Report - pebeegoocee.com/afu.php?zoneid=7481239&var=7481239&rid=4epA

Report Overview

Visitedpublic

2024-07-24 02:48:35

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pebeegoocee.com	unknown	unknown	No data	No data	2.3 kB	3.7 kB	104.21.6.61
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-07-23 19:15:17	526 B	678 B	139.45.195.8
ormedion.com	unknown	2021-03-03	2021-03-03 23:17:31	2024-07-18 19:44:39	1.1 kB	973 B	3.134.25.183
account.linktrust.com	unknown	2004-08-09	2018-04-05 18:01:53	2024-04-18 09:38:56	440 B	1.4 kB	3.14.75.255
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-23 18:12:04	654 B	1.8 kB	23.33.119.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-24	medium	pebeegoocee.com	Sinkholed
2024-07-24	medium	pebeegoocee.com	Sinkholed
2024-07-24	medium	pebeegoocee.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-23

Last Seen2024-08-19

Times Seen6749

Size504 B (504 bytes)

MD5a3c611a5284d44a90e480768ae5bddec

SHA1b403635d82747515139fb262c717283d0f23500c

SHA25647728d98a42f446eba80ebc8f2ecf23b7c715054884ca16d357d1d301a441768

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "47728D98A42F446EBA80EBC8F2ECF23B7C715054884CA16D357D1D301A441768"
Last-Modified: Tue, 23 Jul 2024 07:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2813
Expires: Wed, 24 Jul 2024 03:35:03 GMT
Date: Wed, 24 Jul 2024 02:48:10 GMT
Connection: keep-alive

pebeegoocee.com/sftouch?userId=0080a3270a2645cae615eb9e57b2e50e&z=7525749&p_rid=eb979114-6401-4a0b-94da-69eb79a655b7&p_src=sf&branchId=0&rb=YPWXnP0gT5hhwTKO9sj1xsFY6EDtSZy-N8TwmGc1dwNGUduj_1BZVhY_i0dzcIuIS1SDUGdELMLixRg-PW4rZi0KKD83dmnn9_Qqyc1KVjZz-a8SpK2OJ_1KKioa4OZNEOT_y6bbcwbwbxxcnm_uoa8LsAndBSO3wpZDAxg4IfBOdeBkrUAmLnrjSWEht1wt5mWmAGzlPUL2q9dgCFcKossyn3rsziGNHHY5W_omjOIpUBTJaF8RaIOUHzM=

104.21.6.61

2 B

URL

IP / ASN

104.21.6.61

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-02

Times Seen192561

Size2 B (2 bytes)

MD5444bcb3a3fcf8389296c49467f27e1d6

SHA17a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

SHA2562689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sftouch?userId=0080a3270a2645cae615eb9e57b2e50e&z=7525749&p_rid=eb979114-6401-4a0b-94da-69eb79a655b7&p_src=sf&branchId=0&rb=YPWXnP0gT5hhwTKO9sj1xsFY6EDtSZy-N8TwmGc1dwNGUduj_1BZVhY_i0dzcIuIS1SDUGdELMLixRg-PW4rZi0KKD83dmnn9_Qqyc1KVjZz-a8SpK2OJ_1KKioa4OZNEOT_y6bbcwbwbxxcnm_uoa8LsAndBSO3wpZDAxg4IfBOdeBkrUAmLnrjSWEht1wt5mWmAGzlPUL2q9dgCFcKossyn3rsziGNHHY5W_omjOIpUBTJaF8RaIOUHzM= HTTP/1.1
Host: pebeegoocee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pebeegoocee.com
DNT: 1
Connection: keep-alive
Referer: https://pebeegoocee.com/afu.php?zoneid=7481239&var=7481239&rid=4epA_Dfio39CEdbPL9HOWQ==&rhd=true&ab2r=0&sf=1
Cookie: OAID=0080a3270a2645cae615eb9e57b2e50e; oaidts=1721789291
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Jul 2024 02:48:11 GMT
content-type: text/plain
content-length: 2
x-trace-id: a12994d01d588d295ca8aed4eea9f3a1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://pebeegoocee.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c4defu%2FTaIbdoxBbONEk6dUozQnyRtsC%2FIdEgAg3qohVgKFDBS9DbXg62DnwPRNFmniqETsZYFaS%2B1TAP1rDpQeDPTfs5w0arZkUkQEHM6mtd7f7N8JvAQxgz1kqfUjigEk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a8096ffff77568b-OSL
alt-svc: h3=":443"; ma=86400

