{"report_id":"ae9b5372-d4e0-4250-898f-eb63a0416818","version":6,"status":"done","tags":[],"date":"2025-12-02T17:28:07Z","url":{"schema":"http","addr":"Xmegadrive.com","fqdn":"xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":0,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"www.xmegadrive.com/","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"title":"Watch Free Porn Online at xMegaDrive","dom":{"size":10423,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (6877)","md5":"b8a62bd71b1935fbe247e7d239656625","sha1":"cf3fa917b4a91ee672646637c40eda72c55d8fe4","sha256":"dd098f87a7d0ea8822e26598d01d71ee3a9b8e62188c216598e603f3aff4c11d","sha512":"c14ab0afe5635999061106da0b19b1918621b933a0c9c24d471f946912f6be73b585d6745c38657c9931e86cec2890b42ff002625e549fd8f39ed02d079454c7","ssdeep":"192:K8jzJC6OkpzrIQmp55aTRtJRGGRmmrw5O3:0L8fyUTR5GGRmP5a","tlshash":"fc22c5215550202da4bb48e2f4b13f4e3b36e707e75716defa897d78c7c68527836248","dom_hash":"domhash333bf409f7d045a6fe25aee07cbe6f01","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"Xmegadrive.com","fqdn":"xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":0,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-06T17:28:07Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":15}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"gfxdn.pics","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"gfxdn.pics","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s.gentlefieldpattern.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"72c5f4f03e.482e528949.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"72c5f4f03e.482e528949.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"72c5f4f03e.482e528949.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"gfxdn.pics","ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-10-01","domain_rank":36621,"first_seen":"2024-10-01T16:56:30Z","last_seen":"2025-11-30T15:06:14.225095Z","alert_count":3,"request_count":2,"received_data":6778,"sent_data":889,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.xmegadrive.com","ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2020-02-17","domain_rank":127938,"first_seen":"2020-05-07T08:11:31Z","last_seen":"2025-11-27T06:58:37.325551Z","alert_count":0,"request_count":26,"received_data":698649,"sent_data":14937,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AddThis","description":"AddThis is a social bookmarking service that can be integrated into a website with the use of a web widget.","website":"https://www.addthis.com","common_platform_enumeration":"","icon":"AddThis.svg","categories":["Widgets"]}]},{"fqdn":"f93c382250.1f0355218f.com","ip":{"addr":"168.119.25.102","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2025-11-02","domain_rank":0,"first_seen":"2025-12-02T00:20:32.837708Z","last_seen":"2025-12-02T00:20:32.837708Z","alert_count":8,"request_count":4,"received_data":66337,"sent_data":10650,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"adsession.exacdn.com","ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2020-04-29","domain_rank":831275,"first_seen":"2023-05-08T21:52:21Z","last_seen":"2025-12-01T08:29:18.307558Z","alert_count":0,"request_count":1,"received_data":105850,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"fp.metricswpsh.com","ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-10-29","domain_rank":154722,"first_seen":"2022-04-22T11:20:32Z","last_seen":"2025-12-01T09:54:18.134236Z","alert_count":2,"request_count":2,"received_data":827,"sent_data":1070,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"nereserv.com","ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2020-12-21","domain_rank":17097,"first_seen":"2020-12-21T11:07:56Z","last_seen":"2025-12-01T21:20:35.139659Z","alert_count":2,"request_count":1,"received_data":322,"sent_data":615,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"notification.tubecup.net","ip":{"addr":"94.130.197.136","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2008-09-26","domain_rank":250980,"first_seen":"2018-07-09T16:06:19Z","last_seen":"2025-11-27T21:27:32.465333Z","alert_count":0,"request_count":1,"received_data":311,"sent_data":551,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"accounts.google.com","ip":{"addr":"142.250.147.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":103,"first_seen":"2012-05-23T06:57:57Z","last_seen":"2025-11-30T22:41:58.479713Z","alert_count":0,"request_count":3,"received_data":6929,"sent_data":1782,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"6b73ee69e0.dea21aeefc.com","ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2025-11-02","domain_rank":0,"first_seen":"2025-12-02T00:00:52.007048Z","last_seen":"2025-12-02T00:00:52.007048Z","alert_count":12,"request_count":4,"received_data":1011235,"sent_data":1917,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"js.wpshsdk.com","ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2021-06-04","domain_rank":343711,"first_seen":"2021-06-04T13:50:00Z","last_seen":"2025-11-27T21:27:32.910088Z","alert_count":0,"request_count":1,"received_data":20266,"sent_data":426,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ntvpforever.com","ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-11-18","domain_rank":18811,"first_seen":"2021-11-19T01:49:18Z","last_seen":"2025-12-01T21:20:34.842243Z","alert_count":0,"request_count":2,"received_data":724,"sent_data":1049,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"s.gentlefieldpattern.com","ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-10-21","domain_rank":0,"first_seen":"2025-11-20T19:50:38.687827Z","last_seen":"2025-11-28T10:12:15.665949Z","alert_count":1,"request_count":1,"received_data":251,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"xmegadrive.com","ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2020-02-17","domain_rank":61860,"first_seen":"2020-02-17T16:05:39Z","last_seen":"2025-12-01T08:29:18.305253Z","alert_count":0,"request_count":1,"received_data":68374,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"72c5f4f03e.482e528949.com","ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2025-11-02","domain_rank":0,"first_seen":"2025-12-02T00:00:51.97819Z","last_seen":"2025-12-02T00:00:51.97819Z","alert_count":3,"request_count":1,"received_data":345,"sent_data":847,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"static.bookmsg.com","ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2020-09-15","domain_rank":169473,"first_seen":"2020-11-24T14:56:32Z","last_seen":"2025-12-02T08:02:32.917734Z","alert_count":0,"request_count":2,"received_data":2251,"sent_data":989,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"js.capndr.com","ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2021-08-30","domain_rank":156902,"first_seen":"2021-08-30T12:51:01Z","last_seen":"2025-11-25T05:53:36.876964Z","alert_count":1,"request_count":1,"received_data":399,"sent_data":419,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"p.a64x.com","ip":{"addr":"172.67.185.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-07-27","domain_rank":273555,"first_seen":"2023-07-27T13:12:45Z","last_seen":"2025-11-30T15:06:13.414353Z","alert_count":0,"request_count":1,"received_data":3185,"sent_data":1506,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.xmegadrive.com/","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"6ede1c97cfb171c5a849efa8af43f537","sha1":"7f9a4514e59083f0fdf9eaf298634e558db86819","sha256":"d16db36e59f1321644d02feed2198689463d5b96d1a7e18866857a9034efde5d","sha512":"2e53163ad24a59dc7aff8662ca14a0f15a4d8dc95acb6ec991d20f7d5d361877d8313a753a01f3477fdf8019a041a4027336f45e7546c7073e5a16c2b18bca42","ssdeep":"","tlshash":"2bb012dd5e4c9641eb21088414653544130e707c0959cddaf0b0405808c01200110408","size":99,"data":"","first_seen":"2023-03-12T20:18:06Z","last_seen":"2026-04-10T14:08:26.616908Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6b73ee69e0.dea21aeefc.com/0ce9ba554926be7f165525567858f1eb.js","fqdn":"6b73ee69e0.dea21aeefc.com","domain":"dea21aeefc.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e9f9a87745e6489a59b7c371210ea38","sha1":"5701a995da3987c66be1595399762b062dda5ded","sha256":"b81609c7ada9555314321fd54cdc7ca79c7df79ab39f5522335a09af8f501188","sha512":"14c52406c4d894a841ea6e92922f2c5d0427e09047f1ea64043d2983089ed841b92ef1a23448cf8f18aad3b6687f2fe618b727c2d83430c644c822e8116af6e4","ssdeep":"3072:vt+5CPB7vcQ7qKEPsvQa6upiBz3gJRBWCmw+KQEJXG2nl2LqR9TkK:FSCdcQ714ubTBWm+yhf9TT","tlshash":"f6446cd1329478740593c0afe0770201b2382609f529b56cbabddeea6586dce2377f79","size":255883,"data":"","first_seen":"2025-12-02T11:51:56.578956Z","last_seen":"2025-12-04T09:41:43.084492Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"4cf57903391ec39159dd3ea72195e409","sha1":"23a32435ff15dc4ed4a50044ec3bccdee6287c37","sha256":"10144e9b9b0968d6f72f5569ef00e709b8da6bc4aba6f4d3cba9d6129c22e928","sha512":"3b5209cbe66addedf11eb7944ec44d1413e29eb233a648b6ce8f8ea72e32014e8f08ae0a54666f6a424a54801dfab92d6e5038aa9fd01841185b4a0eb65ad3dc","ssdeep":"96:HWJnG8jVvxkh0NhBaJzOHp+G1EbCQiQZAJ1tTBn0yXS+tpTQxA:2oWhxf9H9eWQVAhB08TH","tlshash":"50d1f1f6b97b334d979371ea2d161141500098a903adbc98fa64f2d5fcb4cfe192b350","size":6403,"data":"","first_seen":"2023-03-10T10:32:56Z","last_seen":"2026-04-10T14:08:26.618938Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"d5fbd3092a1f709899e667ac4cb02770","sha1":"35fa25ffa7ab4ff559b3ad6e18e3345e1ae9c87f","sha256":"cddf61135274b75d8054beda9a597491c09e77d3c295aa581afc701260885dfc","sha512":"324459b5a4d9932d92bfc68793b6976129dfe854d9dbc8ec6611ccc6b3b26cd91c1efaa8babb631bc2ceded36baa3efb33e0ddebffa02b0a6e02d2dd8ee69021","ssdeep":"","tlshash":"0ca00291870c0d03a04056015d856dd66e2c02b15801995e36a4a12512c300c4165078","size":61,"data":"","first_seen":"2023-03-07T01:17:40Z","last_seen":"2026-04-17T07:54:29.962085Z","times_seen":182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"5f4f87e368f94555357d00f9b7e8ed4c","sha1":"db0173149e571a755cef6a33bb0063382f1b1ba9","sha256":"f997368baa677bfcf69257707de671a58de76eee3cf27855226cc417ec78dad8","sha512":"c99aaf4acc8b400f38f613df5373af1ee8c03a0b51ff5486bff9c2229d600506a00e9292ce6903a830108e5819b4d84509c8792e39d42df9c628110d70169c59","ssdeep":"","tlshash":"2d8004d535c3500447d3115400571cd45034c57115444d404054dc511d55034711545c","size":37,"data":"","first_seen":"2023-08-05T22:12:59Z","last_seen":"2026-04-20T12:07:48.551978Z","times_seen":1228,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"adsession.exacdn.com/popunder1000.js","fqdn":"adsession.exacdn.com","domain":"exacdn.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb704b432948fe40bc9f658993fbf098","sha1":"5b6407ca0c6aba6b3b33f280641433818a4a12a8","sha256":"60bb096182a62ef0b979aa90c4070b810433cd61c8b63883e23912d466cdc071","sha512":"8133535c20908bc2f555a3d85f7d1b3fa983957cbba36345bbc2acd8cffab125148cbf02e5565d49afb602a166476e1ff843cff5c08539c180648b590a56878a","ssdeep":"1536:6+sUFCLmY6s3bQkVitoBzgF5X5Z5jzQnVv1DxFsqsKxgZGSmiiva3:6+LamY6s3UQiGzaPYVtvsq5xgXmO","tlshash":"64a3068c75d2f46c87bbe0fa047f708fb5bd6ac3308c6444d6a2d5b47ca4a4a8273959","size":105337,"data":"","first_seen":"2025-11-26T14:51:32.534801Z","last_seen":"2025-12-08T11:38:35.316819Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/static/js/main.min.js?v=8.7","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"440fab27c2b1df45e3f25e7c12cdc3ab","sha1":"485882c57487c2f8ff3bb55d07e35688250b87de","sha256":"dca38d866645194652a31eafad21205f6024a454fe96d5f4085e20200623ce1f","sha512":"b99fefd9934dd0088b9913656fbb8cfb6a11a535a6cd4bd9a496816780e63ca476dfdfa0b10e79e5174ff897bfabfd553660f2645b72e78fa902f21092d437cb","ssdeep":"3072:4dkWgoBncZRQFmW42q2DhhQDG4hyrEFQXR3+F5Q5O2g9IbH1eDuPFVB:6BcZGc/2Dhhv4g4qXqIJeDi","tlshash":"29142bd872d1707253bb30ba106f500bb132693aa90d8450f16dd8f5adb8e8d6277f6e","size":209215,"data":"","first_seen":"2023-03-12T20:18:05Z","last_seen":"2026-04-10T14:08:26.596411Z","times_seen":72,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"9726e3d8d861859803382d10322b4dc8","sha1":"f2a15c64ad34ec42ce86b56903ac2b85fd83516d","sha256":"22d6f8f0e15e798abc9313fbca862ced0832b1dbba7d36f0e897eb3db3911790","sha512":"48a12b31fa1c3cb15dcf5be5d4041d19cc8c95c50927ec7e6be1f6cab6f3fe37163f9d6f9847203dfb4ab2d2a352af19bf13cf136df2e89aea18cce8313fab32","ssdeep":"","tlshash":"2390041435d34445c071711d145143d117701f4c40403cc0f1ccd11d53345510000703","size":40,"data":"","first_seen":"2023-03-07T01:17:40Z","last_seen":"2026-04-19T16:57:01.411859Z","times_seen":1297,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpshsdk.com/extention/build.m.js","fqdn":"js.wpshsdk.com","domain":"wpshsdk.