.115
mnemonic passive DNS pseepsie.com (11) 132332 2021-03-12 04:11:08 UTC 2022-09-10 17:07:25 UTC 139.45.197.250
mnemonic passive DNS eehuzaih.com (3) 0 2022-02-21 11:12:25 UTC 2022-09-10 14:09:24 UTC 139.45.197.237 Unknown ranking
mnemonic passive DNS tzegilo.com (1) 0 2022-01-14 15:27:15 UTC 2022-09-10 21:46:55 UTC 104.21.22.169 Unknown ranking
mnemonic passive DNS static.a-ads.com (1) 34827 2013-06-01 16:47:05 UTC 2022-09-10 15:12:25 UTC 213.239.209.209
mnemonic passive DNS fleraprt.com (1) 0 2022-01-14 22:55:14 UTC 2022-09-11 05:00:21 UTC 139.45.195.254 Unknown ranking
mnemonic passive DNS unseenreport.com (1) 0 2022-03-30 14:33:17 UTC 2022-09-10 10:16:05 UTC 192.243.59.20 Unknown ranking
mnemonic passive DNS creepingbrings.com (1) 0 2022-05-27 14:56:26 UTC 2022-09-11 05:04:04 UTC 104.21.234.233 Unknown ranking
mnemonic passive DNS megalink.pw (2) 0 2017-08-28 04:08:35 UTC 2022-09-11 03:06:29 UTC 172.67.204.111 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-11 00:34:13 UTC 143.204.55.27
mnemonic passive DNS perryvolleyball.com (2) 0 2022-08-25 13:05:48 UTC 2022-09-11 03:02:17 UTC 192.243.59.13 Unknown ranking
mnemonic passive DNS redrotou.net (3) 145989 2021-03-16 05:03:50 UTC 2022-09-10 14:41:29 UTC 139.45.197.251
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-09-11 04:57:20 UTC 34.120.237.76
mnemonic passive DNS glizauvo.net (4) 0 2022-05-04 17:35:51 UTC 2022-09-10 22:26:18 UTC 139.45.197.236 Unknown ranking
mnemonic passive DNS oaphoace.net (3) 0 2022-05-04 17:35:14 UTC 2022-09-10 04:50:41 UTC 139.45.197.239 Unknown ranking
mnemonic passive DNS phosphatepossible.com (7) 0 2022-09-03 20:30:35 UTC 2022-09-11 02:34:44 UTC 173.233.137.52 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-11 04:55:37 UTC 44.237.163.41
mnemonic passive DNS moundgrandmotherel.com (2) 0 2021-06-15 01:26:27 UTC 2022-09-09 06:38:46 UTC 192.243.59.20 Unknown ranking
mnemonic passive DNS ocsp.sectigo.com (4) 487 2018-12-17 11:31:55 UTC 2022-09-11 05:07:45 UTC 104.18.32.68
mnemonic passive DNS ajax.googleapis.com (1) 12905 2019-10-15 17:52:08 UTC 2022-09-11 00:12:21 UTC 216.58.211.10
mnemonic passive DNS www.gstatic.com (1) 0 2016-07-26 09:37:06 UTC 2022-09-10 04:47:02 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS cdn.yourwebbars.com (1) 62037 2021-01-29 17:47:27 UTC 2022-09-11 02:34:45 UTC 104.26.6.19
mnemonic passive DNS ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.158
mnemonic passive DNS fonts.gstatic.com (5) 0 2014-08-29 13:43:22 UTC 2022-09-10 04:46:45 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS simplewebanalysis.com (2) 0 2022-02-25 04:06:25 UTC 2022-09-10 14:03:09 UTC 52.59.153.168 Unknown ranking
mnemonic passive DNS my.rtmark.net (3) 9054 2017-08-22 14:11:49 UTC 2022-09-11 04:33:22 UTC 139.45.195.8
mnemonic passive DNS offerimage.com (2) 304078 2019-06-10 11:11:53 UTC 2022-09-10 21:46:55 UTC 104.22.32.172
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-11 04:58:07 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2022-09-11 05:39:15 UTC 93.184.220.29
mnemonic passive DNS ocsp.pki.goog (9) 175 2017-06-14 07:23:31 UTC 2022-09-10 04:46:29 UTC 142.250.74.3
mnemonic passive DNS e1.o.lencr.org (3) 6159 2021-08-20 07:36:30 UTC 2022-09-10 06:41:01 UTC 95.101.11.115
mnemonic passive DNS cdn.sb4you1.com (4) 22321 2021-09-16 11:26:58 UTC 2022-09-11 05:04:05 UTC 104.21.51.177
mnemonic passive DNS onmarshtompor.com (1) 24517 2020-10-19 12:36:32 UTC 2022-09-10 20:18:25 UTC 139.45.197.243
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-11 04:40:13 UTC 143.204.55.35
mnemonic passive DNS tovanillitechan.com (8) 0 2022-07-22 05:21:08 UTC 2022-09-11 03:19:28 UTC 139.45.197.239 Unknown ranking
mnemonic passive DNS dozubatan.com (5) 33479 2021-05-18 14:02:27 UTC 2022-09-11 03:19:28 UTC 139.45.197.237
mnemonic passive DNS www.recaptcha.net (1) 2060 2017-06-22 10:23:09 UTC 2022-09-11 05:04:28 UTC 142.250.74.131
mnemonic passive DNS mediasama.com (15) 166244 2015-11-22 05:12:08 UTC 2022-09-11 05:00:46 UTC 144.217.67.42
mnemonic passive DNS bedrapiona.com (2) 34930 2020-05-08 13:43:48 UTC 2022-09-11 03:19:27 UTC 139.45.197.234
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-11 00:21:41 UTC 142.250.74.10
mnemonic passive DNS ad.a-ads.com (2) 26970 2013-04-19 21:54:57 UTC 2022-09-11 05:56:05 UTC 213.239.209.209
mnemonic passive DNS cdn.cloudimagesb.com (1) 23099 2021-02-12 16:15:41 UTC 2022-09-10 12:44:09 UTC 45.133.44.10


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.204.111

Date UQ / IDS / BL URL IP
2022-11-21 13:11:01 +0000
0 - 0 - 0 kukaj.io/ 172.67.204.111
2022-10-07 16:52:30 +0000
0 - 0 - 31 megalink.pw/jlV2l 172.67.204.111
2022-09-11 06:37:49 +0000
0 - 0 - 29 megalink.pw/rNtfae 172.67.204.111
2022-09-10 08:40:46 +0000
0 - 0 - 21 sophisticated.eyelocation.fun/ 172.67.204.111
2022-09-10 06:20:31 +0000
0 - 0 - 22 confidence.eyelocation.fun/ 172.67.204.111

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-02 12:06:04 +0000
0 - 0 - 1 gracefultile.cn/ 172.67.138.1
2022-12-02 12:05:41 +0000
0 - 0 - 3 totakecashsurvey.top/finance-survey.html?z=53 (...) 104.21.44.215
2022-12-02 12:05:31 +0000
0 - 0 - 1 gracefulmerchandise.top/ 188.114.96.1
2022-12-02 12:05:24 +0000
0 - 0 - 2 protechnodeals.com/campaigns/ce5783hrbrae0/tr (...) 104.21.25.209
2022-12-02 12:03:58 +0000
0 - 0 - 3 fuckmefast.com/fr/ms/1-283022-0/ 188.114.96.1

Last 5 reports on domain: megalink.pw

Date UQ / IDS / BL URL IP
2022-10-07 16:52:30 +0000
0 - 0 - 31 megalink.pw/jlV2l 172.67.204.111
2022-10-07 16:52:09 +0000
0 - 0 - 38 megalink.pw/3XePg 104.21.85.98
2022-09-11 06:37:49 +0000
0 - 0 - 29 megalink.pw/rNtfae 172.67.204.111
2022-09-09 06:38:43 +0000
0 - 0 - 39 megalink.pw/tk8VS1 104.21.85.98
2022-09-07 22:41:09 +0000
0 - 0 - 31 megalink.pw/07xhsn 104.21.85.98

No other reports with similar screenshot



JavaScript

Executed Scripts (38)


Executed Evals (3)

#1 JavaScript::Eval (size: 80, repeated: 1) - SHA256: fb544a2ab6f013c47d51cf3f88c8830b87ee97926be88c88ac84b21a6f8c513f

                                        (() => {
    const a = async
    function name() {};
    window['rsvj85hsy6b'] = true;
})()
                                    

#2 JavaScript::Eval (size: 80, repeated: 1) - SHA256: bc9daa559d6e99b737f43d9d0f3b768d8f2d747057abeb4bbad923034417f562

                                        (() => {
    const a = async
    function name() {};
    window['2gu8kqftnr6'] = true;
})()
                                    

#3 JavaScript::Eval (size: 2065, repeated: 1) - SHA256: 2413a47888efe6cc1a6d21b46d49c45b936cc116eb8800dfbd938fde5575612b