pebeegoocee.com/favicon.ico

104.21.6.61

0 B

URL

pebeegoocee.com/favicon.ico

IP / ASN

104.21.6.61

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606832

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pebeegoocee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pebeegoocee.com/afu.php?zoneid=7481239&var=7481239&rid=4epA_Dfio39CEdbPL9HOWQ==&rhd=true&ab2r=0&sf=1
Cookie: OAID=0080a3270a2645cae615eb9e57b2e50e; oaidts=1721789291
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 24 Jul 2024 02:48:11 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: HIT
age: 156
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4u1S50DpZpbKrVK%2Fy6qkllO2WC3qPaC0MX8casjxO3IN7YUdix%2Fq%2FVYjw8E1ZLScDM%2BC2L1YGjdEfu%2B4LEiwCe5ArvQcPh6wK19uIyDpB49drzJ5mk9bVolVP0PHRi182ss%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a809700cfaf568b-OSL
alt-svc: h3=":443"; ma=86400

my.rtmark.net/img.gif?f=merge&userId=0080a3270a2645cae615eb9e57b2e50e&z=7525749&p_rid=eb979114-6401-4a0b-94da-69eb79a655b7&p_src=sf

139.45.195.8

43 B

URL

my.rtmark.net/img.gif?f=merge&userId=0080a3270a2645cae615eb9e57b2e50e&z=7525749&p_rid=eb979114-6401-4a0b-94da-69eb79a655b7&p_src=sf

IP / ASN

139.45.195.8

#9002 RETN Limited

Requested byN/A

Resource Info

File typeGIF image data, version 89a, 1 x 1

First Seen2023-04-05

Last Seen2025-08-02

Times Seen80199

Size43 B (43 bytes)

MD5b4491705564909da7f9eaf749dbbfbb1

SHA1279315d507855c6a4351e1e2c2f39dd9cd2fccd8

SHA2564e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=0080a3270a2645cae615eb9e57b2e50e&z=7525749&p_rid=eb979114-6401-4a0b-94da-69eb79a655b7&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pebeegoocee.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Jul 2024 02:48:11 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080a3270a2645cae615eb9e57b2e50e; expires=Thu, 24 Jul 2025 02:48:11 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

pebeegoocee.com/rhd?z=7525749&syncedCookie=true&rhd=true

104.21.6.61

0 B

URL

pebeegoocee.com/rhd?z=7525749&syncedCookie=true&rhd=true

IP / ASN

104.21.6.61

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606832

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /rhd?z=7525749&syncedCookie=true&rhd=true HTTP/1.1
Host: pebeegoocee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 640
Origin: https://pebeegoocee.com
DNT: 1
Connection: keep-alive
Referer: https://pebeegoocee.com/afu.php?zoneid=7525749&var=7525749&rid=4epA_Dfio39CEdbPL9HOWQ%3D%3D&rhd=true&ab2r=0&sf=1
Cookie: OAID=0080a3270a2645cae615eb9e57b2e50e; oaidts=1721789291
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 24 Jul 2024 02:48:11 GMT
content-length: 0
location: https://ormedion.com/click.track?CID=466276&AFID=423017&SID=PA&AffiliateReferenceID=839807757657051894
x-trace-id: 6d986548d35baa14e3ca4b977f76042d
link: <https://ormedion.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://pebeegoocee.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=0080a3270a2645cae615eb9e57b2e50e; expires=Thu, 24 Jul 2025 02:48:11 GMT; path=/; secure; SameSite=None
oaidts=1721789291; expires=Thu, 24 Jul 2025 02:48:11 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 31 Jul 2024 02:48:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9B%2BpgM%2BWqk5i5ZCZ7RkNXSmjict39Eu3BqedATy9%2FIpbVdUtxJG3HvaOdyD1TcQXKuGjqlA6E72MCROsFo2mB3L4RbLPOGffduYooQoQebdlh44%2F6992LkUs3UbUPKW%2Fpo8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a8097023828568b-OSL
alt-svc: h3=":443"; ma=86400

GET ormedion.com/click.track?CID=466276&AFID=423017&SID=PA&AffiliateReferenceID=839807757657051894

3.134.25.183

403 Forbidden

99 B

URL

ormedion.com/click.track?CID=466276&AFID=423017&SID=PA&AffiliateReferenceID=839807757657051894

IP / ASN

3.134.25.183

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with no line terminators

First Seen2023-05-16

Last Seen2025-05-09

Times Seen654

Size99 B (99 bytes)