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e7592609ad6832acdf316d2a331f51e","sha1":"6cd418dacff53ad51e926d2f51bc95b45dc5fe91","sha256":"555d5195d9e6b6bbd648eccc1ec41fd5f018484a0ef5ef5c8f27753372f22942","sha512":"044fa0fb485a0311ecb58b30d5f12a6045202552ddfbbf791ab3f8cbd7d3687817233f0c1c18b5b590504823dbb3d8aeab4c9ae5c0ce330b0f125971c924e902","ssdeep":"384:jI0KAKJKJuA0yJz+oOdczhir0Py2cevkG4m6kGlbRPrVkGc:jI0KAKJK9B6oOdc1ir0PV9whrc","tlshash":"6592fbc8b6c1707a82eb52e4c95f610ab32b3455b1498880f465eba2397cedfd067f74","size":19879,"data":"","first_seen":"2023-03-07T01:15:18Z","last_seen":"2026-04-17T07:54:29.952766Z","times_seen":214,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6b73ee69e0.dea21aeefc.com/a0b7a45f5c4fed0ccb0ca0bd8ec0e3a4.js","fqdn":"6b73ee69e0.dea21aeefc.com","domain":"dea21aeefc.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f7ba2c15afda8c720fdae3bd8291389","sha1":"bb76f945501248bd51f85075aefb49752b74445b","sha256":"11a66a3646d02d2e338fbeb36c074a6505be6fff82d1cc2cda8b3604f0a84a8f","sha512":"fef0921725b46792f7f86f8d55c7d8377493d7c949b2de0ec6e1e260d31ee0796c2f90657069c25dd36d1276e4fdd45eadfd766cb014d054cf1d77150627c4ee","ssdeep":"12288:4iO6pTQUIfDchOHO68RPO2Si6EHlPUfVC+dKJTowRinDGQf7jbLExMLPWxhMs4h1:1ONux6EHjJcFnagwxd+2u/9","tlshash":"72d45b313290113970bfc8c6a6662b8d336cf24be9170f55f96faaa483dbd54f625384","size":604841,"data":"","first_seen":"2025-12-02T17:28:13.868894Z","last_seen":"2025-12-04T09:41:43.100303Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"dff932eb62b0ddaac2211366b4b01ebc","sha1":"9dab4d6ec387b84659b55330837eb7377f8d4f90","sha256":"6a95709e3e4f44a0dc86ff470f0d2bb12eb97af1cbd52c67542c43e693392bb6","sha512":"b60004f4b5caf487000de2d2f7ad7844afe6153f3d487d0ad001e009daf990122e3bcdce29b9cc80502df28d3429f0d3fab8fa22923f9f37efdef6cba77f1c54","ssdeep":"","tlshash":"1a9002da71c371009653326c407f188d613988e5288c4940915094922c6503491269ac","size":53,"data":"","first_seen":"2025-01-25T20:39:32.065702Z","last_seen":"2026-04-20T12:07:48.549799Z","times_seen":1391,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6b73ee69e0.dea21aeefc.com/b3733b651255e3d0a88e6e0548b1b96a.js","fqdn":"6b73ee69e0.dea21aeefc.com","domain":"dea21aeefc.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3815365ffebef8e0a2c0fc4f1fe75d09","sha1":"c779bc071272bf2548f9cb99a92c9d395f190ccb","sha256":"d8e4e7c9e7ca8b8aa5d6647481f64fb988c1dfbb4799d8d61a4212b97029151d","sha512":"33a9ca1a676b3e0c01eac2b2200f6f79c1ecaf7935c8d931dd15674bff25a487c250ecfb5f83101bd2c358a9a18543e7d726441963e8a6a7b7dcda9493026a45","ssdeep":"1536:OpOPpA6P9rHRFts5dWmj6zzKEpKf7JbcacZwJ8jBl8Q8MdnCZ9212FoX50jtQyET:U6FDTts5dWmOzGoKFoaswoQebX","tlshash":"c9e33adcb2d2b07407e75099d43f1206b73a1a16b80c9058f6a6e9c17878ddb5237f7a","size":147200,"data":"","first_seen":"2025-12-02T16:12:30.403703Z","last_seen":"2025-12-03T08:16:20.460212Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"notification.tubecup.net/tags?tag_id=15599\u0026timezone_olson=UTC\u0026version_name=a\u0026med_script_id=93\u0026page=https%3A//www.xmegadrive.com/","fqdn":"notification.tubecup.net","domain":"tubecup.net","tld":"net"},"ip":{"addr":"94.130.197.136","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 11:47:47 GMT","end":"Sun, 08 Feb 2026 11:47:46 GMT"},"fingerprint":{"sha1":"05:1E:63:2F:40:1F:87:C3:0D:F0:42:C7:EA:E8:B1:D8:6F:76:7C:FC","sha256":"1C:13:0E:F6:58:8A:8C:D7:DE:1F:9F:20:D5:17:50:15:02:D5:C8:8E:39:40:68:3F:01:24:F2:73:14:BA:25:0F"}}},"request":{"raw":"GET /tags?tag_id=15599\u0026timezone_olson=UTC\u0026version_name=a\u0026med_script_id=93\u0026page=https%3A//www.xmegadrive.com/ HTTP/1.1\r\nHost: notification.tubecup.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.22.0\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.22.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":108,"dns":34,"connect":26,"send":0,"wait":43,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gfxdn.pics/m/p/0/883/883207/conversions/0OErF2ya-in-page-ad-images.webp","fqdn":"gfxdn.pics","domain":"gfxdn.pics","tld":"pics"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gfxdn.pics","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 25 Nov 2025 02:32:18 GMT","end":"Mon, 23 Feb 2026 02:32:17 GMT"},"fingerprint":{"sha1":"59:A3:10:0E:01:BB:B6:42:41:EC:CA:20:A1:9C:5A:69:38:B7:65:8C","sha256":"CB:B6:EB:DF:E8:0D:46:F0:EC:4F:EC:81:B6:23:9E:AA:C1:C0:BE:F8:91:F5:6E:D7:3A:8D:72:66:18:A5:FF:36"}}},"request":{"raw":"GET /m/p/0/883/883207/conversions/0OErF2ya-in-page-ad-images.webp HTTP/1.1\r\nHost: gfxdn.pics\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3620\r\nserver: nginx\r\nlast-modified: Thu, 14 Nov 2024 08:23:51 GMT\r\netag: \"6735b397-e24\"\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3620,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ddc172743cd155fd27e0bae547e73113","sha1":"e83573e9479e0a192cf8e5f3a4ceecd4c4daa70f","sha256":"7f2c9895c384e3678906a850949bd7cd383dc29a3307d7beb8d74cc7da8501a9","sha512":"73b189cc089ebf8b4734adf39ea2e7811a11d90aba1236e5e7a8e2bc917e84bc9afd86333720200858e2bfb31e2058893c5a2b27128db940b914cf69efeea746","ssdeep":"","tlshash":"2f716db34cd53b26873c9f66a880729e0b85bce35329e834324c5b62d7be8652c09955","first_seen":"2024-12-30T10:43:12.873479Z","last_seen":"2026-04-19T06:14:27.29671Z","times_seen":559,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":43,"dns":3,"connect":19,"send":0,"wait":19,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"gfxdn.pics","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"gfxdn.pics","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352855/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352855/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9971\r\nLast-Modified: Tue, 02 Dec 2025 15:26:09 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f0511-26f3\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9971,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"00cff670958207cdaf1e9c5f61c8c295","sha1":"86dc146a1856f20719fa18d05f92379d6539a71b","sha256":"3639ae39e6f0cd19ced7aad85eb514f96cb7c9c9df08059bdd907f9c7fe13dc4","sha512":"12a4562649dc990daa13e96fb83f018b13ea4177e7688c0b0498cd849fb1b1cec18317b4062eb92946be5848d36ec81d79d65be789a77c0a2fe1f14fa2ee0a25","ssdeep":"192:h7UnHUDcsZGfw7czvYYac3d/7EmS8pgRYTq9vCOuf1M4f5:h7cUpZUdaclsmNz1M4x","tlshash":"6222bfdcb80161aaf922c37151e13e216116f9bbc2b8d29fb4d5392c152f4fa47b7308","first_seen":"2025-12-02T17:23:22.61237Z","last_seen":"2025-12-02T17:29:22.694887Z","times_seen":3,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":29,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/static/images/logo.png","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /static/images/logo.png HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: image/png\r\nContent-Length: 2627\r\nLast-Modified: Sat, 17 Dec 2022 12:37:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"639db81a-a43\"\r\nExpires: Wed, 03 Dec 2025 17:27:45 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2627,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 181 x 42, 8-bit/color RGBA, non-interlaced","md5":"b3f6a0588dac83d6f9de55ffafe04e35","sha1":"13f95ed9dbd19451c67f07a1348d907f1a943068","sha256":"1af423c9de695ef23202ceac079afb1ac6bb23cad3739e40ad18e2ef221563d7","sha512":"04d82e9b5a23aef5e2e206093bb8378b9ffd98baad0e6578f9eaaedabec3371dea4f0022be0d68b8d6bd0db2fcb3802f0a62f8fc2798bc5b95a4feb6368a623c","ssdeep":"","tlshash":"86514c41319802b9d3549ca2fe2f4d138ce5f2a92c3568898e2d2f242b708953708c57","first_seen":"2023-07-07T16:31:27Z","last_seen":"2026-04-10T14:08:26.577989Z","times_seen":72,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/static/images/search.svg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /static/images/search.svg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/static/styles/all-responsive-white.css?v=7.5\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Sat, 17 Dec 2022 12:37:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: W/\"639db81a-c43\"\r\nExpires: Wed, 03 Dec 2025 17:27:45 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3139,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c62651bf2decf3a3382df574746a9ffc","sha1":"800ec9e07fad5adc7b880479cace8af702f59c18","sha256":"69d77c01823b80be5ef5e5ac9a74cf0fcd2ebfe33f70be009e3ed22393c39899","sha512":"95a459e70b2b7bc5954443917ab2b43f323173a652a194a34f4f4959e6fd862ae37673d24d64deb186e7b711213391662ad974e331226887d3df2f9c8d87ed44","ssdeep":"","tlshash":"805172bb0a65219ba284a330c6ec16826775d11370900c58f34c5ef98f007b31cfee78","first_seen":"2023-04-21T02:01:12Z","last_seen":"2026-04-19T18:41:06.763002Z","times_seen":1943,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/?mode=async\u0026action=js_stats\u0026rand=1764696465774","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /?mode=async\u0026action=js_stats\u0026rand=1764696465774 HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nX-Powered-By: PHP/7.4.33\r\nX-Frame-Options: SAMEORIGIN\r\nSet-Cookie: kt_is_visited=1; expires=Wed, 03-Dec-2025 17:27:45 GMT; Max-Age=86400; path=/; domain=.xmegadrive.com; SameSite=Lax\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"57f187c7a868faeac558007a8eb6cb2e","sha1":"11ab10ab109fdb53d91d444ac781101f5a6360c6","sha256":"aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22","sha512":"3844065e1dd778a05e8cc39901fbf3191ded380d594359df137901ec56ca52e03d57eb60acc2421a0ee74f0733bbb5d781b7744685c26fb013a236f49b02fed3","ssdeep":"","tlshash":"5f900407c1500051c151c4310444cf1017407570010d030d50dc1055dc1715d0d01100","first_seen":"2023-04-07T09:22:11Z","last_seen":"2026-04-20T14:09:58.208445Z","times_seen":58280,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352861/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352861/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 8931\r\nLast-Modified: Tue, 02 Dec 2025 15:36:05 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f0765-22e3\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8931,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"d849feb82db6e241f846a9daf482bcbf","sha1":"2da4c7fd191e4bc0c84d917475310b2006b33062","sha256":"0175061288f2cb3857c468462647a8a3530ea27441d4e8e3496048aba4e63035","sha512":"8ae19a60857cdfe0f91ec8cf5715d0ad1d300843005c9f0a7ce50ba957e7145323507803095df4acd95035fc2c3791b36deaa3f46d1d72983bbd35c6c35729a4","ssdeep":"192:QTf29cauMMxUCfaDpkR4RMCmDUGDUS6xhSOVZd1hDv:QDqLF6UCfaDE4RMBrtMZ","tlshash":"4202bf5c3e9fcac6f1e6f9b65237d82f4e125ba4d1930b1ceb25283994c67e0084c445","first_seen":"2025-12-02T17:23:22.656905Z","last_seen":"2025-12-02T17:29:22.740089Z","times_seen":3,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":96,"dns":1,"connect":44,"send":0,"wait":45,"receive":1,"ssl":95},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6b73ee69e0.dea21aeefc.com/0ce9ba554926be7f165525567858f1eb.js","fqdn":"6b73ee69e0.dea21aeefc.com","domain":"dea21aeefc.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"6b73ee69e0.dea21aeefc.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 02:15:11 GMT","end":"Fri, 27 Feb 2026 02:15:10 GMT"},"fingerprint":{"sha1":"0C:50:78:06:50:BB:30:D2:46:F5:20:ED:FA:6C:81:DE:1D:B4:83:2F","sha256":"69:FE:8A:BC:3C:B6:CD:87:BE:78:CB:13:C6:C4:24:72:33:1E:E9:E5:6E:66:C2:CB:D6:AF:5D:E8:CE:15:14:2B"}}},"request":{"raw":"GET /0ce9ba554926be7f165525567858f1eb.js HTTP/1.1\r\nHost: 6b73ee69e0.dea21aeefc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Tue, 02 Dec 2025 09:41:59 GMT\r\netag: W/\"692eb467-3e78b\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 02 Dec 2025 17:32:46 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":255883,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65526), with no line terminators","md5":"6e9f9a87745e6489a59b7c371210ea38","sha1":"5701a995da3987c66be1595399762b062dda5ded","sha256":"b81609c7ada9555314321fd54cdc7ca79c7df79ab39f5522335a09af8f501188","sha512":"14c52406c4d894a841ea6e92922f2c5d0427e09047f1ea64043d2983089ed841b92ef1a23448cf8f18aad3b6687f2fe618b727c2d83430c644c822e8116af6e4","ssdeep":"3072:vt+5CPB7vcQ7qKEPsvQa6upiBz3gJRBWCmw+KQEJXG2nl2LqR9TkK:FSCdcQ714ubTBWm+yhf9TT","tlshash":"f6446cd1329478740593c0afe0770201b2382609f529b56cbabddeea6586dce2377f79","first_seen":"2025-12-02T11:51:56.578956Z","last_seen":"2025-12-04T09:41:43.084492Z","times_seen":6,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"f93c382250.1f0355218f.com/in/multy","fqdn":"f93c382250.1f0355218f.com","domain":"1f0355218f.com","tld":"com"},"ip":{"addr":"168.119.25.102","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1f0355218f.