                                                       (function() {
                   var bn;
                   if (bn = document.getElementById('atLink-be25a95aa25af499fcbe3767f5a57a66')) {
                       var callback = function() {
                           (new Image()).src = '//perryvolleyball.com/clk.gif?landing_id=3569807&placement_id=17013292&sid=H4sIAAAAAAAC%2F1STz4sdxRbHq5PhweOt3iObR%2FxxERcKmZmu%2FlHdbRAxxpHgmIRE0Z3Ur74pp293U9V9%2B2ZWIQEJgni3uur5ziRBE0T%2FAIPcCQgGhVxXs3D%2BCSFu5Y6DV8%2FmnO%2F5nsWnqk59vNMeEh8tPzj%2FTrVtioKvx2v%2B4KUPKD072DRlOxlMUvYhi84O7PiVjK35Lw%2Fe0nKrWg986vvUp4MNY3VeTdYXJkz9IKNrmb8WBWs0jjCx%2F9Su9eC4BzU%2BJP%2BDUfOVR94pGDlDOfrmvHZbTVWfeXPUFrypLMbq3nvlVll1JUbLMrce8vLe8TQq92TjIaryzhEuqvFfg8LMiffDQ4jy3jEkxHjviFMU0CWE%2Bg%2B68Qy6mMHwGWR1C0Y9IYBUuHgJ5ejuxcp2%2FPqfLl%2B4c7Ly9DeYbk5Wfj2FcvT1ucJMBlerom1MVTpM8h5mMoMZzlC3%2B2i2T8B0%2B5DNTRj1M1l%2FuolytHfJFRWMOnhRhbHiXOSrcZKw1YipYDUNKV8VLE0Zy6jMeHR0QcbMYPIZCj0FdyfROg%2Bt8dDmHtraw0gdDCSlNPGV5H6aSRmqRAumfMqTnHLqsxStXJxhiqaeQhZTSHsDtb2BLTOFbb%2BHu3ZwN2aBEkkWSiFCrXMqwlAFMo%2FzIFI8jnmkslSziEVRzAPGdRplWumAx1nME6oSpaWKaRLkkvt5wsJMZDoLNA%2FzhKV5yGiYJSrUYUalVjRjgqehr6UO8lylUZCIQAo%2F8FPKpBCSM62TgCWxiCn3Y53rBQeVcMqDawjGqkenCTpH0HGCzhB0DUE37u%2BowgWuv6sK1wp6nIPjHPa7VTPc4XeqZqhLslMfkv8u3tc7%2BcUZbOmDgdBBzLOY8yDmeZRluRQ6TFiSxzxOOGNwpodxJ8Cdh20zJ6evforazMnK8z9B8H24Yh%2FSvADengbvdiOWgl8D87Fd3h%2FpIS9MubVWd1BVj7pZQXPd2ykOyf%2BPtoxNPoOWj8lxQNoete3xkXlEMCxu716pOrJ3peoc%2BfZS3ZiR2eaLDbza8Eb%2F66u39fWusurCeTf98nW5MBblg3e1azZ5qUw5dOT%2BOaOUthuVlZp8d8G9r8Xl1l0719qyrTcvv7FxYVRb7Zypyhm4eaJ%2FhDRz8u9PXj36Ws98%2FjuMncG2PUbtktRU%2B5D1Dbh62XMVgS2WWtQEXdvv2kAsm4UhKPRSc9HD%2FU2LZb3jbmNonwNvbqEc9RjbHuOiBy%2BmcO3J3aa2j1%2F7JTwKiMLbFYUle6KwC98cDKI4ilkeJjJiKlVJHPoZV5rmmYrCKMlzNG4un70Z%2FwEAAP%2F%2FAQAA%2F%2F%2BeFEkxIAUAAA%3D%3D&psid=';
                       };
                       if (bn.addEventListener) bn.addEventListener('click', callback, false);
                       else if (bn.attachEvent) bn.attachEvent('onclick', callback);
                       else bn.onclick = callback;
                   }
               })();
                                    

Executed Writes (2)

#1 JavaScript::Write (size: 120, repeated: 1) - SHA256: 16830b52827a56f74221d6ac2f1e97dfaa9140ee0dbbb99acccf7e86b57293ad

                                        < script type = "text/javascript"
src = "https://moundgrandmotherel.com/be25a95aa25af499fcbe3767f5a57a66/invoke.js" > < /script>
                                    

#2 JavaScript::Write (size: 7, repeated: 1) - SHA256: 2f26233595d165e6868c5bb9e5e835506039e72c61a36a1bafb0827abfe746a5

                                        Firefox
                                    


HTTP Transactions (147)


Request Response
                                        
                                            GET /rNtfae HTTP/1.1 
Host: megalink.pw
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.67.204.111
HTTP/1.1 301 Moved Permanently
                                        
Date: Sun, 11 Sep 2022 06:37:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 07:37:37 GMT
Location: https://megalink.pw/rNtfae
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5TgBZfa%2B94desDqGBfIMuHIK9F3i2posnqoRVqEgIBBg0MBKuSYuOJnnScUxkdHUxoAtP9LZ22tHovZzi6kwvtlDZ%2FvEBve3e66iRKyzqnfUg33YFCJmhYwwfmzWw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 748e65574e56b511-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15789
Expires: Sun, 11 Sep 2022 11:00:47 GMT
Date: Sun, 11 Sep 2022 06:37:38 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 06:07:22 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PgUGKdVh2qx7Mgrf9NPRq55_ZyF5npL6C3kx4etcRNgBV7KMSjqMbA==
Age: 1816


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    99b7d23c1748d0526782b9ff9ea45f09
Sha1:   eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
Sha256: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BeNEG0689dM5SFQ6lLA2e-KtQOILba3GYAsVVyjlEqMEWe36unBnfQ==
age: 84026
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:38 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 05:56:07 GMT
Expires: Sun, 11 Sep 2022 06:17:39 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HHDt5JzHjjK0Sje5phlJFTq7KGf_mn_7_wrh9Wg4KuSjazgm9N5jFQ==
Age: 2491


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6063
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 06:37:38 GMT
Last-Modified: Sun, 11 Sep 2022 04:56:35 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8xXqDIzMBkRHGuNnJHbqdQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         44.237.163.41
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NCb0jj/VwrClY3E6G9rx6ie2hck=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9D43731C37F8D892E3678BA1F1D56584E548177898D353240B235059D3796AFB"
Last-Modified: Sat, 10 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11557
Expires: Sun, 11 Sep 2022 09:50:16 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive

                                        
                                            GET /5c/38/51/5c3851391068a309eed36b1eec6217ca.js HTTP/1.1 
Host: moundgrandmotherel.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.9
Date: Sun, 11 Sep 2022 06:37:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f33c3e84ab2867b740c9897b0e27b11a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (37127), with no line terminators
Size:   13400
Md5:    d0b424d4039cee8e3e8c6b11158ffea0
Sha1:   c57102d0ca8680a263f7acc66e62736e46972a00
Sha256: 47a3a347de9b6282c006d80fb9edcf37be4ae52a5502295ed719aaf9e8ea8363
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C28C8D0FDE1E99E09FA20E0DEAD1AF0241821CE8B43668E1A5CBA54F496F2DD6"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1595
Expires: Sun, 11 Sep 2022 07:04:14 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /be25a95aa25af499fcbe3767f5a57a66/invoke.js HTTP/1.1 
Host: moundgrandmotherel.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.9
Date: Sun, 11 Sep 2022 06:37:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 35e541f605c6a1ead4ca2180a0ef49a8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Size:   9780
Md5:    143b22836ff4b1fa91a94e45474dce86
Sha1:   9efb55435860e9796d4256c96d00d0d861ad0a53
Sha256: 6133709751d4aa136914f02e8ec489f534808b386061e6e472476f18c0d1ec18
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:10:21 GMT
expires: Wed, 06 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 394038
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size:   23580
Md5:    e1b3b5908c9cf23dfb2b9c52b9a023ab
Sha1:   fcd4136085f2a03481d9958cc6793a5ed98e714c
Sha256: 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E4861BF5C385CF5EC5BDDFFFEB5BBA940A1B90CF43B9AE74FAF744A774EC300B"
Last-Modified: Sat, 10 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11232
Expires: Sun, 11 Sep 2022 09:44:51 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive

                                        
                                            GET /s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:17:25 GMT
expires: Wed, 06 Sep 2023 17:17:25 GMT
cache-control: public, max-age=31536000
age: 393614
last-modified: Tue, 26 Apr 2022 16:04:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 23236, version 1.0\012- data
Size:   23236
Md5:    716309aab2bca045f9627f63ad79d0bf
Sha1:   38804233a29aaf975d557fe14e762c627bef76e0
Sha256: 115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
                                        
                                            GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:10:21 GMT
expires: Wed, 06 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 394038
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size:   23040
Md5:    de69cf9e514df447d1b0bb16f49d2457
Sha1:   2ac78601179c3a63ba3f3f3081556b12ddcaf655
Sha256: c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
                                        
                                            GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:15:31 GMT
expires: Wed, 06 Sep 2023 17:15:31 GMT
cache-control: public, max-age=31536000
age: 393728
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Size:   22504
Md5:    1c6c65523675abc6fcd78e804325bd77
Sha1:   898d9808304dc157f5dcb18ca169ec6e2b96b3d7
Sha256: 08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C8234C29A40C4F976A9DD5A04B973533732BF3F3E791DFC579E9AE145D5977EC"
Last-Modified: Thu, 08 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17381
Expires: Sun, 11 Sep 2022 11:27:20 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F405CB0D4D718252E4CE9EBFFC148D3AD4F41CEDBB92C40E4C594AAB026ACEE0"
Last-Modified: Sat, 10 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7742
Expires: Sun, 11 Sep 2022 08:46:41 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:39 GMT
Content-Length: 281
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 21:53:51 GMT
Expires: Fri, 16 Sep 2022 21:53:50 GMT
Etag: "056bbe74180f46aba870c1e675d518c1c8143fba"
Cache-Control: max-age=486370,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748e6564196bb4f3-OSL