MD5cef6e20043991f2f063b6ef096cafc85

SHA1da30d64d4370d08dfbd99562e3bde11f30b42255

SHA2562adedde634658b68be58f019f75f4048ff4aafdf88f02054d7ee3cb97b582aa2

Certificate Info

IssuerAmazon

Subjectormedion.com

FingerprintEA:A3:D9:F7:02:74:B8:7C:64:A3:F3:D3:48:CC:73:24:E5:BD:07:FE

ValidityWed, 03 Jan 2024 00:00:00 GMT - Sat, 01 Feb 2025 23:59:59 GMT

HTTP Headers

GET /click.track?CID=466276&AFID=423017&SID=PA&AffiliateReferenceID=839807757657051894 HTTP/1.1
Host: ormedion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Wed, 24 Jul 2024 02:48:13 GMT
content-type: text/html; charset=utf-8
content-length: 99
cache-control: private
server: Microsoft-IIS/10.0
p3p: policyref="/p3p/P3P.ormedion.com.xml", CP="NOI DSP COR NID ADM DEV OUR STP OTC"
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET ormedion.com/favicon.ico

3.134.25.183

302 Found

173 B

URL

ormedion.com/favicon.ico

IP / ASN

3.134.25.183

#16509 AMAZON-02

Requested byhttps://ormedion.com/click.track?CID=466276&AFID=423017&SID=PA&AffiliateReferenceID=839807757657051894

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-05-16

Last Seen2025-02-14

Times Seen633

Size173 B (173 bytes)

MD5d2732c46c81f041d658e5f03a4a409bf

SHA180515c62f8c4b77063a65625a9c556575d3b06e0

SHA256cf6a504577c9f9eb267ca7c979f9c92995890bfd7377403416295a57cfc691a4

Certificate Info

IssuerAmazon

Subjectormedion.com

FingerprintEA:A3:D9:F7:02:74:B8:7C:64:A3:F3:D3:48:CC:73:24:E5:BD:07:FE

ValidityWed, 03 Jan 2024 00:00:00 GMT - Sat, 01 Feb 2025 23:59:59 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ormedion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ormedion.com/click.track?CID=466276&AFID=423017&SID=PA&AffiliateReferenceID=839807757657051894
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Wed, 24 Jul 2024 02:48:13 GMT
content-type: text/html; charset=utf-8
content-length: 173
location: https://account.linktrust.com/Content/Images/favicon.png
cache-control: private
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-23

Last Seen2024-08-19

Times Seen11061

Size504 B (504 bytes)

MD56f2910e1ef1f25adc2a608cb3e59166e

SHA1da9b723e09fa30a2caee59b3a2d7c31e670f1954

SHA256cd7fdfa1d737721a9e30ca08b7d4ee9f0dae31a9a4aab7f1b3c32efa752ccc63

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CD7FDFA1D737721A9E30CA08B7D4EE9F0DAE31A9A4AAB7F1B3C32EFA752CCC63"
Last-Modified: Tue, 23 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15262
Expires: Wed, 24 Jul 2024 07:02:35 GMT
Date: Wed, 24 Jul 2024 02:48:13 GMT
Connection: keep-alive

GET account.linktrust.com/Content/Images/favicon.png

3.14.75.255

200 OK

1.2 kB

URL

account.linktrust.com/Content/Images/favicon.png

IP / ASN

3.14.75.255

#16509 AMAZON-02

Requested byhttps://ormedion.com/click.track?CID=466276&AFID=423017&SID=PA&AffiliateReferenceID=839807757657051894

Resource Info

File typePNG image data, 32 x 32, 8-bit colormap, non-interlaced

First Seen2023-05-16

Last Seen2025-05-09

Times Seen650

Size1.2 kB (1174 bytes)

MD57bb32a30307ef81191e051944295931e

SHA104fee520e2666002cd71bad8aecc77546e254208

SHA256d6a1dbe48f3dbeab9c7d3f26c37a4124baed72a8a109bef89e69df998d371817

Certificate Info

IssuerAmazon

Subjectlinktrust.com

FingerprintAD:4E:F1:C3:7B:AD:AD:ED:07:06:DC:ED:96:E5:23:47:A2:60:EA:CF

ValidityFri, 29 Dec 2023 00:00:00 GMT - Sun, 26 Jan 2025 23:59:59 GMT

HTTP Headers

GET /Content/Images/favicon.png HTTP/1.1
Host: account.linktrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ormedion.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Jul 2024 02:48:13 GMT
content-type: image/png
content-length: 1174
last-modified: Wed, 04 Apr 2018 00:56:20 GMT
accept-ranges: bytes
etag: "05285beafcbd31:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
X-Firefox-Spdy: h2