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 14:04:17 GMT","end":"Thu, 26 Feb 2026 14:04:16 GMT"},"fingerprint":{"sha1":"91:AD:7C:21:B5:6B:FF:3E:E7:14:52:3B:D9:19:76:C7:36:D9:6F:CA","sha256":"D1:F9:1F:D4:16:D5:AB:B7:FE:AC:D9:81:A9:14:2F:D3:AA:65:2D:E9:EC:90:49:7A:82:0C:38:82:9C:BC:84:F0"}}},"request":{"raw":"OPTIONS /in/multy HTTP/1.1\r\nHost: f93c382250.1f0355218f.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.xmegadrive.com/\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.18.0\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":110,"dns":24,"connect":24,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"f93c382250.1f0355218f.com/in/multy","fqdn":"f93c382250.1f0355218f.com","domain":"1f0355218f.com","tld":"com"},"ip":{"addr":"168.119.25.102","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1f0355218f.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 14:04:17 GMT","end":"Thu, 26 Feb 2026 14:04:16 GMT"},"fingerprint":{"sha1":"91:AD:7C:21:B5:6B:FF:3E:E7:14:52:3B:D9:19:76:C7:36:D9:6F:CA","sha256":"D1:F9:1F:D4:16:D5:AB:B7:FE:AC:D9:81:A9:14:2F:D3:AA:65:2D:E9:EC:90:49:7A:82:0C:38:82:9C:BC:84:F0"}}},"request":{"raw":"POST /in/multy HTTP/1.1\r\nHost: f93c382250.1f0355218f.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 2390\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2390,"data":"{\"imp\":[{\"ext\":{\"utm1\":\"\",\"utm2\":\"\",\"utm4\":\"\",\"refdomain\":\"\",\"labels\":\"\",\"tcid\":0,\"site\":\"native-push\",\"screen_resolution\":\"1280x1024\",\"ve\":\"\",\"mo\":\"\",\"format\":\"default-view-b_r-body\",\"idzone\":0,\"testab\":2,\"timezone_olson\":\"UTC\",\"blocked_verticals\":\"34,81\",\"after_video\":0,\"tu\":1,\"mm\":0,\"skins\":null,\"st\":0.01,\"spot_id\":12598,\"timezone\":0,\"subid\":\"1986595641\",\"wl\":1,\"event_id\":\"92ee33d3-1cd9-4564-9f43-4f5796b1b1b6\",\"sid\":1743053765,\"created_at\":\"2025-12-02\",\"ver\":\"7.487.1-b\",\"is_native\":1,\"device_theme\":\"light\",\"ad_tags\":\"Watch%2CFree%2CPorn%2COnline%2Cat%2CxMegaDrive%2Cfree%2Cporn%2Conline%2Cporn%2Cwatch%2Conline%2Cfemdom%2Cjoi%2Ccei%2Cshemales%2Cfemale%2Cdomination%2Cfemdom%2Cporn%2Ccei%2Cporn%2Cjoi%2Cporn%2Cshemale%2Cporn%2Cfree%2Cshemale%2Cfree%2Cfemdom%2Cfemdom%2Conline%2Ccei%2Conline%2Cjoi%2Conline%2CWatch%2CFree%2CFemdom%2CShemale%2CHandJob%2CPorn%2COnline%2Cat%2CxMegaDrive%2CFree%2CStreaming%2CPorn%2Cwith%2Cminimum%2Cads!\",\"user_keywords\":\"\",\"v2_track\":0,\"default_keywords\":\"\",\"tag_ab\":\"a\",\"suggestive\":0,\"v2\":0,\"features\":\"\",\"yfriendly_always\":false,\"is_iframe\":false,\"approved_mainstream\":0,\"default\":1},\"pext\":{\"ab\":0},\"metrics\":{\"topics\":[],\"prev_step_diff\":778}}],\"site\":{\"id\":\"12598\",\"cat\":[\"IAB25-3\"],\"page\":\"https%3A//www.xmegadrive.com/\",\"is_publisher\":true,\"ct\":0,\"ctid\":1,\"script_type\":\"antiadblock\",\"auc_domain_type\":\"hash\"},\"ext\":{\"dt\":1764696466765},\"user\":{\"fp\":0,\"fp_str\":\"\",\"ua_data\":null,\"events\":[],\"interest_ids\":[],\"click_status\":\"unknown\",\"keywords_history\":{\"keywords\":[],\"pages_count\":0},\"is_webview\":false,\"is_inapp\":false,\"telegram\":{\"user_id\":0,\"username\":\"\",\"is_premium\":false,\"color_scheme\":\"\",\"wallet_address\":\"\",\"wallet_balance\":\"\"},\"social_network\":\"\",\"audiences_ids\":[]},\"device\":{\"w\":1280,\"h\":1024},\"fp_params\":{\"plugins\":[\"PDF Viewer\",\"Chrome PDF Viewer\",\"Chromium PDF Viewer\",\"Microsoft Edge PDF Viewer\",\"WebKit built-in PDF\"],\"languages\":[\"en-US\",\"en\"],\"fonts\":[\"Bitstream Vera Sans Mono\",\"Century\"],\"fontPreferences\":{\"default\":173.11666870117188,\"apple\":173.11666870117188,\"serif\":173.11666870117188,\"sans\":162.01666259765625,\"mono\":122.68333435058594,\"min\":10.800003051757812,\"system\":162.01666259765625},\"platform\":\"Win32\",\"colorDepth\":24,\"deviceMemory\":0,\"hardwareConcurrency\":48,\"indexedDB\":true,\"sessionStorage\":true,\"localStorage\":true,\"cookiesEnabled\":true,\"colorGamut\":\"srgb\"},\"cached_mislead_offer\":{\"track_click_url\":\"\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\ncontent-type: application/json\r\ncontent-length: 7659\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65001,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d8d371ad056a798a5806fa07c9a25b9c","sha1":"76099fef70b3aa9ac983020f84a9ac23754da335","sha256":"c766a2ada77c424655cffe23909ff7251cd1d2eedabd39a3b6eec4e3d204e4b0","sha512":"642259e9e21fcbcb317a0279b6adf246364923f947cf4329e7e9e20063cb7b8a783ed14f29b56bb04ed4dd0d89e3e8d1d3f4d47062e3d7814b9f8cbc69c789be","ssdeep":"768:uGRz0kZd0kZv0kSs0kSO0kSO30kZC0kZCvSZ6hnnRtJ:rzndnv0s0O0O3nCnCvPB","tlshash":"e8537c240da79f7319ebc51aa306b99c31d8075b3fc549e8d6f1c25798a036e219fe8c","first_seen":"2025-12-02T17:28:13.863941Z","last_seen":"2025-12-02T17:28:13.863941Z","times_seen":1,"resource_available":false,"data":null}},"time_used":589,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":588,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"f93c382250.1f0355218f.com/in/show/?tag_ab=a\u0026site_id=3112598\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=hq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=0\u0026conditions=dch_ip,tz_offset,all\u0026ssp=3964\u0026page=https%3A%2F%2Fwww.xmegadrive.com%2F\u0026refdom=www.xmegadrive.com\u0026auction_time=1764696467\u0026subid=1986595641\u0026sid=1743053765\u0026tcid=0\u0026ver=7.487.1-b\u0026ver_c=\u0026spot_id=12598\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2025-12-02\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=95.60679304144446\u0026kubik_score=95.61\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1986595641%26spot_id%3D12598%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.xmegadrive.com%252F%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Frcdn-web.com%2Ft%2Fr.html%3Ft%3Dhttps%253A%252F%252Ffhvfd.com%252Fapi%252Fsubmit_form_request%253Fp%253D69c27462-159f-44c4-a91e-6f81396bb341%2526ts%253D1764696467%2526z%253D8863325\u0026icons=RZZ4c7zAd37AthFABpgVH0-sVnQo6n2fHbU692eIwdJGXtSyTzoxbmt4pCpWQ0CVrpCr3radzccxHMIEOAv84NK4w02CP0dr2-6UA2vDA5HkJD-KOP0LNA3QWPFx5ld-4jqJhHZI6g83NVWAnyJGDKnfN3zu_aRLYFGaz8YSCnT1-jq1pQ\u0026ext_cid=0\u0026px_id=10886456\u0026min_cpm=0.01710617447649546\u0026out_id=1\u0026campaign_type=lq-pop\u0026aid=4217\u0026cid=22320\u0026uniq=\u0026mid=1466660029922223044\u0026skin_id=2\u0026vertical_id=0\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.020161996447424377\u0026cpm=0.01700528092176786\u0026verify_hash=d3fa1cb8bbd42d831508be4b60db73b9\u0026verify_hash_v2=49a8d60d6f0562b6a28515294f3044cdb0d13adc0e1cc1ba1a642a84f8358dd4\u0026is_native=2\u0026real_bid=0.0010011119999999997\u0026original_bid_usd=0.0010011119999999997\u0026original_bid=0.0010011119999999997\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0%29%20Gecko%2F20100101%20Firefox%2F134.0\u0026ip_mismatch=91.90.42.154\u0026geo=NO\u0026carrier=-\u0026label_ids=4,89,20,27,150,0,108\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=1\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0.0010011119999999997\u0026hostname=auc-inpage-hz-12-a\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.0010011119999999997\u0026ext_campaign_id_str=\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=Femdom%2CAdult%2CShemale%2CMILF%2CHandjob\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.016986392053804034\u0026social_network=\u0026publisher_id=266\u0026advanced_pub_id=81054\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=default-view-b_r-body\u0026mlf=1\u0026mlc=1\u0026cpa=6cf11323-8c29-486a-b69f-319d1184fa06\u0026prev_step_diff=873\u0026st=0.03","fqdn":"f93c382250.1f0355218f.com","domain":"1f0355218f.com","tld":"com"},"ip":{"addr":"168.119.25.102","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1f0355218f.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 14:04:17 GMT","end":"Thu, 26 Feb 2026 14:04:16 GMT"},"fingerprint":{"sha1":"91:AD:7C:21:B5:6B:FF:3E:E7:14:52:3B:D9:19:76:C7:36:D9:6F:CA","sha256":"D1:F9:1F:D4:16:D5:AB:B7:FE:AC:D9:81:A9:14:2F:D3:AA:65:2D:E9:EC:90:49:7A:82:0C:38:82:9C:BC:84:F0"}}},"request":{"raw":"GET /in/show/?tag_ab=a\u0026site_id=3112598\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=hq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=0\u0026conditions=dch_ip,tz_offset,all\u0026ssp=3964\u0026page=https%3A%2F%2Fwww.xmegadrive.com%2F\u0026refdom=www.xmegadrive.com\u0026auction_time=1764696467\u0026subid=1986595641\u0026sid=1743053765\u0026tcid=0\u0026ver=7.487.1-b\u0026ver_c=\u0026spot_id=12598\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2025-12-02\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=95.60679304144446\u0026kubik_score=95.61\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1986595641%26spot_id%3D12598%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.xmegadrive.com%252F%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Frcdn-web.com%2Ft%2Fr.html%3Ft%3Dhttps%253A%252F%252Ffhvfd.com%252Fapi%252Fsubmit_form_request%253Fp%253D69c27462-159f-44c4-a91e-6f81396bb341%2526ts%253D1764696467%2526z%253D8863325\u0026icons=RZZ4c7zAd37AthFABpgVH0-sVnQo6n2fHbU692eIwdJGXtSyTzoxbmt4pCpWQ0CVrpCr3radzccxHMIEOAv84NK4w02CP0dr2-6UA2vDA5HkJD-KOP0LNA3QWPFx5ld-4jqJhHZI6g83NVWAnyJGDKnfN3zu_aRLYFGaz8YSCnT1-jq1pQ\u0026ext_cid=0\u0026px_id=10886456\u0026min_cpm=0.01710617447649546\u0026out_id=1\u0026campaign_type=lq-pop\u0026aid=4217\u0026cid=22320\u0026uniq=\u0026mid=1466660029922223044\u0026skin_id=2\u0026vertical_id=0\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.020161996447424377\u0026cpm=0.01700528092176786\u0026verify_hash=d3fa1cb8bbd42d831508be4b60db73b9\u0026verify_hash_v2=49a8d60d6f0562b6a28515294f3044cdb0d13adc0e1cc1ba1a642a84f8358dd4\u0026is_native=2\u0026real_bid=0.0010011119999999997\u0026original_bid_usd=0.0010011119999999997\u0026original_bid=0.0010011119999999997\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0%29%20Gecko%2F20100101%20Firefox%2F134.0\u0026ip_mismatch=91.90.42.154\u0026geo=NO\u0026carrier=-\u0026label_ids=4,89,20,27,150,0,108\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=1\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0.0010011119999999997\u0026hostname=auc-inpage-hz-12-a\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.0010011119999999997\u0026ext_campaign_id_str=\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=Femdom%2CAdult%2CShemale%2CMILF%2CHandjob\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.016986392053804034\u0026social_network=\u0026publisher_id=266\u0026advanced_pub_id=81054\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=default-view-b_r-body\u0026mlf=1\u0026mlc=1\u0026cpa=6cf11323-8c29-486a-b69f-319d1184fa06\u0026prev_step_diff=873\u0026st=0.03 HTTP/1.1\r\nHost: f93c382250.1f0355218f.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352867/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352867/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 10339\r\nLast-Modified: Tue, 02 Dec 2025 16:43:05 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f1719-2863\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10339,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"12f01976ab35e24214c65f5177a60d2a","sha1":"c0199c0171e13a509ef96449714acdd2c81d84d1","sha256":"dfb95f1eba43926f9b1db0a9189f3df6b527d99680c2c6be44bb20bc11cda59d","sha512":"086af143d67efe39c9d292e0d372d82394de2b0224c5d5a408caf24fa667a3124d7446313a588c31fe834b51c691e891e8075269d69b58675801e52ed0d30daf","ssdeep":"192:lMLA7M7AifwLpNAXsTvk5931ZQWK1VUN2j/T8uEaf3IqSNo:uk77igOszkTnKbUNS/II/Wo","tlshash":"c222c062f6168e13b757dcf3488b2ee027cc843148e692dc656d17727bd85e0984d4ae","first_seen":"2025-12-02T17:23:22.608197Z","last_seen":"2025-12-03T06:38:43.264265Z","times_seen":4,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352856/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352856/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9735\r\nLast-Modified: Tue, 02 Dec 2025 15:27:03 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f0547-2607\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9735,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"5cb8df5058e606d4e5869cf90f8d4d7f","sha1":"b2ce55e2d255e90ce4341292496e40f38453e3a4","sha256":"82bc624471ec00b3a30032bc589d985540a88d70d7d18d07ee66ebf913d79e09","sha512":"e1488463d9619cb3821a96f3c4aadd8f50562be17318c7470216be427c43e2ba04e6dd2d4aaf87453a0f701eed5fbfa9a7897c09a4235834b7fd003455496213","ssdeep":"192:86NOv5TUJg7P3r3zeFzoCAuPL6guBvtkZbz8J5OGj4z0Sj/ugs:8GOv5T7PeVPPL2oeQEe/uP","tlshash":"d212b0e17472b1a3d208f7a515177dd962ba22f63153847f49fb0670ed170aa600d1c7","first_seen":"2025-12-02T17:23:22.636398Z","last_seen":"2025-12-02T17:29:22.688894Z","times_seen":3,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":20,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"adsession.exacdn.com/popunder1000.js","fqdn":"adsession.exacdn.com","domain":"exacdn.