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C26F4B84732DF6359F7CAA0227F99100EDAAF5FFA0F2A4A267D5931AAF7C2B9F"
Last-Modified: Sat, 10 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6476
Expires: Sun, 11 Sep 2022 08:25:35 GMT
Date: Sun, 11 Sep 2022 06:37:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 06:37:39 GMT
Last-Modified: Sun, 11 Sep 2022 06:13:54 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DpcvYqe0ix6IDINliZKRBhgSiQ3OpKgebY6fpuiWfuOyY3-pKyHViQ==
Age: 1425

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         52.59.153.168
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 11 Sep 2022 06:37:39 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
set-cookie: uid_id2=92c67ce9-d647-43aa-b5a5-a3abef616f53:1:1; expires=Wed, 08 Sep 2032 06:37:39 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    22c77a195bc41b7267a02ad4f5262366
Sha1:   1be704b2c4873a0f32a8f1ac01f83779a2762c0b
Sha256: 85f44c89bdcc1bf8517d250e5eb84fcd39d71826878707e06d086ee74af8d8ad
                                        
                                            POST /zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1 
Host: redrotou.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         139.45.197.251
HTTP/2 200 OK
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
content-length: 0
x-trace-id: fb4d7ee0fe3becd32efec502df399251
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 06:37:39 GMT
Last-Modified: Sun, 11 Sep 2022 05:25:44 GMT
Server: ECS (nyb/1D0B)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ttXxPubtP0b7h76ZaUPnu0ZQrVYz_gzdJhzYg6RSRjERNGuMykU7_A==
Age: 4315

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         52.59.153.168
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
set-cookie: uid_id2=d35daabf-5776-46d2-831a-b6886691c9a4:3:1; expires=Wed, 08 Sep 2032 06:37:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    7f0afc29c3a012292f231f29bad2b7a8
Sha1:   26ea71c04c330b67b50c50185f3af3f05f903ef7
Sha256: 5c0549d9b4b4650692c2ff5fda5dcec456c05c216120e9e3ccd4b79a18b73e36
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10955
Expires: Sun, 11 Sep 2022 09:40:15 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            GET /css?family=Lato:300,400,700,900 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Sep 2022 06:37:38 GMT
date: Sun, 11 Sep 2022 06:37:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   25500
Md5:    0cd0e601d96a3c3ca28f268608e74c5f
Sha1:   03bdee19528554818fa9cf3f8d375a0fc7181e3b
Sha256: c2baa5cd85690ce250bc47b874108d9b91af73ee5291dc95339a843b3de87ae5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10955
Expires: Sun, 11 Sep 2022 09:40:15 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10955
Expires: Sun, 11 Sep 2022 09:40:15 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5752
x-amzn-requestid: 622ffff0-1bd5-4eb4-a9ff-eb54c5ae44a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBrqiFiToAMF0tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f310-49efdcc572b4fad3543f857d;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:13:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VKsU4S6tKOso216JLUWn7b1bKDyfruIVukt98JooNCjwaXDT9bkPYQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:44:02 GMT
age: 32018
etag: "c4d17e3ea44ef6dee9819c1586424e5f056f149c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5752
Md5:    12666d69f9af3ceb23fdfc2100bd3226
Sha1:   c4d17e3ea44ef6dee9819c1586424e5f056f149c
Sha256: 054236a4d1f88a486f48b8f3a8ac01d21ec2179d5b1f3fc9791d0982d07a88a2
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10955
Expires: Sun, 11 Sep 2022 09:40:15 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7a9494e-0e8b-451b-806d-72da68860cab.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16983
x-amzn-requestid: adf7a560-2f6c-41ba-97b2-860515511e5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YH-CxFp-oAMF9yg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631976de-5f4efe0a705012957cf8bbd4;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 05:00:14 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: uoEqiA2HIn5Nbw3RBIqKrCguG-0mLFNBtkB-r3RMitCoJE3fX6wq4w==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 05:27:48 GMT
age: 4192
etag: "5ce0bc5b075b97639453d67d4f3cea61289b7698"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16983
Md5:    4c65d6ae04a64d9d01439fb4fca3f017
Sha1:   5ce0bc5b075b97639453d67d4f3cea61289b7698
Sha256: eb48687a5974542d11882f854a86ff083528957b0fbc61c797167d8f04e0ffa9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234d0658-5bd0-4cc9-a828-3300a0005951.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9319
x-amzn-requestid: 44d731e9-1da0-4ad0-9fbb-1b170fac3bf0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XnTxaFtpIAMFWAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c666f-2e155359546dae806f6dbfe2;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 07:10:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: a4f99UhuEWfzdGyMv22TnGq98xCUpM1at-u8BNxNrDUSNC4yfHLHVw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 32226
etag: "84e4a39c92ab111cc1072f898990cea6b05da6cf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9319
Md5:    de6622cfd812509b317913e1a5e9cfc8
Sha1:   84e4a39c92ab111cc1072f898990cea6b05da6cf
Sha256: 6d41b564c2e15215d05ba74ba2ae08abf74f6aef9e58e808d31afc6d1ba123af
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7017
x-amzn-requestid: df5e57d7-e54c-4b5a-aa1b-a9aee889842e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_Et0oAMFSjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-50d15bba03579a935342e22f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LsqH-LbjMGWrhYB93Qkvq2qVhqNs-3MWgrrOFzC8qPcY3fF5ujSD_g==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:54:44 GMT
age: 31376
etag: "c893d7475856809a59486e0bcebd6d662d1fc56f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7017
Md5:    fea5dfc4a6a5093fd81899ee4a79d446
Sha1:   c893d7475856809a59486e0bcebd6d662d1fc56f
Sha256: 915fb97690be97d97cb298fc60ceb4cf7c3ed8fb437836beb2d590a8e238363c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mNvNO0HJjZ1zwPKcjfqiVOnCL0CYXc8BPDSFbV6MXVW71IVt-2K3mQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:54 GMT
age: 31846
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6889
Md5:    57d797a1c3f6589746a1135bdb19f54f
Sha1:   7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
Sha256: ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe
                                        
                                            GET /1959918?size=320x100 HTTP/1.1 
Host: ad.a-ads.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         213.239.209.209
HTTP/2 200 OK
content-type: text/html;charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megalink.pw/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   10970
Md5:    52d591bb0a8b77ff018e15362ba36780
Sha1:   7b8d3571e7cdd1f26533b8444f283dce50656779
Sha256: 274b783b77660ac7c9dea7bbfdbc0b607d2eba0db2999f9e47ef2d8cec446440
                                        
                                            GET /zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1 
Host: redrotou.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.251
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 693
x-trace-id: 6e763fc136a0faa697cfaccc0ce93fe5
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (692)
Size:   693
Md5:    72481a223a98b912ed0ce00820703df6
Sha1:   0d235897166143bb8a7cd2a8adff4b1078f22ca8
Sha256: bce31b58adc15232d970f17c259f2eeaaed78a775053644a4b13cdc36e7706a4
                                        
                                            GET /a-ads-banners/402060/320x100?region=eu-central-1 HTTP/1.1 
Host: static.a-ads.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         213.239.209.209
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 64235
x-amz-id-2: kCc4w1c9dnghPHEWNghZL8IKh5MoDfB97aXWT1jLEORBuoQcvFfMjpouHhji/EY3BUADHYHc1ws=
x-amz-request-id: 3E7FTRNFS5AKJQ0Z
x-amz-replication-status: COMPLETED
last-modified: Tue, 12 Jul 2022 11:33:36 GMT
etag: "c5d91f9d5e928ea39ab56a508637f531"
cache-control: max-age=315360000
x-amz-version-id: hqiIKL1mtUhyzYTnOmRYIO_6O8pp7MYs
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 320 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size:   64235
Md5:    c5d91f9d5e928ea39ab56a508637f531
Sha1:   d1f4fa901029feab781149c11040637e0d5830b0
Sha256: d978bd7d26a67cc7df9894f8ebfa65e1dd85ffbcabc2e20a52b9662977e41816
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7FADCE366CD829219A6788DBADCD8B53E4256FD97B8CF2CBD5805442E4DAE670"
Last-Modified: Fri, 09 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13862
Expires: Sun, 11 Sep 2022 10:28:42 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:40 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=387459,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748e65675cc9b4f3-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:40 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=387459,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748e65679ae00b06-OSL

                                        
                                            GET /gid.js HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    a9bae7771c9f230371c80ecf8f21872c
Sha1:   d7d7fa3f6c43a56eff4842b31be7a361599b5b83
Sha256: b34b4e1e7dee29167a99f9209ccdef85b66259541f449632ea382865ff9befc2
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA58B3CD5DE013F45B0175190286EB420E661C09062D9987E2D5050036F56D29"
Last-Modified: Sat, 10 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14646
Expires: Sun, 11 Sep 2022 10:41:46 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7B201DF703D754C1D247EFF3A7594550FCB1618A79A128BB01571AA868BC9BFE"
Last-Modified: Sun, 11 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17576
Expires: Sun, 11 Sep 2022 11:30:36 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            GET /gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var= HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ffa15a22252949d8b2e21f78b594c9af; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    88a5e0113fe9cf73ccb33121ca03d5b6
Sha1:   d98e5cf07e9092b39c45781ae05761a3d3e251e9
Sha256: 610fbbf227e0a06bba04e9e947e412ce1fb2537e30009d31771a71fbe429d9e7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:40 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 12:52:23 GMT
Expires: Thu, 15 Sep 2022 12:52:22 GMT
Etag: "e4b0ac57e7c2d6d00e508cd99231b0f8d58942af"
Cache-Control: max-age=367481,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748e6567ed57b4f3-OSL