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exacdn.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:31:43 GMT","end":"Sat, 17 Jan 2026 14:31:42 GMT"},"fingerprint":{"sha1":"CA:0B:20:D8:26:DE:FB:B3:F5:77:F7:D0:17:CC:E5:33:5C:E3:ED:F0","sha256":"A0:99:F2:EC:FE:CE:CF:A9:7D:A5:41:12:C7:33:0B:16:1C:28:0A:22:A8:6C:07:DF:6B:E3:9E:E5:E1:21:77:3B"}}},"request":{"raw":"GET /popunder1000.js HTTP/1.1\r\nHost: adsession.exacdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:45 GMT\r\ncontent-type: application/javascript\r\netag: W/\"5b6407ca0c6aba6b3b33f280641\"\r\nexpires: Tue, 25 Nov 2025 15:51:34 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3UhYAAAwBuUwKCQH3AgAAAAwBT3/Y+AW1AAAAAA\r\nx-77-nzt-ray: 2a494a15b17acb0bb6212f69d77da21f\r\nx-77-cache: HIT\r\nx-77-age: 5714\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":105337,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"eb704b432948fe40bc9f658993fbf098","sha1":"5b6407ca0c6aba6b3b33f280641433818a4a12a8","sha256":"60bb096182a62ef0b979aa90c4070b810433cd61c8b63883e23912d466cdc071","sha512":"8133535c20908bc2f555a3d85f7d1b3fa983957cbba36345bbc2acd8cffab125148cbf02e5565d49afb602a166476e1ff843cff5c08539c180648b590a56878a","ssdeep":"1536:6+sUFCLmY6s3bQkVitoBzgF5X5Z5jzQnVv1DxFsqsKxgZGSmiiva3:6+LamY6s3UQiGzaPYVtvsq5xgXmO","tlshash":"64a3068c75d2f46c87bbe0fa047f708fb5bd6ac3308c6444d6a2d5b47ca4a4a8273959","first_seen":"2025-11-26T14:51:32.534801Z","last_seen":"2025-12-08T11:38:35.316819Z","times_seen":22,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":50,"dns":37,"connect":1,"send":0,"wait":2,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/static/images/fonts/icomoon.ttf?nddhpi","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /static/images/fonts/icomoon.ttf?nddhpi HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/static/styles/all-responsive-white.css?v=7.5\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: application/font-sfnt\r\nContent-Length: 9568\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nLast-Modified: Sat, 17 Dec 2022 12:37:46 GMT\r\nETag: \"2560-5f0055a6f9475\"\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9568,"size_decoded":0,"mime_type":"application/font-sfnt","magic":"TrueType Font data, 11 tables, 1st \"OS/2\", 14 names, Macintosh, type 1 string, icomoon    ","md5":"21263355cf739547055f2da9fd6759bd","sha1":"762384d3af0de2d2bd630855b3f388326038ba92","sha256":"2674595ece6d29bba3197719873b35d8e2893e9eb3a0271bad0ea717e9b3d405","sha512":"4866f02e65742a717fdd9e154d6993be6bdce535383a48007da843edb03d31ab17e15b9383f8a2c82c07a058e3778d49aff6430868f8e951852b33ce4ee580e1","ssdeep":"192:2v65PU01LYPoAQkLUJ8yLoGQlDudvV51IBkOfdhNlNvhKezV3pz3H3lPV2K:f5IPoAfIyCQOvvWPFhN/sezV3pz3H3d5","tlshash":"1f122c02db9ecfe9d992cab49952c120dee0dc06d63ed79aa0415c86f4198ec8d3cb19","first_seen":"2023-04-07T07:56:54Z","last_seen":"2026-04-19T20:36:04.509881Z","times_seen":3003,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":48,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.gentlefieldpattern.com/venor.php","fqdn":"s.gentlefieldpattern.com","domain":"gentlefieldpattern.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gentlefieldpattern.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Oct 2025 07:05:27 GMT","end":"Wed, 21 Jan 2026 07:05:26 GMT"},"fingerprint":{"sha1":"CC:67:C9:F8:15:CE:CA:B5:19:9F:8C:93:70:41:41:FC:E2:FC:EF:7C","sha256":"75:BF:5A:D8:1B:DE:1F:E8:E0:46:26:CD:5F:B6:C8:C8:DF:5B:19:F5:EE:A8:E7:4A:04:52:6B:7B:9E:4B:FD:71"}}},"request":{"raw":"GET /venor.php HTTP/1.1\r\nHost: s.gentlefieldpattern.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-04-20T14:00:18.530863Z","times_seen":106981,"resource_available":true,"data":null}},"time_used":151,"timings":{"blocked":62,"dns":1,"connect":26,"send":0,"wait":27,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s.gentlefieldpattern.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gfxdn.pics/m/p/0/883/883208/conversions/M4Y7kv1Z-in-page-ad-icons.webp","fqdn":"gfxdn.pics","domain":"gfxdn.pics","tld":"pics"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gfxdn.pics","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 25 Nov 2025 02:32:18 GMT","end":"Mon, 23 Feb 2026 02:32:17 GMT"},"fingerprint":{"sha1":"59:A3:10:0E:01:BB:B6:42:41:EC:CA:20:A1:9C:5A:69:38:B7:65:8C","sha256":"CB:B6:EB:DF:E8:0D:46:F0:EC:4F:EC:81:B6:23:9E:AA:C1:C0:BE:F8:91:F5:6E:D7:3A:8D:72:66:18:A5:FF:36"}}},"request":{"raw":"GET /m/p/0/883/883208/conversions/M4Y7kv1Z-in-page-ad-icons.webp HTTP/1.1\r\nHost: gfxdn.pics\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2500\r\nserver: nginx\r\nlast-modified: Wed, 02 Apr 2025 14:36:17 GMT\r\netag: \"67ed4b61-9c4\"\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2500,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"506cec76802f7ccf140baf01794ce1d8","sha1":"105bb4b9d99ee161072e4e9b32db512b874044b6","sha256":"95112be1f48aeb7dbfd1a6fe5b7580e9a04de01d3c6d4cf18d7321dfa44bcb3b","sha512":"4afd0edbc36ebd1ac9003fe636e02769cb11bbb8c6ad99d61c746b7813822ce1b98b887c8894642c9fcc717a79b0054304dd2445b86848b8839008f4c461e252","ssdeep":"","tlshash":"14514d7a805ce913dd6547399872f16b2784030119823bfb4a1d34a8836be535e17d1f","first_seen":"2025-04-03T05:17:31.623862Z","last_seen":"2026-04-19T06:14:27.324399Z","times_seen":323,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"gfxdn.pics","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xmegadrive.com/","fqdn":"xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-02T17:27:44.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:44 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nLocation: https://www.xmegadrive.com/\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68096,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":332,"timings":{"blocked":143,"dns":0,"connect":44,"send":0,"wait":45,"receive":0,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=15599","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 11:47:47 GMT","end":"Sun, 08 Feb 2026 11:47:46 GMT"},"fingerprint":{"sha1":"05:1E:63:2F:40:1F:87:C3:0D:F0:42:C7:EA:E8:B1:D8:6F:76:7C:FC","sha256":"1C:13:0E:F6:58:8A:8C:D7:DE:1F:9F:20:D5:17:50:15:02:D5:C8:8E:39:40:68:3F:01:24:F2:73:14:BA:25:0F"}}},"request":{"raw":"OPTIONS /fp?tag_id=15599 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.xmegadrive.com/\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.20.1\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type\r\nAccess-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\nAccess-Control-Allow-Origin: https://www.xmegadrive.com\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":186,"timings":{"blocked":80,"dns":1,"connect":25,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"6b73ee69e0.dea21aeefc.com/a0b7a45f5c4fed0ccb0ca0bd8ec0e3a4.js","fqdn":"6b73ee69e0.dea21aeefc.com","domain":"dea21aeefc.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"6b73ee69e0.dea21aeefc.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 02:15:11 GMT","end":"Fri, 27 Feb 2026 02:15:10 GMT"},"fingerprint":{"sha1":"0C:50:78:06:50:BB:30:D2:46:F5:20:ED:FA:6C:81:DE:1D:B4:83:2F","sha256":"69:FE:8A:BC:3C:B6:CD:87:BE:78:CB:13:C6:C4:24:72:33:1E:E9:E5:6E:66:C2:CB:D6:AF:5D:E8:CE:15:14:2B"}}},"request":{"raw":"GET /a0b7a45f5c4fed0ccb0ca0bd8ec0e3a4.js HTTP/1.1\r\nHost: 6b73ee69e0.dea21aeefc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Tue, 02 Dec 2025 09:41:53 GMT\r\netag: W/\"692eb461-93aa9\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 02 Dec 2025 17:32:46 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":604841,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"1f7ba2c15afda8c720fdae3bd8291389","sha1":"bb76f945501248bd51f85075aefb49752b74445b","sha256":"11a66a3646d02d2e338fbeb36c074a6505be6fff82d1cc2cda8b3604f0a84a8f","sha512":"fef0921725b46792f7f86f8d55c7d8377493d7c949b2de0ec6e1e260d31ee0796c2f90657069c25dd36d1276e4fdd45eadfd766cb014d054cf1d77150627c4ee","ssdeep":"12288:4iO6pTQUIfDchOHO68RPO2Si6EHlPUfVC+dKJTowRinDGQf7jbLExMLPWxhMs4h1:1ONux6EHjJcFnagwxd+2u/9","tlshash":"72d45b313290113970bfc8c6a6662b8d336cf24be9170f55f96faaa483dbd54f625384","first_seen":"2025-12-02T17:28:13.868894Z","last_seen":"2025-12-04T09:41:43.100303Z","times_seen":4,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/favicon-16x16.png","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /favicon-16x16.png HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: image/png\r\nContent-Length: 896\r\nLast-Modified: Wed, 11 Jan 2023 16:06:12 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"63bede74-380\"\r\nExpires: Wed, 03 Dec 2025 17:27:45 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":896,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"e41a915980cfc58f49779685cffcd722","sha1":"bc055014549b2865dabad1bf3e98b32a899db380","sha256":"d73a5315933dada68538152d338258aff89ced6d7cae25a6f487aa10493b55c3","sha512":"9623ac69ae420f572884c179f4e70e17fc3b879de5f4946778598b37deba375adfa385bade6349aa100a7ef3e69b597532e4e364c39aaff09feea5bb34a0819c","ssdeep":"","tlshash":"041196da288ca43eeccb09760692fb521d591a2e3fbf97283e13e828875505f50c1bc5","first_seen":"2023-04-21T02:01:13Z","last_seen":"2026-04-10T14:08:26.56738Z","times_seen":71,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6b73ee69e0.dea21aeefc.com/952c686bf34e100af8c594a363c993ea/15599?version_name=a\u0026domain=www.xmegadrive.com","fqdn":"6b73ee69e0.dea21aeefc.com","domain":"dea21aeefc.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"6b73ee69e0.dea21aeefc.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 02:15:11 GMT","end":"Fri, 27 Feb 2026 02:15:10 GMT"},"fingerprint":{"sha1":"0C:50:78:06:50:BB:30:D2:46:F5:20:ED:FA:6C:81:DE:1D:B4:83:2F","sha256":"69:FE:8A:BC:3C:B6:CD:87:BE:78:CB:13:C6:C4:24:72:33:1E:E9:E5:6E:66:C2:CB:D6:AF:5D:E8:CE:15:14:2B"}}},"request":{"raw":"GET /952c686bf34e100af8c594a363c993ea/15599?version_name=a\u0026domain=www.xmegadrive.com HTTP/1.1\r\nHost: 6b73ee69e0.dea21aeefc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\ncontent-type: application/json\r\nserver: nginx/1.18.0\r\ncache-control: max-age=300\r\nexpires: Tue, 02 Dec 2025 17:32:46 GMT\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1876,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"dccc61b23e38c2b6db5fba0612b5bac5","sha1":"76ed9b4c45529b237878f782c5cd3dda697ad4da","sha256":"a94f1c74729198fe7c86e1834c4022f833e9c04d679867b7cb6020e829acca38","sha512":"a4e1362bbbd2fa43e35d0be1d89afe6f8848d2bb65f89712592c49dbeee1a529f48f4b8cb8e574675e929a7d499b52c455d4afef9d7aae7479635b8ce3a35aca","ssdeep":"","tlshash":"6331a9f48934c8f6d0f04a86e542778e952c326b71c4b949f4fec8b806ed96b0f1611b","first_seen":"2025-11-02T23:23:05.952808Z","last_seen":"2025-12-16T07:55:49.146258Z","times_seen":20,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352866/320x180/4.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352866/320x180/4.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 13350\r\nLast-Modified: Tue, 02 Dec 2025 16:33:31 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f14db-3426\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13350,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"b16b2fd95ebfdf6e89d59c35fbc5068f","sha1":"58d19a5a52b13cadffac554380a4629f6ea8547d","sha256":"9d2d32bec49f3e3d9ab1bda88e4de659f785194e9aa4ad5f6d0d40ecec95f73a","sha512":"46abe1ab8f2cab3f97964c7fd3adb1a106e5c514907e8b5594ecf70114f91164288451a74da1ca0c451adde7bd47e8b3a3b12adf4b468a4894c49e9819ef2d8e","ssdeep":"192:KnYFBXFMEmm0zFH2QDloXYunFu/U2aFUUHNni2MPv9zh4mFa3P9YZPul8Dq0kpO/:QM5mmpJn4PaervBk6clYkpORF37r","tlshash":"ee52c029ffe78fa558f3f63a2551568433de7702e32c331ebf58671d22850615a51c01","first_seen":"2025-12-02T17:23:22.634596Z","last_seen":"2025-12-03T06:38:43.330503Z","times_seen":4,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352868/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352868/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 15017\r\nLast-Modified: Tue, 02 Dec 2025 16:52:04 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f1934-3aa9\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15017,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"0dcd9ff79c9a3133581ccb986a35d1a8","sha1":"3ec39c8b32af914f0fd8f2fd26819e60a9b94c82","sha256":"569c41ceebaf4a4c820e4710f988f68ae6d5fc0d5b8bd3df519f59884e15ab2f","sha512":"39e6d4e8e832fa99bb99e374f1bbed353d5908a77b0c99f2ccbf7e654974fdea7caa110eddbdd9cbe3c50c25458f8f22f1b52e26251e545328e3ce30802fe3eb","ssdeep":"384:F5KKgq9X0e50ZLUNbZwD8pvX1zaVlpfhm+n+i4hv2:F5aqZ0mxeAX2Vrhv+r2","tlshash":"0f62d067b7f8c7e189f7ea7432112f19126a0161ae82c54c45fe99a85c7dec28e90c4c","first_seen":"2025-12-02T17:23:22.562237Z","last_seen":"2025-12-03T06:38:43.324655Z","times_seen":4,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352858/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352858/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 12701\r\nLast-Modified: Tue, 02 Dec 2025 15:29:09 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f05c5-319d\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12701,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"41b9bdf495b6efde3ee133fdfc57cf2a","sha1":"2d48a5daf416e5b666ef65752a69e862aa4b5052","sha256":"7438589c28962b9b22061e87c4248deb7f04249a5e3dd26f0e829cc75851706e","sha512":"d30f8261ee94ea72668f315472e921aae23c813fa5bf9ee4cab1187b9527a178431c9239c67353691851f4c22a8b5f78eeb43128fe1d36d1859839f4d3bad1b8","ssdeep":"192:97+YgD8d6kaG1Xl+i8j1mod/Q+rOVEnnWjHH8iTgaR8EoCzWu+NhzSGAMdetQ/U1:9zgD8wcyi85/Q+pCHIwWqRqmmdeVsr2","tlshash":"ca42c025fd20a9fd9c54f0bb02a4b33c936e9f61a2855acc49cfb4109653a4756f2e2c","first_seen":"2025-12-02T17:23:22.67334Z","last_seen":"2025-12-02T17:29:22.674271Z","times_seen":3,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352865/320x180/1.