                                        
                                            POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1 
Host: fleraprt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: text/plain;charset=UTF-8
Origin: https://megalink.pw
Content-Length: 1998
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.254
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Sun, 11 Sep 2022 06:37:52 GMT
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    adb4650bfc9d2a73d4dd69583b0ceb14
Sha1:   1ce399d6e936232aaf2192cd7903a279c5015f22
Sha256: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pfe/current/tag.min.js?z=4938390 HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-3a38"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  C source, ASCII text, with very long lines (14904), with no line terminators
Size:   6080
Md5:    8ba24e254e8cf4c30030be76cab3f59b
Sha1:   4862a4dadd99c622472827dc2cd445de99c3a08d
Sha256: b1811da0aa9baab3b0393d89b9a36102334959e155e80c35043a024db6e347d1
                                        
                                            GET /42/38?z=4938389 HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=acbc7162b31f4e7abf6fba8849d68469; oaidts=1662878260
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 64532444a6566fa8c843c79126b2b6f4
access-control-expose-headers: X-Sc
set-cookie: OAID=acbc7162b31f4e7abf6fba8849d68469; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7141212B147E753B73ED80DDE317941BD35EF26637700918BC36CE22E08109FF"
Last-Modified: Fri, 09 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17604
Expires: Sun, 11 Sep 2022 11:31:04 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            GET /zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3= HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 664
x-trace-id: 9e93f0b7641786cc9bbf55a23425f383
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (663)
Size:   664
Md5:    31d6fae447f2fe566c6a9a70e588825d
Sha1:   6248b5a173a856178cdfdd5ee4c717d207626675
Sha256: cf01dbfc60ce075d1d9e1febfdd66b628ab3dcaddeb5f3c5e362e82203cb59a9
                                        
                                            GET /pfe/current/universal.min.js?v=3.1.392 HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 05 Sep 2022 12:32:41 GMT
If-None-Match: W/"6315ec69-20481"
TE: trailers

                                         
                                         139.45.197.250
HTTP/2 304 Not Modified
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: "6315ec69-20481"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2

                                        
                                            GET /zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3= HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 664
x-trace-id: 26582d6091f6901d8e642a109b60bd33
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (663)
Size:   664
Md5:    31d6fae447f2fe566c6a9a70e588825d
Sha1:   6248b5a173a856178cdfdd5ee4c717d207626675
Sha256: cf01dbfc60ce075d1d9e1febfdd66b628ab3dcaddeb5f3c5e362e82203cb59a9
                                        
                                            OPTIONS /500/5293711?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: glizauvo.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.236
HTTP/2 200 OK
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            OPTIONS /500/4943451?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: eehuzaih.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.237
HTTP/2 200 OK
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            OPTIONS /500/5293715?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: oaphoace.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B7AB0757BE22EFF55A38052AE741FC087AD317A904393010E7A529493B4317E4"
Last-Modified: Fri, 09 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6591
Expires: Sun, 11 Sep 2022 08:27:31 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2D202B32D453153ECBA07114225F07B281C8A69616533A8378A9983A6B24E303"
Last-Modified: Thu, 08 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7649
Expires: Sun, 11 Sep 2022 08:45:09 GMT
Date: Sun, 11 Sep 2022 06:37:40 GMT
Connection: keep-alive

                                        
                                            GET /500/4943451?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: eehuzaih.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=37a17dafc2824bc9a06c49730da38532
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
x-trace-id: 6c0ef375c449b7ccc849b9706b169c35
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (1417), with no line terminators
Size:   1145
Md5:    bf92884c33eb6369a109955ec49a3127
Sha1:   6eb67d0e1cfdc9ecb985fa34ce2025802b3ef4d9
Sha256: 1809256401de9f5b3f98fc89df8a011280fed8ded507e54649e86f2a08033e66

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1 HTTP/1.1 
Host: perryvolleyball.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.13
HTTP/1.1 307 Temporary Redirect
Content-Type: text/html
                                        
Server: nginx/1.17.6
Date: Sun, 11 Sep 2022 06:37:40 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://megalink.pw
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Credentials: true
Location: https://perryvolleyball.com/watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1&shu=562db793cbb3eef1b33d2cf5f24da55a4d98e646445a26ae849ede2a595a71d7decd5172fca0f7639b9e92ea3f768f361397d3e391ced196ba830ece2ffd8427b2cb020816cbbca6ee72675b51a05efef24d1c&pst=1662878320&rmtc=t
Set-Cookie: u_pl=17013292; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzAxMzI5MiwiayI6ImJlMjVhOTVhYTI1YWY0OTlmY2JlMzc2N2Y1YTU3YTY2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzkwODYxLCJwaWQiOjI3MDI4NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNCwiYWlkIjoyNywicHQiOjQsInBrIjoiZ3V4M3l4dnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVnYWxpbmsucHcvck50ZmFlIn19.axNZ0TFo3Q_En7zFjnxwYSs-v3h_NtOIRACZ0tJJ4pk; expires=Sun, 11 Sep 2022 06:38:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bb9f874862e09f7390ff41f0f364eec9
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            OPTIONS /500/4938388?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: dozubatan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.237
HTTP/2 200 OK
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /sbar.json?key=5c3851391068a309eed36b1eec6217ca HTTP/1.1 
Host: phosphatepossible.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         173.233.137.52
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://megalink.pw
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17013269; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None pdhtkv=true; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None uncs=1; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None pdhtkv29=true; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None uncs29=1; expires=Mon, 12 Sep 2022 06:37:40 GMT; secure; SameSite=None slec5c3851391068a309eed36b1eec6217ca=[3364902]; expires=Sun, 11 Sep 2022 06:37:45 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8d76cbe747d0a691488a108608fb9d5b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5554), with no line terminators
Size:   4029
Md5:    0cc2c497ae0ca5768326c58e4cdfd925
Sha1:   76c4c8323ad793762d66a1c5b3febaa73ebbe507
Sha256: bedec4da4487061bcf55a67cb5f3cfd4e623926ad004fc69930edcef199cd46a

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /watch.992282280830.js?key=be25a95aa25af499fcbe3767f5a57a66&kw=%5B%22megalink%22%5D&refer=https%3A%2F%2Fmegalink.pw%2FrNtfae&tz=0&dev=r&res=12.31&uuid=d35daabf-5776-46d2-831a-b6886691c9a4%3A3%3A1&shu=562db793cbb3eef1b33d2cf5f24da55a4d98e646445a26ae849ede2a595a71d7decd5172fca0f7639b9e92ea3f768f361397d3e391ced196ba830ece2ffd8427b2cb020816cbbca6ee72675b51a05efef24d1c&pst=1662878320&rmtc=t HTTP/1.1 
Host: perryvolleyball.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Referer: https://megalink.pw/
Connection: keep-alive
Cookie: u_pl=17013292; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzAxMzI5MiwiayI6ImJlMjVhOTVhYTI1YWY0OTlmY2JlMzc2N2Y1YTU3YTY2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzkwODYxLCJwaWQiOjI3MDI4NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNCwiYWlkIjoyNywicHQiOjQsInBrIjoiZ3V4M3l4dnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVnYWxpbmsucHcvck50ZmFlIn19.axNZ0TFo3Q_En7zFjnxwYSs-v3h_NtOIRACZ0tJJ4pk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx/1.17.6
Date: Sun, 11 Sep 2022 06:37:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://megalink.pw
Access-Control-Allow-Origin: https://megalink.pw
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d35daabf-5776-46d2-831a-b6886691c9a4:3:1; expires=Sun, 18 Sep 2022 06:37:41 GMT; secure; SameSite=None iprca82575d9cc0ea673a847326914bb31bb=3569807; expires=Sun, 11 Sep 2022 10:37:41 GMT; secure; SameSite=None pdhtkv=true; expires=Mon, 12 Sep 2022 06:37:41 GMT; secure; SameSite=None uncs=1; expires=Mon, 12 Sep 2022 06:37:41 GMT; secure; SameSite=None pdhtkv27=true; expires=Mon, 12 Sep 2022 06:37:41 GMT; secure; SameSite=None uncs27=1; expires=Mon, 12 Sep 2022 06:37:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4e06b142cb2d367dfdac43af786b8170
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (2601)
Size:   2075
Md5:    d7bf19afa98a9b1271fdf35a66faaf72
Sha1:   d87e4b555c1a374c2b3365c65604ad7fa32394ac
Sha256: 0378a76e48e876a65e53cc83f0287136c5e07577383ab4b22e4fe8e57746b2ff

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6133
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 06:37:41 GMT
Last-Modified: Sun, 11 Sep 2022 04:55:28 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280

                                        
                                            OPTIONS /custom HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 0
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1 
Host: offerimage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.22.32.172
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 66121
last-modified: Mon, 12 Oct 2020 05:50:58 GMT
etag: "5f83eec2-10249"
expires: Sun, 11 Sep 2022 12:30:54 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 65207
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e656c1b020d3e-ARN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   66121
Md5:    3d08aacb36c7474e0d13b60f8f4adc14
Sha1:   e4af2de372b5e3a2211579a5973ef7ed160e7be4
Sha256: 54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c
                                        
                                            POST /custom HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 365
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 39
x-trace-id: 02806e079f74783e87e1162843beaeef
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   39
Md5:    058b158c2be925f556454ef762d93538
Sha1:   cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
Sha256: ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /11?rnd=2875222327&z=4938389&b=14170811&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=319 HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; oaidts=1662878260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: fd4ee4b79859d33ebd4ffcd1a9a4298c
access-control-expose-headers: X-Sc
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:41 GMT; secure; SameSite=None oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /121?rnd=307997228&z=4938389&b=14170811&c=5908031&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&bag=WTDpa5LbPNp_QJZCOXRSRPShLn18N4_b&ruid=c76f09c3-9347-49f9-933e-4db612908674 HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; oaidts=1662878260
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 302 Found
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 0
location: https://mediasama.com/starharem/01/s/index_rt.html
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: e3f205817a749e87f1a7b52b0cfb1e74
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /www/images/a563edd673308b2cd8cc1ec9c0543417.png HTTP/1.1 
Host: offerimage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.32.172
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 76281
last-modified: Tue, 07 Jun 2022 21:58:32 GMT
etag: "629fca08-129f9"
expires: Sun, 11 Sep 2022 22:09:32 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 30489
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e656d2c060d3e-ARN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   76281
Md5:    a563edd673308b2cd8cc1ec9c0543417
Sha1:   bff09cb9d8c3dadb244db8d24b6f58b8dfab6469
Sha256: bbd22caad95af25c9ccf019fe7499c74743b7ef4eaceeffe0781c3f64f054b0c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "46FA93A75D4BB081E5F0E3C098D97E5B9364364D29F6B1C814AE582DC675C110"
Last-Modified: Fri, 09 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17743
Expires: Sun, 11 Sep 2022 11:33:24 GMT
Date: Sun, 11 Sep 2022 06:37:41 GMT
Connection: keep-alive

                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bxRfHZ5scftLvBCoHQAWLAwIJObteZ23TQ0UJQRFpUxoQvcHszNgZPLuzmtnxOjlFrUC5IJkrp83XSaPSCoHElQo5lXqIQOpyyoH8DwipJw7IboThSav33n6%2Fh897b77cd2fEh6OnK9f0jlSKLi3X%2Fdobt4Lgcm1dpm5YG7ajT6Pm5ZoZvN2J6v6btfcF6%2Bulhh%2F4fuAHtVVpRFcPl6YiZPagE9Q7fr3ZqAfLTQzNf3vrPFjqgQ%2FOyPOQvFp85F2EZBOkyfcrwvZznb31XuIUzbXBgB99nPZTXaRI5mXXeOimR%2BduaPtk9SF0ejjDhR78Y4xlRbzHDxGnR%2BeQiAcHM85YQaSI%2Bf9RDCYQagJJJ2D6DiR%2FQgDGcX0DaXL3ujYF3X6m0qlakcWnf0IWFVn8%2FSLS5LurSg5rm1q5XOrUYtgtIYcTyN4EmTtGvnMBsjgGy29D8l%2FJ0tN1pMnBhlUakpez2aWcQHYnUGIEaj246Sc9uK4Hl3lI%2BGmNBUHQ8jmjfrvDWMhbIo64H9BWN6CBH7Xh2BRvhDwbgakRmNlFZnbRlyMY9zPsVgnLPdi8It6HuxjwEoUgKCxBQQkKSVDkBMWgPOTKNmx5lyvr4uA8N85zWI513tunhzrviZTsZ2fkuelevIVvXkBfnNaWWdheDsLOlIqGfkcIHkZxIASLGkGLUVhZQtoLs1F3ZEVe3vwKmazI4qu%2FIKbHsOoYTL4G6i6BFuNWwwfdGjfbPnbS%2B4noUSXTfj0rwHWJLF9Evu3tqzPy4uw84a3XIdjJlc%2Fia9Uf9%2F4CMyUyU%2BJz%2BYigp%2FbGN3VBDm7qwpIfNrJcJnKHTk%2B3mdNcLHz7gdgutOFrK3Z07x02Fablg4%2BEzddpymXas%2BT%2BVcm5MKvaMEF%2BWrOfiPiGs1tXnUldtn7j3dW1JDPCWqnTCaisCHl8AiYr8r8fD2ev8qUv9iDNBMaVSNwJOQ9IfQyW7cJmc36rF2DU3BNnHgpXjk0jnv9UkkCJeU%2FjEvZffTyv9%2B0eeuYV0PwO0qTEwJQYqBJUjWDdwjjPzMmV38JZIFbeOFbGO4iVUV8%2FW66Vp7VWGPo06iwHrRYVrbjZaHejgFPaaEaNKKIhcluxS7ebfwMAAP%2F%2FAQAA%2F%2F9h5%2FZdYAQAAA%3D%3D HTTP/1.1 
Host: phosphatepossible.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.233.137.52
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:41 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 93433343bb803cf0df498ee3d23714b0
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png HTTP/1.1 
Host: cdn.cloudimagesb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.10
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 67174
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:43 GMT
etag: "62e11c7f-10666"
expires: Tue, 13 Sep 2022 06:37:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size:   67174
Md5:    a98b4585db1c6db06d6857c73bb75fcb
Sha1:   02a896b08a79e873b2dd26200ee1f0665dc1c80a
Sha256: fc08e863ffafe25aa63fe8b60c2d5135fc5f52caf0abae4da3f1a90e0f8ed96c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "72091528600D4A22313AF10AF5ADC9B58F612F12232F7D83F905021EAB0A05FF"
Last-Modified: Fri, 09 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12994
Expires: Sun, 11 Sep 2022 10:14:15 GMT
Date: Sun, 11 Sep 2022 06:37:41 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1 
Host: www.recaptcha.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.131
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
expires: Sun, 11 Sep 2022 06:37:41 GMT
date: Sun, 11 Sep 2022 06:37:41 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 589
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (921), with no line terminators
Size:   589
Md5:    ccc21d0d49199fd4bd9459478d13cb73
Sha1:   133ae31908d06b58ddd61e1db51c277fd4cba47a
Sha256: 208faf9933968aa2e7d8ef5b5080d54e87d06c08c70824487213b0785fc8e0b6
                                        
                                            GET /starharem/01/s/index_rt.html HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sun, 11 Sep 2022 06:37:41 GMT
Server: Apache
Last-Modified: Wed, 20 Jul 2022 09:11:51 GMT
ETag: "17a0-5e438fdce23c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1525


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1525
Md5:    30597b59f3cb1eadf603fcfb21952340
Sha1:   baca3a552764959edd4fc56947acc9a4f33822de
Sha256: 6ac92da5b37d94c53f231a18bb88be006ae20f1724a63151a97ed918d86cb25d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 06:37:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   2058
Md5:    6c3301db90d6626d55f36ddb9c65ec2c
Sha1:   eb3f5c5e8d680215584354337ec10acaed0f0a56
Sha256: 54d781deaa474ab2f4424b6e6ba7f2858f3862d559750789c38f03ec1a63aa3f
                                        
                                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Sep 2022 02:36:40 GMT
expires: Mon, 11 Sep 2023 02:36:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
age: 14461
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30399
Md5:    0f83cadc148d2ad7e53c91f6c4ee05bb
Sha1:   90035c5fffedf4b0f099465f6b929a030b46c92b
Sha256: 3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
                                        
                                            POST /custom HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 373
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 39
x-trace-id: ed5f19be2ddeba40c1a1f0df2aef171c
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   39
Md5:    058b158c2be925f556454ef762d93538
Sha1:   cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
Sha256: ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /gid.js?pub=0&userId=3106d95ed79548d2854e3614b450589e&zoneId=4938390&checkDuplicate=true&ymid=&var= HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Cookie: ID=ffa15a22252949d8b2e21f78b594c9af
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:41 GMT
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ffa15a22252949d8b2e21f78b594c9af; expires=Mon, 11 Sep 2023 06:37:41 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    88a5e0113fe9cf73ccb33121ca03d5b6
Sha1:   d98e5cf07e9092b39c45781ae05761a3d3e251e9
Sha256: 610fbbf227e0a06bba04e9e947e412ce1fb2537e30009d31771a71fbe429d9e7
                                        
                                            GET /starharem/01/s/styles.css HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 06:37:41 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:29 GMT
ETag: "2638-5dc0be6400e82-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2406


--- Additional Info ---
Magic:  ASCII text, with very long lines (420)
Size:   2406
Md5:    8e7117f5f47cb6cde0a8e8eb38b16dbb
Sha1:   617fd3f0d3f420ee1967a20fb0b0af4ac34eca03
Sha256: 794f8aa66b6afcf9b7d9bfe5952860436dcfee6bf82e4368af6bc838ce89be98
                                        