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352865/320x180/1.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 15490\r\nLast-Modified: Tue, 02 Dec 2025 16:29:04 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f13d0-3c82\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15490,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"d533102c1f93d4ba7cd4f2ca3dc89d2f","sha1":"81bbd0feeb1db38c2b98c98bcccc4144a0d1793f","sha256":"08f78130e1af43179d3fde93322343bf65e05bf8e0579ed11e0b803c6879df38","sha512":"98ef7ac7bede020f45486d01c4424d86650d8cd841bffe5fdfe346e0248664ca888917ea10793ed7c42815ccc4f491f2e2259c2bfb00bf240424460953f06022","ssdeep":"384:hCW5iqoAcjfnhBXTV5zzxg2j8bRcvnUGH1OUQ:hCKNaThBXPJxGqT8N","tlshash":"0762d0da7b41346e8d439f3b1276a5761e04d4828aa9f91dc22e62d4c54fbef08c2e1c","first_seen":"2025-12-02T17:23:22.655546Z","last_seen":"2025-12-03T06:38:43.281802Z","times_seen":4,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"72c5f4f03e.482e528949.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNTY0NDg2NDgxOTMxMDQzNjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjM5LjMiLCJ0YWdfaWQiOjE1NTk5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNjQsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MH0=","fqdn":"72c5f4f03e.482e528949.com","domain":"482e528949.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"72c5f4f03e.482e528949.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 02:48:05 GMT","end":"Fri, 27 Feb 2026 02:48:04 GMT"},"fingerprint":{"sha1":"F2:12:38:86:54:A9:0E:26:D7:00:85:86:1F:1B:53:DE:99:AF:5D:F3","sha256":"B7:C4:17:44:16:5F:00:A2:4D:95:53:38:93:2A:BE:F3:03:3E:32:68:1A:36:18:95:04:8A:35:70:19:A1:53:1C"}}},"request":{"raw":"GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNTY0NDg2NDgxOTMxMDQzNjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjM5LjMiLCJ0YWdfaWQiOjE1NTk5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNjQsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MH0= HTTP/1.1\r\nHost: 72c5f4f03e.482e528949.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\ncontent-length: 0\r\nserver: nginx/1.18.0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nx-cdn-host-id: AH1747\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":349,"timings":{"blocked":157,"dns":108,"connect":21,"send":0,"wait":33,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"72c5f4f03e.482e528949.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"72c5f4f03e.482e528949.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"72c5f4f03e.482e528949.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S1610790605:1764696467180882\u0026ifkv=ARESoU2ip-q29prlhVwyWcaT7BgG3Wsop6AIPf2wqHg2HcLcmpYp6tn6HvtpHuJbCdJfEW1I17Tq","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.147.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:46 GMT","end":"Mon, 19 Jan 2026 08:35:45 GMT"},"fingerprint":{"sha1":"24:7C:52:9A:14:62:BE:F8:93:1F:AE:0D:94:C9:F5:D1:B7:6C:B1:16","sha256":"4E:59:5E:29:62:6C:9E:E6:D9:2F:72:AA:20:76:DD:CF:73:BC:E3:95:17:09:AD:C0:7B:3F:55:8E:44:6F:E9:58"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S1610790605:1764696467180882\u0026ifkv=ARESoU2ip-q29prlhVwyWcaT7BgG3Wsop6AIPf2wqHg2HcLcmpYp6tn6HvtpHuJbCdJfEW1I17Tq HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:1Tgh-Hsv_SNz8_tXcsWSwNgwKxJEfA:DsEUc8k7j15zPDmA;Path=/;Expires=Thu, 02-Dec-2027 17:27:47 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S1610790605%3A1764696467180882\u0026hl=en\u0026ifkv=ARESoU3CxyoCDGj8ylCfGF1i5CTmCm6Me1BDWEVoZG6yljsg7ciNiZHXTHw7bypGzZcKNwNhpi9l\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-Ldxo8dQsFEeEj0UQ4yWzqQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 412\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp","fqdn":"static.bookmsg.com","domain":"bookmsg.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bookmsg.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 02:32:10 GMT","end":"Tue, 24 Feb 2026 02:32:09 GMT"},"fingerprint":{"sha1":"29:5C:89:52:D7:80:3C:68:75:40:DE:B6:BD:B5:5F:35:72:C7:1D:EF","sha256":"D8:38:DC:B0:0F:D6:AA:DF:02:2B:D2:7C:72:6A:97:38:42:7A:02:CE:89:F1:AE:0B:95:0B:DF:F4:4D:18:1E:DE"}}},"request":{"raw":"GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp HTTP/1.1\r\nHost: static.bookmsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 486\r\nserver: nginx/1.24.0\r\nlast-modified: Fri, 31 May 2024 10:56:43 GMT\r\netag: \"6659aceb-1e6\"\r\nexpires: Wed, 02 Dec 2026 17:27:47 GMT\r\ncache-control: max-age=31536000\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":486,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ceeb4e8840c24621c0e0352b42b38a5b","sha1":"03cbceb0134a39267014595938705e2916580644","sha256":"50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3","sha512":"80d4128488580567597ba5eb65dbff2dd4a8efc625c64cac6a027a1bb5c229545206669f04a50a252b54f471bee4fdc892e6bfe8347a50dd216bba67bd671a03","ssdeep":"","tlshash":"9bf00544191cd36c2a3c607afd74eb74a4074aa459226017cce447b08956811e856c1c","first_seen":"2024-02-20T18:30:33Z","last_seen":"2026-04-20T11:42:31.500977Z","times_seen":10997,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":75,"dns":27,"connect":19,"send":0,"wait":19,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/static/styles/all-responsive-white.css?v=7.5","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /static/styles/all-responsive-white.css?v=7.5 HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: text/css\r\nLast-Modified: Sat, 17 Dec 2022 12:37:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: W/\"639db81a-27b1f\"\r\nExpires: Wed, 03 Dec 2025 17:27:45 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":162591,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (15274), with CRLF line terminators","md5":"17a794050596bfd735b36f297c51f5d2","sha1":"ec5f491a7dabfa8ad1a917a9ffd9e37d330fa1ce","sha256":"c40c7878c05ba3283b84fafcd793de6d3b2c786ec2b2191a3ceb0bb56647c8d3","sha512":"79592892db03b97c142e552da8c677b379113c17eec096368459cd6ea88faea86f00f36d6a4851e127c969275d5ed5d4e2a3bb8c7a16ed20b4215702463b9979","ssdeep":"1536:xeV2Qi2A2Zp2Hf2u5AWq2D2dvO2ZZmhF2q2pJ282QntO0FOjOwOU:I/9O0+","tlshash":"03f3837cd61811046137de697fe90b297b7cc023ca0203f9fee79145938aa9845a6fde","first_seen":"2023-04-07T23:31:30Z","last_seen":"2026-04-10T14:08:26.558053Z","times_seen":92,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/static/styles/jquery.fancybox-white.css?v=7.5","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /static/styles/jquery.fancybox-white.css?v=7.5 HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: text/css\r\nLast-Modified: Sat, 17 Dec 2022 12:37:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: W/\"639db81a-14e6\"\r\nExpires: Wed, 03 Dec 2025 17:27:45 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5350,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"b950cbda5ae14baf3ced714102af5927","sha1":"120b575ab74a00eeaf053b376343baea4107da78","sha256":"7c2d66cf9c0890fb658c33803d422bed108a5437e9a7491a265efdfb3da1caaa","sha512":"38d6636c9cc8f1c3854bb9b2e228fee51024d83e7f6face2d63daa728f77ae7b8b1b90f0d6eeb8762857fcbc663dec95fccd46f1584f94bcbe2e9c86d542fd96","ssdeep":"96:hZ3b04GobhJNn5UQZXJa2sOTBNlSpUqSnyMgYz0zO2brOa82mQVqGsWM:hNJN5ts2sEBvA7SyMl0zbr1mQvM","tlshash":"cfb1a76fa691300a643b9f54e77f1a69ce711425b60202ffb1acf12583d47f671b24d8","first_seen":"2023-04-07T23:31:30Z","last_seen":"2026-04-19T18:41:06.768477Z","times_seen":889,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":104,"dns":1,"connect":33,"send":0,"wait":34,"receive":0,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352860/320x180/4.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352860/320x180/4.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 10796\r\nLast-Modified: Tue, 02 Dec 2025 15:32:04 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f0674-2a2c\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10796,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"b7d53cb030a7f502182edf528a376929","sha1":"1850b9330330338318dfa5fc5193a0ce4ed0bbe3","sha256":"7878d7eabca5deefd35c220d183e385af402885187988540db53273bcccac902","sha512":"0736aedc62252d4f464eb873f677ca5cf9e7756e46fbbcad39cb881dc0dd3771eb737aa5d6e44f45bc338678321db5c1c93e459e541556fe9ffb7101ac05d5c6","ssdeep":"192:t9MbF8uUXltIXGN4Yg1Ibc32fa3vxg5ZKx3slUnAFZL6me:roQl8ULg1Ibc5vUVDFsJ","tlshash":"7e22a04f7799d1a2e457c9b6f661d09393088e2c7920f92f48c8b4efb524182752d1af","first_seen":"2025-12-02T17:23:22.643324Z","last_seen":"2025-12-02T17:29:22.71039Z","times_seen":3,"resource_available":false,"data":null}},"time_used":290,"timings":{"blocked":97,"dns":1,"connect":46,"send":0,"wait":45,"receive":1,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.147.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:46 GMT","end":"Mon, 19 Jan 2026 08:35:45 GMT"},"fingerprint":{"sha1":"24:7C:52:9A:14:62:BE:F8:93:1F:AE:0D:94:C9:F5:D1:B7:6C:B1:16","sha256":"4E:59:5E:29:62:6C:9E:E6:D9:2F:72:AA:20:76:DD:CF:73:BC:E3:95:17:09:AD:C0:7B:3F:55:8E:44:6F:E9:58"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:GgtTuE7aRN1UzpaIRYfxMW6LXin87A:oSwpOYGnOSoJY7ti; Expires=Thu, 02-Dec-2027 17:27:47 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S1610790605:1764696467180882\u0026ifkv=ARESoU2ip-q29prlhVwyWcaT7BgG3Wsop6AIPf2wqHg2HcLcmpYp6tn6HvtpHuJbCdJfEW1I17Tq\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-_pWsneQUSSB1H2yF50tZtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncross-origin-opener-policy: unsafe-none\r\ncross-origin-resource-policy: cross-origin\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":110,"dns":0,"connect":22,"send":0,"wait":34,"receive":0,"ssl":97},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp","fqdn":"static.bookmsg.com","domain":"bookmsg.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bookmsg.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 02:32:10 GMT","end":"Tue, 24 Feb 2026 02:32:09 GMT"},"fingerprint":{"sha1":"29:5C:89:52:D7:80:3C:68:75:40:DE:B6:BD:B5:5F:35:72:C7:1D:EF","sha256":"D8:38:DC:B0:0F:D6:AA:DF:02:2B:D2:7C:72:6A:97:38:42:7A:02:CE:89:F1:AE:0B:95:0B:DF:F4:4D:18:1E:DE"}}},"request":{"raw":"GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1\r\nHost: static.bookmsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1066\r\nserver: nginx/1.24.0\r\nlast-modified: Fri, 31 May 2024 10:56:43 GMT\r\netag: \"6659aceb-42a\"\r\nexpires: Wed, 02 Dec 2026 17:27:47 GMT\r\ncache-control: max-age=31536000\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1066,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a11e13b2bd67bb9a6cb347d7c73df13","sha1":"b85460a33f9b229f42c08a6a94ae433a4d5c32ab","sha256":"1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56","sha512":"059dd018bbf13a669d73f07442288f165bc6b305afb0df955773a0efb7454b8204095196231179fab4cb625e189c7c735fe41dc5b67fb8666d584214277186e6","ssdeep":"","tlshash":"7511b56be46c4dfede41f0408dd80256f8324a5c8aaeaf39058bc7da4f584143a6f01a","first_seen":"2024-02-20T18:30:33Z","last_seen":"2026-04-20T11:42:31.498889Z","times_seen":10986,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":70,"dns":26,"connect":19,"send":0,"wait":20,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-02T17:27:44.