                                            GET /recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157166
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:23:20 GMT
expires: Wed, 06 Sep 2023 17:23:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Sep 2022 00:04:24 GMT
age: 393261
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (539)
Size:   157166
Md5:    026df0dfed2314af108e700900288961
Sha1:   51c2a55bca7d65c549ef138d1294cac2aa98dd96
Sha256: 24eefc59f5d298ce40bdd33c8157ad14631984159fca8e5980037366c44c2b34
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3656
Expires: Sun, 11 Sep 2022 07:38:38 GMT
Date: Sun, 11 Sep 2022 06:37:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3656
Expires: Sun, 11 Sep 2022 07:38:38 GMT
Date: Sun, 11 Sep 2022 06:37:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3656
Expires: Sun, 11 Sep 2022 07:38:38 GMT
Date: Sun, 11 Sep 2022 06:37:42 GMT
Connection: keep-alive

                                        
                                            GET /starharem/01/s/js/main.js HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:50 GMT
ETag: "516-5dc0be78000b5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 549


--- Additional Info ---
Magic:  ASCII text
Size:   549
Md5:    d8fa8e233a4db9fbce0c20d9a57a06fe
Sha1:   2366b2969771aa164bfdca6b5baf916806f6758a
Sha256: f496e19ead804367daa801860cd95a7ec6854965a7c5cf2c49dda71532c19932
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Findex.html&l=1688&fd=598 HTTP/1.1 
Host: phosphatepossible.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.233.137.52
HTTP/1.1 502 Bad Gateway
Content-Type: text/html
                                        
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Length: 157
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   157
Md5:    d41a93f6d3a61aa8e32d7a0afcfbb2d0
Sha1:   77718bef53accc9fd03bea992dc25e4086a17d50
Sha256: 3f72ba697c379550b6005be4ed325a33b228eea31e056a4dfa1150c6ace3f6cd

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/img/icon.jpg HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.21.51.177
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 11 Sep 2022 06:37:42 GMT
content-length: 59931
last-modified: Tue, 08 Feb 2022 14:18:00 GMT
etag: "62027b98-ea1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3357196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rwDQ9jz%2FvqiOJOlJzVINVoikgcNvkdlGhMNaqptRWbd3w7cZq2rAqsdsKdmYBLBr3HZkdiCkRz0U0mOWiSJMwDrRTGFtUBb8B1g7aYUO%2FNLtuCDOd2ziVluQlFKjD4rz%2Bbk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e65723c761c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=821, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1232], progressive, precision 8, 281x290, components 3\012- data
Size:   59931
Md5:    9337eb4f9526f6d16e6d1602d8fee3ae
Sha1:   203c7272c5a60a752db43857b2d337d644f690f5
Sha256: 1e803197ccab280a9285cdae1adbea170504d59ef0bbf02aab3d9785c0871422
                                        
                                            GET /15?rnd=2645750261&z=4938389&var=&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.347%2C%22location%22%3A%22https%3A%2F%2Fmegalink.pw%2FrNtfae%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; oaidts=1662878260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 204 No Content
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:42 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: d355bb6f7131f1702dac145ccf603fc6
access-control-expose-headers: X-Sc
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:42 GMT; secure; SameSite=None oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:42 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, max compression\012- data
Size:   660
Md5:    5860c780c8e9daa4f852038f02b5bdc2
Sha1:   c75c8b4db36bffe075ce493f06d011f855d5541a
Sha256: f11b9f8e851e15c0c6abd53a9994c6dcef78ceeebd0f0b8bbde610fec8332c85

Alerts:
  File Analyzers:
    - virustotal: 0/0
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/css/style.css HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.51.177
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 11 Sep 2022 06:37:42 GMT
last-modified: Wed, 09 Feb 2022 11:16:21 GMT
etag: W/"6203a285-2751"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2BqI2aGLapkwrSH0BASqSy8Z4ZXp2BYoW%2F6L4F%2Fbh5QVi7bSLr52VXRRfuoY2kn2YcF1F4QSjg5HpK9RO3D662DHpKgZf5iRPTDzZofQcXZLXK9akW1aYYO7T%2B%2B0oY0I1Vo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e6571ac091c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2803
Md5:    8c3bcadfd5b929f0f4d3f293cba7c22b
Sha1:   97f6bcdcc91175c0e4873037ec51d2cf5aadc418
Sha256: e78d0abb7add714aaa69cee0fb319f6d203446f0ee0a57b899465fb73871efa5
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/index.html HTTP/1.1 
Host: cdn.yourwebbars.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.26.6.19
HTTP/2 200 OK
content-type: text/html
                                        
date: Sun, 11 Sep 2022 06:37:41 GMT
last-modified: Wed, 09 Feb 2022 11:16:34 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bEnXIY7xmcfBvo4VEoKL7tikt9MtYPKWJlPHaluZhXatXQ8vcU1F6BzCoLvM2XSGJ%2B7RoRrcaO7tEoGVJSjZzQrnW7aDHmJFc1OGMxbgp%2FA2knejzC1hi2R%2FAEEvECSl1TQ7zeM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e656d3e4cb512-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text
Size:   5406
Md5:    66391e813c4314720c7804642500df38
Sha1:   5fbfc80703ef82676aa4fd78f885327d83fc1cf7
Sha256: d1c785dc7ba17e83ad6db0c17c777da04c946b21249085d6abac1dce0a68af1f
                                        
                                            GET /starharem/01/s/audio/btn_1.mp3 HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:31 GMT
ETag: "4f61-5dc0be65fcb81"
Accept-Ranges: bytes
Content-Length: 20321
Content-Range: bytes 0-20320/20321


--- Additional Info ---
Magic:  Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, JntStereo\012- data
Size:   20321
Md5:    d857acaef2cdf5ec88ea6128c1ceb7b3
Sha1:   5f67419243f34232a4da8cb1a1eaecfc192ff1a7
Sha256: df83bc888086ae84b5d532a39023b0db17e8f3ccd3ffdcd6f35c8d4f39558d24
                                        
                                            GET /?rb=9lWOfQkmdTq4VOQvX8OjLWGDy1Di-dB9gXRH4e4yg6lYAHPj9VkMDhm9sLbhSM0vgFaXJt9OYy6OLFjhFZbrMRu53vufKV3yuttoZgdoLBNgxTVlTiq2nXIGYtljyl3YuI-TQSAcuzKetbWVDybg49b2qK3QMUZmRdp_Rw_a-WZI2LDYkZDkl-t5C44_YmxTafW4izMHnBo-tB1cvWhbjw%3D%3D&request_ab2=0&zoneid=4938391&js_build=iclick-v1.425.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.425.0&bs=120c069b-9d2f-4aee-9446-ba360b379820&userId=5c8b0a45c4fb4961a57f3ed00ad4fbc1&m=link HTTP/1.1 
Host: onmarshtompor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.243
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
x-trace-id: 58a5b8a7eb2937e23a836027358ed992
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None syncedCookie=true; expires=Sun, 18 Sep 2022 06:37:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   17334
Md5:    167b3917600cea53ac1b791c5bc92d14
Sha1:   b048baee1045d106f790709eb7442246991ff5b7
Sha256: 6a046e64b69a8ba48365d885968b73fd8a6d35ea2339cd4cf1181078b4ecbd44
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 299014
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Fcss%2Fanimate.css&l=79245&fd=348 HTTP/1.1 
Host: phosphatepossible.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.233.137.52
HTTP/1.1 502 Bad Gateway
Content-Type: text/html
                                        
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Length: 157
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   157
Md5:    d41a93f6d3a61aa8e32d7a0afcfbb2d0
Sha1:   77718bef53accc9fd03bea992dc25e4086a17d50
Sha256: 3f72ba697c379550b6005be4ed325a33b228eea31e056a4dfa1150c6ace3f6cd

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            OPTIONS /event HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:42 GMT
content-length: 0
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /starharem/01/s/img/2.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5a257-5dc622e1424eb"
Accept-Ranges: bytes
Content-Length: 369239


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size:   369239
Md5:    b7d3bd4ae3d5f8477e040e6410517866
Sha1:   2b255c9583c47e5da4069d9c055d3430a0c1e03a
Sha256: 7bb68d5a9a92a500956397e156beb117a0ef605b6747800cacf9c9440b6fc7e4
                                        
                                            GET /pixel/sbs?c=1 HTTP/1.1 
Host: phosphatepossible.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.233.137.52
HTTP/1.1 502 Bad Gateway
Content-Type: text/html
                                        
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Length: 157
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   157
Md5:    d41a93f6d3a61aa8e32d7a0afcfbb2d0
Sha1:   77718bef53accc9fd03bea992dc25e4086a17d50
Sha256: 3f72ba697c379550b6005be4ed325a33b228eea31e056a4dfa1150c6ace3f6cd

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /event HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 1031
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:42 GMT
content-length: 94
x-trace-id: 524e3e17d505d7e9e467a29b9164a238
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   94
Md5:    5763817b6b732e3f9702d5ea847640d8
Sha1:   7ab16586736d55396fe95fa2668756615431938c
Sha256: be348b0f2669e5cb9c875ff5522940035738daff9d23dc1ee3fd66b39f0b0043

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F13%2Fjs%2Fscript.js&l=468&fd=339 HTTP/1.1 
Host: phosphatepossible.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.233.137.52
HTTP/1.1 502 Bad Gateway
Content-Type: text/html
                                        
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Length: 157
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   157
Md5:    d41a93f6d3a61aa8e32d7a0afcfbb2d0
Sha1:   77718bef53accc9fd03bea992dc25e4086a17d50
Sha256: 3f72ba697c379550b6005be4ed325a33b228eea31e056a4dfa1150c6ace3f6cd

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /starharem/01/s/img/1.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "60f29-5dc622dfac0e8"
Accept-Ranges: bytes
Content-Length: 397097