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nX-Powered-By: PHP/7.4.33\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=216ab6555f81aab94808e42210805664; path=/; domain=.xmegadrive.com; secure; SameSite=None\nkt_ips=91.90.42.154; expires=Wed, 03-Dec-2025 17:27:45 GMT; Max-Age=86400; path=/; domain=.xmegadrive.com; secure; SameSite=None\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AddThis","description":"AddThis is a social bookmarking service that can be integrated into a website with the use of a web widget.","website":"https://www.addthis.com","common_platform_enumeration":"","icon":"AddThis.svg","categories":["Widgets"]}],"data":{"size":68096,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (13363)","md5":"e3e9393a12f5e83df4615c83a043f98c","sha1":"df9f984b65aed2f6409b06469322ecadae62fa7b","sha256":"b0bafdfbfe3336ff606a647bdf52bb7ee87a7ae0c982bd82970629c8f8f71a82","sha512":"97c2994b6b72227c0322e4207d2bad24728feca2fc9e2ea594bbaa460bf8d7215bde296e83b16a4fbe2ca41d8e44cf1c3fa56e25cf8fd2517581dbf2d74916cf","ssdeep":"768:qGWu8F66wjXRwz5OEzpiXEMJ6oX9vsHrrbPI:fydGXK5RzS+HrrbPI","tlshash":"a163c5b2a1ad2c7f0a2251c335117b1e785f9d3bd55288f1f8f743a4a9c0cad742a35a","first_seen":"2025-12-02T17:28:13.876079Z","last_seen":"2025-12-02T17:29:22.716315Z","times_seen":2,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":161,"dns":19,"connect":44,"send":0,"wait":93,"receive":0,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"f93c382250.1f0355218f.com/in/show/?tag_ab=a\u0026site_id=3112598\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=hq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=0\u0026conditions=dch_ip,tz_offset,all\u0026ssp=3964\u0026page=https%3A%2F%2Fwww.xmegadrive.com%2F\u0026refdom=www.xmegadrive.com\u0026auction_time=1764696467\u0026subid=1986595641\u0026sid=1743053765\u0026tcid=0\u0026ver=7.487.1-b\u0026ver_c=\u0026spot_id=12598\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2025-12-02\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=95.60679304144446\u0026kubik_score=95.61\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1986595641%26spot_id%3D12598%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.xmegadrive.com%252F%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=23716\u0026crtid=788f015ade7a5a02de07cfccea6d71a8\u0026url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DFCxYN0Sw4UVNlEd9yzrKg_2xVYK5LzWM0tQbXBUrckrQxGL_SMZmHU2yc2aK-mRG4hqSTNsYqECzgfQN6ntltwrNiMD4fNsuYwEgg-K75lciaIfl0SkLE2ZbMRAYtvShXx6e8UfYC4Zqka0Gw8UMQw0GPg4lLoniw9PKBugoRZzkBUcuoDXSEgxYdSeZwgvv3Fh4pDECI-1jREk9csxQGrLsmlEJ13fp3jBicm9cL9-LgBcomJki_tmUUGn2IfAFbVju-yS9CE6YCC4Nu895ram8LnhrIo43AJlyl8oMfMgwXLlHzWkN7FhdCsvCvaH_P9cE4AvffuoadQG8lAp8QJXDtoggahJ5iNywBCnx8y05-eUFxyNAvC1H-1iXKZB_6CfCpVny7K7h-sVZhXnkF0sNd8tO9TxnkNGxa8jzqB9IErTzZmKRN5fVL5ex9WBcs2WONFs5m1Q3SZzq1v3sVk8CWvbWdut4w-fVlMhE0jbIGuTZZ8m-uT4UcrxGuz3DVkogKjbCRC-Nzd_89HBLBWzq0Bbq8etv47SdHYjh18iOln1YcQFx5H43zr6ZTu1SGJ2jyJqBOX6PNn4xSoxR6WYChoKn-QkVu30IZPdka-htL9HbXtJ5uN5v2lbMrP7xDPbFlPF6PCZcVb6C9NoYN5UrgvXM5RqZhCMJ8iyRIwcOxiJveDonusK6QoHzdXd9Zbgb4vGDZ24zGLrvmHpcQDaMPWnh_YhqliyV2jpcSc4DMSMVMrHZ5SFNo0yDRUN7tN-UUI9b6obWw4SO3EZRCpcLrOZX1p7EBJq81bBg9o6c-9dtk3wvG2HcYp-5sxSx1-akIjyS9DHA5QNv7wgQ7le5HLOsuvC214ig6PI4mV4KvtL8foVGs9LFw_ieIlfbUdT1EhpwpwcCpU7A1KK-vIecn7jnOTUuR7ej-U9mCttvcK4TM3h6YsNSKNBXssIBBQuOqRBlFBwL88IZVo_qNX6bUUrJ3PIWYPtxvQrPbHYiYhL49SixsyndXk_0CWt7Dp8QNe65Tnp2wgJaAi4fI2z18MMmg_RW908SeEEERCUvR6dwSIElMk1alq8GTyeb-6W8I_VI-0aMpuaAEqZTDb3hujeFvaEDLtPEWAu2_gGGDe089jlNrqsjnb-AkkbvryOVGkgSjVlEE3HuaBV7XosxLoOCkpQxcubp5UjgfH99Tj3Ul6Huhn37vj6KbMDYujykyXdxmim7KTYOPYgpDyIWtSctQOEblhFhblniXGpxibPob4H3Lpir47uTG_7R891PsLFxkLX58g9L9-CGBtkmL-JL3sYDEWX-ew1TXgHKESlsBO-THgR0NskPWA%26sp%3D%24%7BSECOND_PRICE%7D\u0026icons=YBf2te1Tan4mDFubFn9no1ujNRR-Z7DH-ImiP47ov4GOz3PHD_I4rH91es3MrsFRHm_14GUpPMkuyXLV9guqNC1MpmVhv2-YbewMSG1GMwdxLnrbVUr8Trw-sxiAEJl3MVxNm3QGj4MY58LNaKiJtTfnSX4WQeIMD2otPmZetS2tPRAVUUy9qLvHhrvkGZsAHeuNZA9T67-Qn9rFq3fdhwL_JmW_QK7tZ_sBV-BsWG9zRALjmaHvz4q4Q8ckQMkBw8kHSZgyhCb2tnlLcgyjaZHEm08vI9lt724GTOq31WcVewdP9eM92jdlYF7RnWBi-TFjQuMqAmp_tD1evBNCTHkX9SBCU4FCED189M70bZZN5KSduhG561zA0AU3k039NhhhGEXzPeFENd4_VwADI0bKOGMiCsF0B27rXZQVI4DTNsc8aoWRBmmVnDmum1obZMZxsVIwiEpHkOkUUXqWrAjpjG2MGejHhRZemxeZrYHqZ4fMPiLmSjotDh9kQb_md6UFZ4_Nou10w1_NB1BfKEKik6RdkDG5kYkv9fycpZOkO60uYdNnZMGKgtv2BFUxZEl83ort2WPmJPFn-oB6rX_HGyXbN48fL1hIzk8DvCE5zs43tdVT2yQRckV2MqX-0u2GRTnHveL-g_vHeBmgcvC0rJ6zcbQn4YZ5oG2DBaBVwThh4Ix4moRmcsIRRFX6jOe--csPbAXAvE2d8gJKwK1m2YQCx_GXw9jEykNIYwFkP2TgilV7wK9rQ5ZzRICMcG7A4y8dHombnGCWNTJWsVbI4M9BNCupgC8EDgBm4ak2yCcwM2R03n6jPBMzRcGm9uf-q5z6aNMa2BTqBVyRhcoBXplcZBY0likCjogkJiOGzFuvOydWj3fsBNqfswE04wo0bCW3C_bFDPy_FXi_yoQVViBXCKl0gJLjvrIbuSmxZSrLzk4zqYnXJFhe1_B2RudE1SU16qH7osOm0W8nTfpFBax3dd0ZgKnslCQfMEn-MmHMZuuyjx1HeqVatLu0heIPUTsjmYc2n7OZ6v5YdWe2ZMmY0m53kRukQcszQHzdYYTxF3baM2KEJEvZ4etnZKqY0NOZmj4nsWRXbxJaKXgAjLjxD9Q-P-Gq8soDKEOEP48Ma9xasNLHs4kDQeiBdQf8HwEZa5oAtR0_-klb_4i8dlFZNndum9TGRS6YwBaCNr6usyiugK7U2IrWfzFOi3WXzZKSN6IEHIBmu3SOCetQbXJNKsk20dAjxahxRAyjk0e6brNX4eLnOrPeHKP9n47XSkJmWsJ41ess6n6UTWQvbRYayI3YW9c-24xxfPa-RNwBZCZOoJFDpTPByKobxSY2IY6ycXX6CGlGdiDfr9s5YolHctqm7QS_vjm8vzOV4uozxyjnliFVEWmP1baf6KfIpatyXX2qoCLIkFJITAkz_UmfBEQBh9XO22fDWNvp0VelkH52gqd59PjYIgVm_t26G_oHTydxslTPsINJRbj9C1sTfCQt-ZOUalKiQPb0GPvHa-J90tnm1C9_5KuzgXXYZto2ODNllc00B6dg62im8j-C6DrYF0RxSw\u0026ext_cid=299547\u0026px_id=7312598\u0026min_cpm=0.00039417710838290514\u0026out_id=0\u0026campaign_type=hq\u0026aid=127\u0026cid=12697\u0026uniq=9e701fcfe51a13d33b641734c367d8a08de87c8f7f16096c12277aaf919e60a6\u0026mid=1466660029922223044\u0026skin_id=2\u0026vertical_id=5\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.019263806652078365\u0026cpm=0.023203813863224065\u0026verify_hash=1fbfc76fc2d1983428fd7f8785e0a46d\u0026verify_hash_v2=dbe8813026e11700f903c112474290fe50a5ee8e5d803c7819ad3a6d57297984\u0026is_native=1\u0026real_bid=0.041510000824928506\u0026original_bid_usd=0.05\u0026original_bid=0.05\u0026show_type=0\u0026exp=1440\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0%29%20Gecko%2F20100101%20Firefox%2F134.0\u0026ip_mismatch=91.90.42.154\u0026geo=NO\u0026carrier=-\u0026label_ids=5,129,148,98,4,90\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=1\u0026expiration_timestamp=1764869267\u0026image_url=https%3A%2F%2Fgfxdn.pics%2Fm%2Fp%2F0%2F883%2F883207%2Fconversions%2F0OErF2ya-in-page-ad-images.webp\u0026site=native-push-adult\u0026price=0.05\u0026hostname=auc-inpage-hz-12-a\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.05\u0026ext_campaign_id_str=299547\u0026is_webview=0\u0026client_price=0.041510000824928506\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=cpc\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=Femdom%2CAdult%2CShemale%2CMILF%2CHandjob\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.0004640762772644813\u0026social_network=\u0026publisher_id=266\u0026advanced_pub_id=73266\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpc\u0026final_source_id=0\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=default-view-b_r-body\u0026cpa=9c449c6f-5637-4ca5-972e-32ed577c7886\u0026prev_step_diff=874\u0026st=0.03","fqdn":"f93c382250.1f0355218f.com","domain":"1f0355218f.com","tld":"com"},"ip":{"addr":"168.119.25.102","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1f0355218f.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 14:04:17 GMT","end":"Thu, 26 Feb 2026 14:04:16 GMT"},"fingerprint":{"sha1":"91:AD:7C:21:B5:6B:FF:3E:E7:14:52:3B:D9:19:76:C7:36:D9:6F:CA","sha256":"D1:F9:1F:D4:16:D5:AB:B7:FE:AC:D9:81:A9:14:2F:D3:AA:65:2D:E9:EC:90:49:7A:82:0C:38:82:9C:BC:84:F0"}}},"request":{"raw":"GET /in/show/?tag_ab=a\u0026site_id=3112598\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=hq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=0\u0026conditions=dch_ip,tz_offset,all\u0026ssp=3964\u0026page=https%3A%2F%2Fwww.xmegadrive.com%2F\u0026refdom=www.xmegadrive.com\u0026auction_time=1764696467\u0026subid=1986595641\u0026sid=1743053765\u0026tcid=0\u0026ver=7.487.1-b\u0026ver_c=\u0026spot_id=12598\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2025-12-02\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=95.60679304144446\u0026kubik_score=95.61\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1986595641%26spot_id%3D12598%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.xmegadrive.com%252F%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=23716\u0026crtid=788f015ade7a5a02de07cfccea6d71a8\u0026url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DFCxYN0Sw4UVNlEd9yzrKg_2xVYK5LzWM0tQbXBUrckrQxGL_SMZmHU2yc2aK-mRG4hqSTNsYqECzgfQN6ntltwrNiMD4fNsuYwEgg-K75lciaIfl0SkLE2ZbMRAYtvShXx6e8UfYC4Zqka0Gw8UMQw0GPg4lLoniw9PKBugoRZzkBUcuoDXSEgxYdSeZwgvv3Fh4pDECI-1jREk9csxQGrLsmlEJ13fp3jBicm9cL9-LgBcomJki_tmUUGn2IfAFbVju-yS9CE6YCC4Nu895ram8LnhrIo43AJlyl8oMfMgwXLlHzWkN7FhdCsvCvaH_P9cE4AvffuoadQG8lAp8QJXDtoggahJ5iNywBCnx8y05-eUFxyNAvC1H-1iXKZB_6CfCpVny7K7h-sVZhXnkF0sNd8tO9TxnkNGxa8jzqB9IErTzZmKRN5fVL5ex9WBcs2WONFs5m1Q3SZzq1v3sVk8CWvbWdut4w-fVlMhE0jbIGuTZZ8m-uT4UcrxGuz3DVkogKjbCRC-Nzd_89HBLBWzq0Bbq8etv47SdHYjh18iOln1YcQFx5H43zr6ZTu1SGJ2jyJqBOX6PNn4xSoxR6WYChoKn-QkVu30IZPdka-htL9HbXtJ5uN5v2lbMrP7xDPbFlPF6PCZcVb6C9NoYN5UrgvXM5RqZhCMJ8iyRIwcOxiJveDonusK6QoHzdXd9Zbgb4vGDZ24zGLrvmHpcQDaMPWnh_YhqliyV2jpcSc4DMSMVMrHZ5SFNo0yDRUN7tN-UUI9b6obWw4SO3EZRCpcLrOZX1p7EBJq81bBg9o6c-9dtk3wvG2HcYp-5sxSx1-akIjyS9DHA5QNv7wgQ7le5HLOsuvC214ig6PI4mV4KvtL8foVGs9LFw_ieIlfbUdT1EhpwpwcCpU7A1KK-vIecn7jnOTUuR7ej-U9mCttvcK4TM3h6YsNSKNBXssIBBQuOqRBlFBwL88IZVo_qNX6bUUrJ3PIWYPtxvQrPbHYiYhL49SixsyndXk_0CWt7Dp8QNe65Tnp2wgJaAi4fI2z18MMmg_RW908SeEEERCUvR6dwSIElMk1alq8GTyeb-6W8I_VI-0aMpuaAEqZTDb3hujeFvaEDLtPEWAu2_gGGDe089jlNrqsjnb-AkkbvryOVGkgSjVlEE3HuaBV7XosxLoOCkpQxcubp5UjgfH99Tj3Ul6Huhn37vj6KbMDYujykyXdxmim7KTYOPYgpDyIWtSctQOEblhFhblniXGpxibPob4H3Lpir47uTG_7R891PsLFxkLX58g9L9-CGBtkmL-JL3sYDEWX-ew1TXgHKESlsBO-THgR0NskPWA%26sp%3D%24%7BSECOND_PRICE%7D\u0026icons=YBf2te1Tan4mDFubFn9no1ujNRR-Z7DH-ImiP47ov4GOz3PHD_I4rH91es3MrsFRHm_14GUpPMkuyXLV9guqNC1MpmVhv2-YbewMSG1GMwdxLnrbVUr8Trw-sxiAEJl3MVxNm3QGj4MY58LNaKiJtTfnSX4WQeIMD2otPmZetS2tPRAVUUy9qLvHhrvkGZsAHeuNZA9T67-Qn9rFq3fdhwL_JmW_QK7tZ_sBV-BsWG9zRALjmaHvz4q4Q8ckQMkBw8kHSZgyhCb2tnlLcgyjaZHEm08vI9lt724GTOq31WcVewdP9eM92jdlYF7RnWBi-TFjQuMqAmp_tD1evBNCTHkX9SBCU4FCED189M70bZZN5KSduhG561zA0AU3k039NhhhGEXzPeFENd4_VwADI0bKOGMiCsF0B27rXZQVI4DTNsc8aoWRBmmVnDmum1obZMZxsVIwiEpHkOkUUXqWrAjpjG2MGejHhRZemxeZrYHqZ4fMPiLmSjotDh9kQb_md6UFZ4_Nou10w1_NB1BfKEKik6RdkDG5kYkv9fycpZOkO60uYdNnZMGKgtv2BFUxZEl83ort2WPmJPFn-oB6rX_HGyXbN48fL1hIzk8DvCE5zs43tdVT2yQRckV2MqX-0u2GRTnHveL-g_vHeBmgcvC0rJ6zcbQn4YZ5oG2DBaBVwThh4Ix4moRmcsIRRFX6jOe--csPbAXAvE2d8gJKwK1m2YQCx_GXw9jEykNIYwFkP2TgilV7wK9rQ5ZzRICMcG7A4y8dHombnGCWNTJWsVbI4M9BNCupgC8EDgBm4ak2yCcwM2R03n6jPBMzRcGm9uf-q5z6aNMa2BTqBVyRhcoBXplcZBY0likCjogkJiOGzFuvOydWj3fsBNqfswE04wo0bCW3C_bFDPy_FXi_yoQVViBXCKl0gJLjvrIbuSmxZSrLzk4zqYnXJFhe1_B2RudE1SU16qH7osOm0W8nTfpFBax3dd0ZgKnslCQfMEn-MmHMZuuyjx1HeqVatLu0heIPUTsjmYc2n7OZ6v5YdWe2ZMmY0m53kRukQcszQHzdYYTxF3baM2KEJEvZ4etnZKqY0NOZmj4nsWRXbxJaKXgAjLjxD9Q-P-Gq8soDKEOEP48Ma9xasNLHs4kDQeiBdQf8HwEZa5oAtR0_-klb_4i8dlFZNndum9TGRS6YwBaCNr6usyiugK7U2IrWfzFOi3WXzZKSN6IEHIBmu3SOCetQbXJNKsk20dAjxahxRAyjk0e6brNX4eLnOrPeHKP9n47XSkJmWsJ41ess6n6UTWQvbRYayI3YW9c-24xxfPa-RNwBZCZOoJFDpTPByKobxSY2IY6ycXX6CGlGdiDfr9s5YolHctqm7QS_vjm8vzOV4uozxyjnliFVEWmP1baf6KfIpatyXX2qoCLIkFJITAkz_UmfBEQBh9XO22fDWNvp0VelkH52gqd59PjYIgVm_t26G_oHTydxslTPsINJRbj9C1sTfCQt-ZOUalKiQPb0GPvHa-J90tnm1C9_5KuzgXXYZto2ODNllc00B6dg62im8j-C6DrYF0RxSw\u0026ext_cid=299547\u0026px_id=7312598\u0026min_cpm=0.00039417710838290514\u0026out_id=0\u0026campaign_type=hq\u0026aid=127\u0026cid=12697\u0026uniq=9e701fcfe51a13d33b641734c367d8a08de87c8f7f16096c12277aaf919e60a6\u0026mid=1466660029922223044\u0026skin_id=2\u0026vertical_id=5\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.019263806652078365\u0026cpm=0.023203813863224065\u0026verify_hash=1fbfc76fc2d1983428fd7f8785e0a46d\u0026verify_hash_v2=dbe8813026e11700f903c112474290fe50a5ee8e5d803c7819ad3a6d57297984\u0026is_native=1\u0026real_bid=0.041510000824928506\u0026original_bid_usd=0.05\u0026original_bid=0.05\u0026show_type=0\u0026exp=1440\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0%29%20Gecko%2F20100101%20Firefox%2F134.0\u0026ip_mismatch=91.90.42.154\u0026geo=NO\u0026carrier=-\u0026label_ids=5,129,148,98,4,90\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=1\u0026expiration_timestamp=1764869267\u0026image_url=https%3A%2F%2Fgfxdn.pics%2Fm%2Fp%2F0%2F883%2F883207%2Fconversions%2F0OErF2ya-in-page-ad-images.webp\u0026site=native-push-adult\u0026price=0.05\u0026hostname=auc-inpage-hz-12-a\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.05\u0026ext_campaign_id_str=299547\u0026is_webview=0\u0026client_price=0.041510000824928506\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=cpc\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=Femdom%2CAdult%2CShemale%2CMILF%2CHandjob\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.0004640762772644813\u0026social_network=\u0026publisher_id=266\u0026advanced_pub_id=73266\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpc\u0026final_source_id=0\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=default-view-b_r-body\u0026cpa=9c449c6f-5637-4ca5-972e-32ed577c7886\u0026prev_step_diff=874\u0026st=0.03 HTTP/1.1\r\nHost: f93c382250.1f0355218f.