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size:   397097
Md5:    43c140ec16ce96d582782ea93eeaa4fe
Sha1:   3390bf8e8708620fc0a851455e4729cb4f0248a2
Sha256: 3e176a04debe08dd522e7f0fbc9f7530880a92fb9845afd7391bbaa764a4ad55
                                        
                                            GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72uyEFwpdaFSHVyIgkzem99jF8UYI8G0qY1id3p%2FzeQ69737uPfdeZOsQouSjTBuXb18J2moLaLg1iKTQhdBoeMqC%2FM%2FiNCVC5lpcOyBxznnfb%2BLzznnfr3vz0gIT09XrpodpTVdqpfD0ls3o%2BhyaV0lflAatBqfN2qXS7b%2FbrtRDt8ufSh5zyxVwigMozAqrSorO2awNBWh0vvtqNwOy7VKOarXMLDP9s4HcDSA6J%2BRF6HEZPFhcBGKj5HEP65I18tM%2Bs4Hsdc0MxZ9cfRp0ktMniCelx0boJMcnbth3OPVBzDJ4QwXpv%2BfkakJCR49AEuOziHB%2BgczTqYhEzDxPPL%2BGFKPoegY3NyGEo8JwAWubSCJ71wzNqfbT1U6VSdk8cnfUPmELP55EUn8w7JWg9Km0T5TJnEYdAqowRiqO0bqj5HtXIDKj8GzW1Did7L0ZB1JfLDhtIESxWx2pcZQnTG0HIK6AH76qQC%2BE8CnAWJxWuJRFDVDwWnYanNeFU3JGiKMaLMT0ShstOD5FG%2BILB2C6yG43UVqd9FTQ1j%2FK9xWAScCuGxCgo930RcFckmQO4KcEuSKIM8I8n5xKLSruOKO0M6z6DxXznO1GJmsu08PTdaVCdlPz8gL070EC9%2B9hJ48LdV5tVWPqu0pFa2GbSlFtcEiKXmjEjU5hVMFlLswG3VHTcirm98gVROy%2BPpvYPQYTh%2BDqzdA%2FSXQfNSshKBbo1orxE5yL5ZdqlXSK6c5hCmQZovItoN9fUZenp2nevNNSH5y5Qt2dfLX3X%2FAbYHUFvhSPSTo6r3RDZOTgxsmd%2BSnjTRTsdqh09NtZjSTC99%2FJLdzY8XaihvefY9PhWl5%2FxPpsnWaCJV0Hbm3rISQdtVYLskva%2B4zya57t7XsbeLT9evvr67FqZXOKZOMQdWEkEcn4GpCnvv5cPYqX%2FlqD8qOYX2B2J%2BQ84Ayx%2BDpLlw653dmAVbPPSwNkPtiZCts%2FlMrAi3nPWUF3P96Nq%2F33R669jXQ7DaSuEDfFujrAlQP4fzCKEvtyZU%2FqrMA08GIaRscMG31t0%2BX69RpqRqKJpMd2WSyVq91JBesXmch73BWFa0WR%2BYm%2FNKt2r8AAAD%2F%2FwEAAP%2F%2F4TMjtWAEAAA%3D HTTP/1.1 
Host: phosphatepossible.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3364902]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.233.137.52
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.19.5
Date: Sun, 11 Sep 2022 06:37:42 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 448d924d4bddacdd248caf0e65e6b607
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /starharem/01/s/img/7.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:45 GMT
ETag: "4fb99-5dc622e5033f2"
Accept-Ranges: bytes
Content-Length: 326553


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size:   326553
Md5:    c67c9fb0268eea7d188c4c9bc54a0bf4
Sha1:   216b83374ba6f011041b31dd381f22e99ea7a8c1
Sha256: 95ae6eba3fad2ff05cadc95b27fc79a198a9e873371ab5fb7bb97c1661cd4654
                                        
                                            GET /starharem/01/s/img/5.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "70a64-5dc622e35f52f"
Accept-Ranges: bytes
Content-Length: 461412


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size:   461412
Md5:    42ad3cffde2e4081df94ded8a30a1dc5
Sha1:   7b064f0fcb96e5b5c498c0c03bcbb9ab15e999b0
Sha256: be788428faee6157125228734e5510d4f49212766eff23a1a1b178e456f153d1
                                        
                                            GET /starharem/01/s/img/6.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:44 GMT
ETag: "3fcf4-5dc622e471bd1"
Accept-Ranges: bytes
Content-Length: 261364


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size:   261364
Md5:    4b7cf78d93f3f009f850bedb6829d7f6
Sha1:   cc55cad898df47a2f089946aee9398fea7fa2ae6
Sha256: 44d0a6f8e7f7fe0354c05417445137070431686d671c51e9f3d3869867f2448f
                                        
                                            GET /starharem/01/s/img/3.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5b977-5dc622e17edac"
Accept-Ranges: bytes
Content-Length: 375159


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size:   375159
Md5:    84c5f704120f28ad7bcde2ebab7442a0
Sha1:   fd2745300ba7ad59ff8044c7e9f76b1326ddd120
Sha256: 6227de9cf2198a85639d3808c134b85dc1e6a5ee5ee5709189c5e58d1b91b7c2
                                        
                                            GET /starharem/01/s/img/4.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "4f746-5dc622e2da82e"
Accept-Ranges: bytes
Content-Length: 325446


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size:   325446
Md5:    ec18d276822ab5772f3458da7dbedfbc
Sha1:   f7a38f944aaba3e6b848f496bf4b8fee50b58161
Sha256: da6b7082767f0ddffbec031c7f84b859c7a1f20624445bb26aa93895b75d7c09
                                        
                                            GET /starharem/01/s/img/8.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "a6842-5dc622e757ed6"
Accept-Ranges: bytes
Content-Length: 682050


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-3584, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 211035008.000000\012- data
Size:   682050
Md5:    cedcd46e956dee6a28f87198962b0477
Sha1:   7b38f1de654971e436983fb6a34a71540ba526c9
Sha256: 08c08ef6f1ed9da65259719bbcc97e9aec700d3b486a9f0a741cb5800be34db5
                                        
                                            GET /starharem/01/s/img/9.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "536a9-5dc622e6fb276"
Accept-Ranges: bytes
Content-Length: 341673


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size:   341673
Md5:    a3a888cf217de9be2aa727dd1cc64757
Sha1:   b7bd361dfdceecfc5775d0ed32e5798abd271d5e
Sha256: 2fd4025336ad8a5edd704651a216cf6b9739089ad1c204bd1ea8e114d11770b9
                                        
                                            GET /starharem/01/s/img/10.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "39dae-5dc622df755e8"
Accept-Ranges: bytes
Content-Length: 236974


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size:   236974
Md5:    e0046cc1f34ff0701ec4874a0a8c5d43
Sha1:   c6a46db14dfc50d67307a9855f4dd2688d576a01
Sha256: 8589d73053f4bb258d888488403564bdcc94fb2d87c7388f943bf06fb85865a1
                                        
                                            GET /starharem/01/s/img/11.jpg HTTP/1.1 
Host: mediasama.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         144.217.67.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 11 Sep 2022 06:37:42 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 09:18:06 GMT
ETag: "62534-5dc5d6c134c3d"
Accept-Ranges: bytes
Content-Length: 402740


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 1920x1080, components 3\012- data
Size:   402740
Md5:    c10654a068f849e614885c983ac9ab02
Sha1:   8d69da78045560f1c2de7bafc47b2c8a12e86424
Sha256: 3a864743d27da3ef1cea10d293532f84f9d564a98b34afef2a8f4b380472dfc2
                                        
                                            POST /custom HTTP/1.1 
Host: pseepsie.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 729
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:43 GMT
content-length: 39
x-trace-id: b9322a53344ef2396eb2c7d38fec4c87
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   39
Md5:    058b158c2be925f556454ef762d93538
Sha1:   cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
Sha256: ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DD912CB8F4B18A02F086446AF981C96AF8DE389BB8872F8BB6DD76CB5B018194"
Last-Modified: Sat, 10 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7046
Expires: Sun, 11 Sep 2022 08:35:09 GMT
Date: Sun, 11 Sep 2022 06:37:43 GMT
Connection: keep-alive