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"f93c382250.1f0355218f.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352869/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352869/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9676\r\nLast-Modified: Tue, 02 Dec 2025 16:52:11 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f193b-25cc\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9676,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"798bc2a7a1eb511eb9636f08006be3a5","sha1":"fbe8a0c1e94039e96461034be0d06f7ce62b6770","sha256":"7286d0d84f6273221d0a8f99b667e0cf58759fca30acaa7aa08a4c24887d8808","sha512":"42d64c032b89cd96c0cf124329a7265d8dc58e553c75f8414b44ea89dcd8b65d0ba4818b84ddd6bac7afc99b284866a6b75d0310532ac7bb79cd2534065e08fd","ssdeep":"192:JnAe8MQDd/fpEA+WptBys9+j07gwvb7VCRCKcwYn7jCFW:ZAhfDl3t8pGg+VCUKgGFW","tlshash":"d712bf8f37895654f862d6315a5672007327ca0cef2f601eb58126477dde4f78e80ce8","first_seen":"2025-12-02T17:23:22.671481Z","last_seen":"2025-12-03T06:38:43.332663Z","times_seen":4,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352854/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352854/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9346\r\nLast-Modified: Tue, 02 Dec 2025 15:26:04 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f050c-2482\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9346,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"42227ccfd6dd28d800047d7bf8429f03","sha1":"118dcf5e689002e579663151ca9b97cd40353136","sha256":"058f0c59c48022e6d377ac59f7f6a3b6d97108b84728e18dbad26bc586b68845","sha512":"1a00c48792b8c4702ef19941bb297e444ceb2dcbc355a571fb9580cd23f2c0c3deabbba052caa0b67e14c6d7e21cff35133912f5c056dbaa1cd2093d3da6e737","ssdeep":"192:Yzl9WOpGuqLlOsnSjm25Ke9Fc0VkoPfMoUJVV8WNmjXk2KDa+:YzlcsGuqJkjIeve8eCIj","tlshash":"9912af3e712aa8c7ddd9f6749312405358ad7cf1f64ad1ce1a46689c8abcd412f0334d","first_seen":"2025-12-02T17:23:22.567472Z","last_seen":"2025-12-02T17:29:22.731484Z","times_seen":3,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":29,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352863/320x180/1.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352863/320x180/1.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 15046\r\nLast-Modified: Tue, 02 Dec 2025 16:25:04 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f12e0-3ac6\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15046,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"1b868438f0d1d9d00e2cc943842a96bc","sha1":"9895570c87f19d0408253cd6db9c3ef4bb6bda57","sha256":"7a72bf71924e79af8f8288da080d7d6e6ef89f56bba382c780a006f33bfc8e44","sha512":"5c41ee23e1e7a44f034068347fb9d3fb38c0f62b33016a8ab01dfbb38c4ec1f6dc14ae95122c5380ae1674cdeda24a27339bbf37d04fa5cc93175671f730c516","ssdeep":"384:glqjgMd/NKP1JgrgK9dY40K/gYZiNJw2vhQkRL2sTkXOuUUxALR4QsV:glqjrd1KPfD40KYYZGJwo2ekxALRs","tlshash":"2162d07a77a7d5b8e56bcd3359270a41e6f6a4e4f6e13c9e0872d01b659dc820222384","first_seen":"2025-12-02T17:23:22.624964Z","last_seen":"2025-12-03T06:38:43.249983Z","times_seen":4,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352862/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352862/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 10678\r\nLast-Modified: Tue, 02 Dec 2025 15:37:04 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f07a0-29b6\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10678,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"257a32e9454e144120e5fa9529808619","sha1":"3410881747ab95d0ca8d89ee10b1ecaec87626d3","sha256":"013c8008e712200eddd69de39ced25f77b1b8af6761ec57ae9381304a06114cc","sha512":"3205f95890b56630e065f9484243d29cee9866104f7ed7194585a97acf611eb962b83cf7d5b3bef9e10392cf2afd673451f0543637e8304ef99989c52c151c90","ssdeep":"192:ecR9+Q+yQ3K5Vpnmq8H/IB61fGyV3KIo4sgwBkMiLUXbVZ4lfPyuRlzk4Q/6KCDz:ec3wPaJh0pI/LiIL74Zl6ihDK1Y","tlshash":"1722be57f05a1731f492fa38c28b4b8cf3591c12a5935e0f6a1bc3967b266a90d9d028","first_seen":"2025-12-02T17:23:22.610786Z","last_seen":"2025-12-03T06:38:43.246579Z","times_seen":4,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/static/js/main.min.js?v=8.7","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /static/js/main.min.js?v=8.7 HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 29 Dec 2022 14:23:28 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: W/\"63ada2e0-3313f\"\r\nExpires: Wed, 03 Dec 2025 17:27:45 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":209215,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"440fab27c2b1df45e3f25e7c12cdc3ab","sha1":"485882c57487c2f8ff3bb55d07e35688250b87de","sha256":"dca38d866645194652a31eafad21205f6024a454fe96d5f4085e20200623ce1f","sha512":"b99fefd9934dd0088b9913656fbb8cfb6a11a535a6cd4bd9a496816780e63ca476dfdfa0b10e79e5174ff897bfabfd553660f2645b72e78fa902f21092d437cb","ssdeep":"3072:4dkWgoBncZRQFmW42q2DhhQDG4hyrEFQXR3+F5Q5O2g9IbH1eDuPFVB:6BcZGc/2Dhhv4g4qXqIJeDi","tlshash":"29142bd872d1707253bb30ba106f500bb132693aa90d8450f16dd8f5adb8e8d6277f6e","first_seen":"2023-03-12T20:18:05Z","last_seen":"2026-04-10T14:08:26.596411Z","times_seen":72,"resource_available":true,"data":null}},"time_used":327,"timings":{"blocked":105,"dns":0,"connect":35,"send":0,"wait":75,"receive":33,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/apple-touch-icon.png","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:45 GMT\r\nContent-Type: image/png\r\nContent-Length: 38647\r\nLast-Modified: Wed, 11 Jan 2023 16:06:12 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"63bede74-96f7\"\r\nExpires: Wed, 03 Dec 2025 17:27:45 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38647,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"9473c62292f24dff18c4e7907ac9f629","sha1":"7cc18e50983210b4c7e99531c7ebcaf4dea4247a","sha256":"66fbf29be36cb854c37c74e1db175495327b79b5b238ea35e497d48a9daa8f7d","sha512":"d9c8cc94aa5ea7042b850d1cc9a104f046360a2efed27794677dc550bb5dd021abdaa3f9e88f6e669c38741ee0dc8d1c19cef906be3a526317d176fb269a9353","ssdeep":"768:rCJ0DEcPWZonLKCxEUM1N+kYOHaKOne50oAe/hbcptiXeZj7scWcOKK//i:eJ0DNLKCG/3YOPOG0ojcpsKsRcOXXi","tlshash":"8403f170c2283349cce5478f65e0ae5c649332c6fff2b4584210aa5a589db4f4eb89ed","first_seen":"2023-07-07T16:31:27Z","last_seen":"2026-04-10T14:08:26.608664Z","times_seen":71,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/advertising.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.capndr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Oct 2025 02:32:03 GMT","end":"Sun, 11 Jan 2026 02:32:02 GMT"},"fingerprint":{"sha1":"4F:91:E2:5E:A1:B1:4D:7F:49:01:1E:73:C6:07:EB:0A:BE:44:4C:44","sha256":"7B:0D:8E:03:0E:6E:23:65:30:3D:E8:FC:0C:E7:66:46:E2:5B:7F:FA:FD:D2:FF:61:4C:A4:18:08:24:70:51:6B"}}},"request":{"raw":"GET /advertising.js HTTP/1.1\r\nHost: js.capndr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 0\r\nserver: nginx/1.18.0\r\nlast-modified: Fri, 14 Jul 2023 08:23:25 GMT\r\netag: \"64b105fd-0\"\r\nexpires: Tue, 02 Dec 2025 17:32:46 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":192,"timings":{"blocked":83,"dns":27,"connect":21,"send":0,"wait":21,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"6b73ee69e0.dea21aeefc.com/b3733b651255e3d0a88e6e0548b1b96a.js","fqdn":"6b73ee69e0.dea21aeefc.com","domain":"dea21aeefc.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:45.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"6b73ee69e0.dea21aeefc.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 02:15:11 GMT","end":"Fri, 27 Feb 2026 02:15:10 GMT"},"fingerprint":{"sha1":"0C:50:78:06:50:BB:30:D2:46:F5:20:ED:FA:6C:81:DE:1D:B4:83:2F","sha256":"69:FE:8A:BC:3C:B6:CD:87:BE:78:CB:13:C6:C4:24:72:33:1E:E9:E5:6E:66:C2:CB:D6:AF:5D:E8:CE:15:14:2B"}}},"request":{"raw":"GET /b3733b651255e3d0a88e6e0548b1b96a.js HTTP/1.1\r\nHost: 6b73ee69e0.dea21aeefc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Tue, 02 Dec 2025 14:57:30 GMT\r\netag: W/\"692efe5a-23f00\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 02 Dec 2025 17:32:45 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":147200,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators","md5":"3815365ffebef8e0a2c0fc4f1fe75d09","sha1":"c779bc071272bf2548f9cb99a92c9d395f190ccb","sha256":"d8e4e7c9e7ca8b8aa5d6647481f64fb988c1dfbb4799d8d61a4212b97029151d","sha512":"33a9ca1a676b3e0c01eac2b2200f6f79c1ecaf7935c8d931dd15674bff25a487c250ecfb5f83101bd2c358a9a18543e7d726441963e8a6a7b7dcda9493026a45","ssdeep":"1536:OpOPpA6P9rHRFts5dWmj6zzKEpKf7JbcacZwJ8jBl8Q8MdnCZ9212FoX50jtQyET:U6FDTts5dWmOzGoKFoaswoQebX","tlshash":"c9e33adcb2d2b07407e75099d43f1206b73a1a16b80c9058f6a6e9c17878ddb5237f7a","first_seen":"2025-12-02T16:12:30.403703Z","last_seen":"2025-12-03T08:16:20.460212Z","times_seen":18,"resource_available":true,"data":null}},"time_used":216,"timings":{"blocked":97,"dns":46,"connect":21,"send":0,"wait":22,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"6b73ee69e0.dea21aeefc.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352853/320x180/1.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352853/320x180/1.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 10933\r\nLast-Modified: Tue, 02 Dec 2025 15:23:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f046e-2ab5\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10933,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"2b06546e1d495ce851917df0d2f20d46","sha1":"7a3f872fe7d660b1b12457865acf41bb7190df80","sha256":"6e201d8a3e531c7265181da99bfa2a72818dddd915c416953fae600fe80f3bc1","sha512":"12a929e27fe412f185c356743c2ba02a172c09c32430bd8c77f7c3ead1205ac6a6dd0b902f94a40f98497f9a90a0321b2e897282c4e03ae936f1ba6aaa0e2e57","ssdeep":"192:3ToBb7HNQRqjGu572244f50t+rE3FsJxm9alIv7vkYr5pC8EOWOZBbtb8gl:3TUbz+Rsg24JtrFsJQvzko/CnOWOhbJ","tlshash":"4a32bf143bab4522d257f73948001b3a5b55d79b96cf588f870a75c472bb4a23f803eb","first_seen":"2025-12-02T17:23:22.578345Z","last_seen":"2025-12-02T17:29:22.677225Z","times_seen":3,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpshsdk.com/extention/build.m.js","fqdn":"js.wpshsdk.com","domain":"wpshsdk.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.wpshsdk.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 08:32:54 GMT","end":"Sun, 08 Feb 2026 08:32:53 GMT"},"fingerprint":{"sha1":"E7:58:A9:29:AF:1D:E2:13:19:83:9F:B3:0C:F7:1A:56:82:AB:13:AE","sha256":"00:04:8E:A2:E3:51:EC:8C:11:2F:DC:AF:3D:50:B3:0E:CE:40:35:A6:24:F3:0F:E3:54:79:29:E5:87:85:DC:D2"}}},"request":{"raw":"GET /extention/build.m.js HTTP/1.1\r\nHost: js.wpshsdk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Wed, 06 Apr 2022 15:30:54 GMT\r\netag: W/\"624db22e-4da7\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 02 Dec 2025 17:32:46 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19879,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (19879), with no line terminators","md5":"3e7592609ad6832acdf316d2a331f51e","sha1":"6cd418dacff53ad51e926d2f51bc95b45dc5fe91","sha256":"555d5195d9e6b6bbd648eccc1ec41fd5f018484a0ef5ef5c8f27753372f22942","sha512":"044fa0fb485a0311ecb58b30d5f12a6045202552ddfbbf791ab3f8cbd7d3687817233f0c1c18b5b590504823dbb3d8aeab4c9ae5c0ce330b0f125971c924e902","ssdeep":"384:jI0KAKJKJuA0yJz+oOdczhir0Py2cevkG4m6kGlbRPrVkGc:jI0KAKJK9B6oOdc1ir0PV9whrc","tlshash":"6592fbc8b6c1707a82eb52e4c95f610ab32b3455b1498880f465eba2397cedfd067f74","first_seen":"2023-03-07T01:15:18Z","last_seen":"2026-04-17T07:54:29.952766Z","times_seen":214,"resource_available":true,"data":null}},"time_used":155,"timings":{"blocked":66,"dns":1,"connect":22,"send":0,"wait":22,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?site=native-push\u0026wl=1\u0026event_id=92ee33d3-1cd9-4564-9f43-4f5796b1b1b6\u0026subid=1986595641\u0026sid=1743053765\u0026spot_id=12598\u0026created_at=2025-12-02\u0026timezone=0\u0026ver=7.487.1-b\u0026is_native=1","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 02:00:40 GMT","end":"Sat, 24 Jan 2026 02:00:39 GMT"},"fingerprint":{"sha1":"2B:72:A9:3F:14:00:92:B9:05:AC:BC:3B:22:CB:D9:87:80:23:C8:3D","sha256":"60:5B:BA:7E:5F:7A:B1:E0:55:4D:4C:29:EA:C7:21:68:37:AF:03:5B:A7:3D:15:98:F1:65:96:AB:4A:3E:17:3B"}}},"request":{"raw":"GET /in/dip?site=native-push\u0026wl=1\u0026event_id=92ee33d3-1cd9-4564-9f43-4f5796b1b1b6\u0026subid=1986595641\u0026sid=1743053765\u0026spot_id=12598\u0026created_at=2025-12-02\u0026timezone=0\u0026ver=7.487.1-b\u0026is_native=1 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"p.a64x.com/in/tip_shows/?katds_ep=S-VBDApiupzEVv3pNzlfJZw0LqcVBhyoiXyn_qQnR85ZKAVgKAvgGYkNSO1VaCsvyKUIOejgStLY-rfOVTgPbIhu_ydiKY3vbEaHq_WnYm7N_gl8sofXH-jmYNWdHiLWdHko2eWpfWYstXAJFY5xbmACHoG_8lwBkyjHrWfj6FWJTHmBIBNYiBqnNYyYomZjYlcIY_0brQHSs_mTAzoLunBhFQW_OMiILQHPDstcH0uRIoK9W9DG80JAjFPBVFwVsWeWnBi1qlItxfGwNAgzON32yPk8PoAZ9T2r8vZE3OXuv_fd8nM4nOrQ63on8RsA7twUNYQUgmLmUumf_KZeZMlpyh6dIeesMtiPruV335g7jd81CZIU7A8kPiH2H6XkSTJ_zYNNPXtT7ri5-6rC9tu7k-78QeqsVZJoK5miRZGx4ztI3e1LbArDNeMbDlydnDY7aLuYIYGc_IxqrywjncykP8aiCT1jiojPdkW2D8v68uizZpyIZHPDeK5czyivlsC7JBjnVWgVD0sebgdPDe6VBU2pJHB0sV6tFu8Vup_KA2XiUBxdj3F26NEACJmVdZ_q3cV9qNtMU_8pVBaY1es2Q4C_zErecsvD8vA1BLUR4FZtJWD8RU8kuxu19gRjTyzj9BzapH2XBYu4OBl29L-E3TKi7ALbpp5qaEbnDbQivEYzTSjvVe3v99Lzs2tLkTK3nH5PvORLTZx2_uZcwIDIiChnmnJxkxizra3FFXkNlITnUq3TX8W01n-0rDKQk5iON9sjUecCw7OtdFfgCS18uOiCSy_zTEp-H4iVMB5QXjvq2W9rTFegMfiVAWw9MRZ4Vz-AbgGIgSJzPNbOBdhC4ohc09Pz5kfLc39PrKNZ1iNOBo8ozdiUVaSpx8zFq4QkAWaWYetQxtQfgC_uE-DRc-D1qnS9W-PYzi8PsfdNNA6GVyujTPwaVwYMnyBngM87zNWRAmpNlNjuDph5qFoNcufxPsVzgN_8S7DxfQmml_xSfTsx-M-GiXdHc8gjVVu14I-OR_L3anfoUuNVL7ekV87AQvZsBdYe4xiUmnlczI06FGxYVzA\u0026sp=${SECOND_PRICE}","fqdn":"p.a64x.com","domain":"a64x.com","tld":"com"},"ip":{"addr":"172.67.185.