                                        
                                            GET /pxf.gif?uuid=d35daabf-5776-46d2-831a-b6886691c9a4&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Sun, 11 Sep 2022 06:37:43 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aadbb6b91946397be3e755be500447af
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /15?rnd=2645750261&z=4938389&var=&rb=jtLFRALHz7gbA49CGre5NlZcod2QSwmhW0Ksqp-T6roW_MURP5OQhakbnRJPJ_JcFZ-LU3PcyV5EXUbl7768uvWxKDc5Ev9SyhCFfmULja3HpkTYiGkqBTpBGllt7_0Pl9eYdTvKfKAOM5RhJH2i1rdnxXR-JsiAetQT1YXidaI4i5JpLOfAH9Gq7mGr3Ax_5xL2xyxKvhARNP4toac2IaT5q3n35GN-7gVVcZohOMpl-1DNrg_nTH69URrtjPcdPBTws0jb5u94K_8ezcXKCWOoyW4q8wBEsaMwBn-hPGF9sDAuM-xgHszuJrESaPJ6_mbTCweOv3ljyPi2-wQg28may1wI6YxqXe52baozni0iSYUXJT_HrjK34TFe1vsqh00brV2fCy5CY2Dv0HwmgH2hcL6vvO_TK6Aww_izmeLLeBI9Qno57fVAXrRy1-kh8Yxxg89_IGOZSooKdYel3FWCPsvM_dYuCtrj0z_xlOgq8NBdNkne3nJoOtqj18ecKHRLfASOu5zxJMMet8Xtu3U4feHW_QLPwW-yrRA7Zw25gwG5xWHaZS8jvl7QHaoHNW37w6u-yRXET4zabH06Fx1cV4p-GklZzD7PJ0gBd4fTVybSTXFM6h9eZX3gQqo6RRY9j1mhy1uzjqnmwdxSrq0cEdN3QD6N4-DlSRZ3CPAart3Le6tz9j9Uf-R8jqlIAGmGsaJEHFg=&ruid=c76f09c3-9347-49f9-933e-4db612908674&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.349%2C%22location%22%3A%22https%3A%2F%2Fmegalink.pw%2FrNtfae%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; oaidts=1662878260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 204 No Content
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:44 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 9cbe520ff46078cfa905de240d85f5b8
access-control-expose-headers: X-Sc
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:44 GMT; secure; SameSite=None oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:44 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/13/img/close.svg HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.21.51.177
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 11 Sep 2022 06:37:42 GMT
last-modified: Mon, 17 Jan 2022 14:26:00 GMT
etag: W/"61e57c78-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3357196
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfN2%2Bu3bWCqDIFKNujFR9H%2Fj9%2Bnfk6ZYjKy%2BxgqFDX4oBM7kfianC0xmKarThoY5k9zWbb3GWmd96P16nAk%2FCu3exxs7N%2BtItQA0mmN0i72CTzy7Yq0NdxT6ey%2FfvLVnuZg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e65723c751c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size:   494
Md5:    3b5b8ce2b94df2e327d2cc99d59e364e
Sha1:   538abf78a49d47623260a0c2e63b918c8bfbcd84
Sha256: 3261ee1c514ffcaf3469a526707f7e68d1743294e4ddc6b37782a89e46276d39
                                        
                                            GET /impression/FG3WpFNssug1fw5UInR8yi2J9eHlzR5NxT5x6OwigT-zm404n7pJ1_K2oAaicyAqjihRbuoiHBvjPfy1El-7BPR5UyizIuumdbcmSzNongCs1t_aQoo-AbV0kWykUZjjaCTfw8gEyReSsCFOf8DzEPBBK0uysObPtivhUfOsaAOrT9qJK-hj_Z92ySDbftavuM9K4aPGVpBxF-MSfOAoZVpQYr6vmBhpkFUTSg4dC0c92dzay1PqNa_6extbxNyyIOjuU-_N-xY8Oz7fFHKUcJN45xSAphxWO5XVJxlNI30Sfa1A3J9hJClM9r3b5-gPgFtgDNqm3_kmVdxxO1xBfOIBQnU_eZsXKYk3-5GvMfGlmW-xO6qmO_vW9F9olcRVMbArZ_bgR56WVQma7ZfWW9S5EBjNVpD2vK4qTMACEphTZQ34gyic76Iny5sUsa5vN54GRH3p2kV2ivWen9Nt2YadtKUrQMOlSm7KKydmOZxBkkOKVOX1H9S1amGjDhK34WRLYaoJXOXv7kHtVfUx_nF6Agsv4cOA1KBOJyW2bbCfE1TR97HlxRrWKuajZYI8oj8VagSlubCLPi0ti4uEGNEY0cVCZ_6SnfuSU0g8rMYHNo7Oygg4wt_zsxs8idYWoFMUcJs98Fg0psru3oAzET9PMC1oyG9TRYTOGlYy4tI0maT39XQG9SpUinjHTlLpw2PGf_aqrRg=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: dozubatan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.237
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:45 GMT
content-length: 43
x-trace-id: 2ffa10556d266542fd879d4f47284472
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            GET /impression/MWNGoJWLS2v8J5VSJUAza5CQBhbEE1jDrifBXoJ0yZXFIZ9_JvzPwInHhBtGPMRnglzHb9P_iYdpHYVNQjAfgu7-lp_CPppLqetHV4sjjoX40wx3e74in8XpjmtfcQ5zUL0ANfdKwfsaj0sIlyeiHTQ3jq95vNkNgonJ6BjjMtEf_dbawjKBisLyCq-sKJfj9-sBCgt5taYtGqjbMj0Z-RQSw00hsZoSSTyCn-kwIP5bw-E8yjxqVCUVEPDVXvNFleNxDwSZQMoLjpKYxGJedXPWPccqV-l4n4gaoNHfLvO7pB4A7r4SbhbHGlxux_wqNsJpFlChQF4N6yUElHavlAZuz41cTd5mu2I8R33PEwXRS4IM6Z6eWswXX1btzn9MCAGC4UfmNJyVk5513pK8J5C6A21crEZNpvfTK6eyjKnArQLFBbGUcIZod-rxpwE1DgrnC4jnFjvoNgdobGbs1f8QmNyWdOaypjxJWQ0itNdNMHL2hr_Np09nLG2P1OjHpv7ANdE3-4Gf3owItyT5UjY-6ujr1GJD7mfKmZpawBnI04gxFpfuGhQypekmCxcj5BxkU_HyAauS1Vjwl_t5zBpdzho=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: glizauvo.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.236
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:45 GMT
content-length: 43
x-trace-id: 17226b46a976a9f08089009cfdd11001
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /500/5293715?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: oaphoace.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=0ee7121ff38b459c847753da03068836
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
x-trace-id: 258ecaf7df638b5779a12947f1381e7b
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1190
Md5:    828cc881db894e137ac66d5ade0d7b9a
Sha1:   e1938e9d16635cb95a564b4a6170a8eee8c8e925
Sha256: 930f3ee939495988e9f0edbec9f330636b81d1f1802267beee28c4497bfaeea8

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            OPTIONS /500/4938388?excludes=14745758&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: dozubatan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.237
HTTP/2 200 OK
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:45 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, max compression\012- data
Size:   760
Md5:    24badabba487ae623eec35a101f55ecc
Sha1:   1d146f28493e89c1aab6f8f113ed42e4b75c5467
Sha256: 2e20c4a1e248ade5ec10c1cb76ebde7b13d5b8e1bd2de1ae5c3e6962b66d73c7

Alerts:
  File Analyzers:
    - virustotal: 0/0
                                        
                                            GET /401/4943451 HTTP/1.1 
Host: eehuzaih.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
x-trace-id: 84617cfdfafdc9d98d327eeecc458eb4
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=37a17dafc2824bc9a06c49730da38532; expires=Mon, 11 Sep 2023 06:37:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1959918?size=320x100 HTTP/1.1 
Host: ad.a-ads.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         213.239.209.209
HTTP/2 200 OK
content-type: text/html;charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megalink.pw/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /5/4938391/?oo=1&js_build=iclick-v1.425.0 HTTP/1.1 
Host: bedrapiona.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.234
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
x-trace-id: 186fd84311511919686cc8538cc32512
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=ef0ca7616d694d2f91e841a5ab3a787f; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /stattag.js HTTP/1.1 
Host: tzegilo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.22.169
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 11 Sep 2022 06:37:40 GMT
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6547
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gFJUCv2qiPEK0LC2g95dLWVPqC1M%2BsOFD0tu8iy%2BOa6vtxGYwfNtvA0dI2qhqbuU1iCccee%2Bumapc3jD9Kmps%2BhXX7S5KYYra1hJ1kAJ61mI13X0hvqI%2FckyFktBuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748e65658c05b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1 HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 257
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=6866551d57cc4f318e1bab88d9c0daae; oaidts=1662878260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f6213660697790fc108060a997a69d41
access-control-expose-headers: X-Sc
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js HTTP/1.1 
Host: redrotou.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.251
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-1a29e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /401/5293715 HTTP/1.1 
Host: oaphoace.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:39 GMT
x-trace-id: b4f64390dd25e580b01b52d9c93c3e2f
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=0ee7121ff38b459c847753da03068836; expires=Mon, 11 Sep 2023 06:37:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1?z=4938389 HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: text/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2cd0b062a6d4a1bbe083ca747e012ca9
access-control-expose-headers: X-Sc
x-sc: Br8EqkPTSn_vUvk3MyU1EWoxzKHQiU88vgmLswKsxoEdrkEElfC5fF8pEI9qBTakM67nJpEtHeJZds3yUMknPN8O0JA=
set-cookie: scm=1; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None OAID=acbc7162b31f4e7abf6fba8849d68469; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None oaidts=1662878260; expires=Mon, 11 Sep 2023 06:37:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /500/5293711?excludes=&oaid=5c8b0a45c4fb4961a57f3ed00ad4fbc1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2FrNtfae&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: glizauvo.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=7e54159335154a2fb63c612a7848d9b6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.236
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
x-trace-id: d1d2023bd3b03d02de6ac30b017b6a5c
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5c8b0a45c4fb4961a57f3ed00ad4fbc1; expires=Mon, 11 Sep 2023 06:37:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /27/55dfd372293146a7ca113106d0d608dd HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=acbc7162b31f4e7abf6fba8849d68469; oaidts=1662878260
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 06:37:40 GMT
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Wed, 07 Sep 2022 05:02:06 GMT
expires: Wed, 07 Oct 2082 05:02:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /400/4938388 HTTP/1.1 
Host: dozubatan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0