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a64x.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 31 Oct 2025 08:04:12 GMT","end":"Thu, 29 Jan 2026 09:02:46 GMT"},"fingerprint":{"sha1":"C9:CE:5E:BF:96:E6:BA:BA:16:E4:68:D4:05:34:0B:3B:F9:DE:33:12","sha256":"C2:57:E6:04:4B:6F:2A:CA:B5:6A:CF:09:60:19:B2:18:02:4E:70:89:3C:D8:70:91:3C:C3:A3:4B:60:51:33:E6"}}},"request":{"raw":"GET /in/tip_shows/?katds_ep=S-VBDApiupzEVv3pNzlfJZw0LqcVBhyoiXyn_qQnR85ZKAVgKAvgGYkNSO1VaCsvyKUIOejgStLY-rfOVTgPbIhu_ydiKY3vbEaHq_WnYm7N_gl8sofXH-jmYNWdHiLWdHko2eWpfWYstXAJFY5xbmACHoG_8lwBkyjHrWfj6FWJTHmBIBNYiBqnNYyYomZjYlcIY_0brQHSs_mTAzoLunBhFQW_OMiILQHPDstcH0uRIoK9W9DG80JAjFPBVFwVsWeWnBi1qlItxfGwNAgzON32yPk8PoAZ9T2r8vZE3OXuv_fd8nM4nOrQ63on8RsA7twUNYQUgmLmUumf_KZeZMlpyh6dIeesMtiPruV335g7jd81CZIU7A8kPiH2H6XkSTJ_zYNNPXtT7ri5-6rC9tu7k-78QeqsVZJoK5miRZGx4ztI3e1LbArDNeMbDlydnDY7aLuYIYGc_IxqrywjncykP8aiCT1jiojPdkW2D8v68uizZpyIZHPDeK5czyivlsC7JBjnVWgVD0sebgdPDe6VBU2pJHB0sV6tFu8Vup_KA2XiUBxdj3F26NEACJmVdZ_q3cV9qNtMU_8pVBaY1es2Q4C_zErecsvD8vA1BLUR4FZtJWD8RU8kuxu19gRjTyzj9BzapH2XBYu4OBl29L-E3TKi7ALbpp5qaEbnDbQivEYzTSjvVe3v99Lzs2tLkTK3nH5PvORLTZx2_uZcwIDIiChnmnJxkxizra3FFXkNlITnUq3TX8W01n-0rDKQk5iON9sjUecCw7OtdFfgCS18uOiCSy_zTEp-H4iVMB5QXjvq2W9rTFegMfiVAWw9MRZ4Vz-AbgGIgSJzPNbOBdhC4ohc09Pz5kfLc39PrKNZ1iNOBo8ozdiUVaSpx8zFq4QkAWaWYetQxtQfgC_uE-DRc-D1qnS9W-PYzi8PsfdNNA6GVyujTPwaVwYMnyBngM87zNWRAmpNlNjuDph5qFoNcufxPsVzgN_8S7DxfQmml_xSfTsx-M-GiXdHc8gjVVu14I-OR_L3anfoUuNVL7ekV87AQvZsBdYe4xiUmnlczI06FGxYVzA\u0026sp=${SECOND_PRICE} HTTP/1.1\r\nHost: p.a64x.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\ncontent-type: application/json\r\ncontent-length: 0\r\nlocation: https://gfxdn.pics/m/p/0/883/883208/conversions/M4Y7kv1Z-in-page-ad-icons.webp\r\nserver: cloudflare\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rqpwLGQzqShj6eunZmF8VzrXJrUtvQ%2BAuz4dnrox73G6Vx0sBTb%2FNwIFPgBQzI03oKFaEUPD3qk5qQHK0Zy1dZ9uR0HqjMMapjM%3D\"}]}\r\ncf-ray: 9a7c897b2af3c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2500,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":27,"dns":4,"connect":1,"send":0,"wait":36,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352857/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352857/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 12885\r\nLast-Modified: Tue, 02 Dec 2025 15:28:05 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f0585-3255\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12885,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"f40ca0e43cae431fa095ef56681ddb4b","sha1":"7b59330e40825913d5b7377ff9443111f34d5cde","sha256":"0858f9d97d3f4be04a7e97f257d7283977e6979c960b9cc0b500b11c0d9e111b","sha512":"5a4ea6f42791f7ff55046d6f47ca0ad4b8fe4ea9b3ba18a339f0b56c49724aff47779f9c6b8e8a9866c3b2859d0a95e440e910c4ab239c77e14ede348ce70464","ssdeep":"384:TKI4vq1geNWorkAtEK8zia2F4cFPCyHhpui0GIZRng:b4vq1geomtE7SFPCyHhpuiUbng","tlshash":"1042af74b517975fdd93dcf9d04e463df608aba43b73828dbc164055de2ac806b43852","first_seen":"2025-12-02T17:23:22.652086Z","last_seen":"2025-12-02T17:29:22.738268Z","times_seen":3,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ntvpforever.com/keywords","fqdn":"ntvpforever.com","domain":"ntvpforever.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 02:00:40 GMT","end":"Sat, 24 Jan 2026 02:00:39 GMT"},"fingerprint":{"sha1":"2B:72:A9:3F:14:00:92:B9:05:AC:BC:3B:22:CB:D9:87:80:23:C8:3D","sha256":"60:5B:BA:7E:5F:7A:B1:E0:55:4D:4C:29:EA:C7:21:68:37:AF:03:5B:A7:3D:15:98:F1:65:96:AB:4A:3E:17:3B"}}},"request":{"raw":"OPTIONS /keywords HTTP/1.1\r\nHost: ntvpforever.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.xmegadrive.com/\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.20.1\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":198,"timings":{"blocked":86,"dns":5,"connect":25,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ntvpforever.com/keywords","fqdn":"ntvpforever.com","domain":"ntvpforever.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 02:00:40 GMT","end":"Sat, 24 Jan 2026 02:00:39 GMT"},"fingerprint":{"sha1":"2B:72:A9:3F:14:00:92:B9:05:AC:BC:3B:22:CB:D9:87:80:23:C8:3D","sha256":"60:5B:BA:7E:5F:7A:B1:E0:55:4D:4C:29:EA:C7:21:68:37:AF:03:5B:A7:3D:15:98:F1:65:96:AB:4A:3E:17:3B"}}},"request":{"raw":"POST /keywords HTTP/1.1\r\nHost: ntvpforever.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 468\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":468,"data":"{\"ad_tags\":\"Watch%2CFree%2CPorn%2COnline%2Cat%2CxMegaDrive%2Cfree%2Cporn%2Conline%2Cporn%2Cwatch%2Conline%2Cfemdom%2Cjoi%2Ccei%2Cshemales%2Cfemale%2Cdomination%2Cfemdom%2Cporn%2Ccei%2Cporn%2Cjoi%2Cporn%2Cshemale%2Cporn%2Cfree%2Cshemale%2Cfree%2Cfemdom%2Cfemdom%2Conline%2Ccei%2Conline%2Cjoi%2Conline%2CWatch%2CFree%2CFemdom%2CShemale%2CHandJob%2CPorn%2COnline%2Cat%2CxMegaDrive%2CFree%2CStreaming%2CPorn%2Cwith%2Cminimum%2Cads!\",\"page\":\"https%3A//www.xmegadrive.com/\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Tue, 02 Dec 2025 17:27:46 GMT\r\ncontent-type: application/json\r\ncontent-length: 58\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9b08e70fa6a6f65982e4e8069c62bf12","sha1":"77d8f262c92afbef2b1f308b151faa67e176ce15","sha256":"f4668df8dc0210817125d4b1cfb937eb83e83ccfbb2afd521f3ba1ba48bd7fb6","sha512":"af127338ea853348bbd078a29450d1f42ecbe3841392a273744544944aa5a194c4b0fa3ad70af95ecd8b1aefbdef560a97e5881f272f3c3962f919672198ba76","ssdeep":"","tlshash":"fca00265a14d543b0bc565022141dd821615a21215d378f5a0e458055345340619d88d","first_seen":"2025-12-02T17:28:13.882012Z","last_seen":"2025-12-02T17:28:13.882012Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S1610790605%3A1764696467180882\u0026hl=en\u0026ifkv=ARESoU3CxyoCDGj8ylCfGF1i5CTmCm6Me1BDWEVoZG6yljsg7ciNiZHXTHw7bypGzZcKNwNhpi9l\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.147.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:47.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:46 GMT","end":"Mon, 19 Jan 2026 08:35:45 GMT"},"fingerprint":{"sha1":"24:7C:52:9A:14:62:BE:F8:93:1F:AE:0D:94:C9:F5:D1:B7:6C:B1:16","sha256":"4E:59:5E:29:62:6C:9E:E6:D9:2F:72:AA:20:76:DD:CF:73:BC:E3:95:17:09:AD:C0:7B:3F:55:8E:44:6F:E9:58"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S1610790605%3A1764696467180882\u0026hl=en\u0026ifkv=ARESoU3CxyoCDGj8ylCfGF1i5CTmCm6Me1BDWEVoZG6yljsg7ciNiZHXTHw7bypGzZcKNwNhpi9l\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Tue, 02 Dec 2025 17:27:47 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-xzrSeEs4YhtoSNHbvHeW9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.KEYUHSehrM0.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xmegadrive.com/contents/videos_screenshots/352000/352859/320x180/3.jpg","fqdn":"www.xmegadrive.com","domain":"xmegadrive.com","tld":"com"},"ip":{"addr":"5.61.55.75","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.xmegadrive.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 23:35:46 GMT","end":"Fri, 09 Jan 2026 23:35:45 GMT"},"fingerprint":{"sha1":"DD:B8:5D:D9:38:D8:46:8D:26:78:86:E8:D5:FC:F8:9F:48:CD:54:71","sha256":"C0:B9:5C:C8:1F:28:39:93:C5:32:30:B2:38:6D:25:C6:D9:A2:8B:B0:5E:EE:DC:7E:C7:5E:40:82:41:C1:DA:82"}}},"request":{"raw":"GET /contents/videos_screenshots/352000/352859/320x180/3.jpg HTTP/1.1\r\nHost: www.xmegadrive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nCookie: PHPSESSID=216ab6555f81aab94808e42210805664; kt_ips=91.90.42.154; kt_tcookie=1; kt_is_visited=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 13903\r\nLast-Modified: Tue, 02 Dec 2025 15:30:13 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nETag: \"692f0605-364f\"\r\nExpires: Wed, 03 Dec 2025 17:27:46 GMT\r\nCache-Control: max-age=86400\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13903,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"10e5b82bcf637ba6f8701a344d3c4f0d","sha1":"c07f72814c1e149df70747f70e45fb45b5c8c33b","sha256":"2a6a63dbb89986824e393e7436540bd2aad1a63899a427755a3110108497fd4a","sha512":"38c67bd548a8b7adcadad39dd8acc26f3ac316826a96648fee8c9e1c5ad376a29a79bab7859c62f86a0d7c935e7ddfb0dc0d0217592ff805bfd58940dde24b7f","ssdeep":"384:RfxO+YynSM2j83aokXEAjmZ72ySvstGy4b:L3/2mGEAo2y1ib","tlshash":"bf52cfa2bce0ca6fbf22ee3144d30d5d4fc2753e96d779af78444659d118b097102381","first_seen":"2025-12-02T17:23:22.648012Z","last_seen":"2025-12-02T17:29:22.67106Z","times_seen":3,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=15599","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xmegadrive.com/","date":"2025-12-02T17:27:46.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 11:47:47 GMT","end":"Sun, 08 Feb 2026 11:47:46 GMT"},"fingerprint":{"sha1":"05:1E:63:2F:40:1F:87:C3:0D:F0:42:C7:EA:E8:B1:D8:6F:76:7C:FC","sha256":"1C:13:0E:F6:58:8A:8C:D7:DE:1F:9F:20:D5:17:50:15:02:D5:C8:8E:39:40:68:3F:01:24:F2:73:14:BA:25:0F"}}},"request":{"raw":"POST /fp?tag_id=15599 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 1972\r\nOrigin: https://www.xmegadrive.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xmegadrive.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1972,"data":"{\"timezoneOlson\":\"UTC\",\"incognito\":true,\"fonts\":{\"value\":[\"Bitstream Vera Sans Mono\",\"Century\"],\"duration\":163},\"fontPreferences\":{\"value\":{\"default\":173.11666870117188,\"apple\":173.11666870117188,\"serif\":173.11666870117188,\"sans\":162.01666259765625,\"mono\":122.68333435058594,\"min\":10.800003051757812,\"system\":162.01666259765625},\"duration\":99},\"languages\":{\"value\":[[\"en-US\"],[\"en-US\",\"en\"]],\"duration\":1},\"colorDepth\":{\"value\":24,\"duration\":0},\"deviceMemory\":{\"duration\":0},\"screenResolution\":{\"value\":[1280,1024],\"duration\":1},\"hardwareConcurrency\":{\"value\":48,\"duration\":0},\"timezone\":{\"value\":\"UTC\",\"duration\":25},\"sessionStorage\":{\"value\":true,\"duration\":0},\"localStorage\":{\"value\":true,\"duration\":0},\"indexedDB\":{\"value\":true,\"duration\":0},\"platform\":{\"value\":\"Win32\",\"duration\":0},\"plugins\":{\"value\":[{\"name\":\"PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"Chrome PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"Chromium PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"Microsoft Edge PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"WebKit built-in PDF\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]}],\"duration\":0},\"vendor\":{\"value\":\"\",\"duration\":0},\"cookiesEnabled\":{\"value\":true,\"duration\":0},\"colorGamut\":{\"value\":\"srgb\",\"duration\":0},\"rendererUnmasked\":{\"value\":\"\",\"duration\":114},\"brand\":\"\",\"device\":\"\",\"os_type\":\"desktop\",\"os_family\":\"Windows\",\"front_browser_family\":\"Firefox\",\"front_browser_name\":\"Firefox 134\",\"pixel_ratio\":1}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Tue, 02 Dec 2025 17:27:46 GMT\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: 58\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://www.xmegadrive.com\r\nSet-Cookie: id=10691646263402766793; Expires=Wed, 02 Dec 2026 17:27:46 GMT; Secure; SameSite=None\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"c4efc1d6d16235d9433cd2565d887460","sha1":"22d069a5f536640e46122475c79db933e82d7f2e","sha256":"f0a6b8c736b7d8c5d3304a9ccd10d2114a0f25f2ba946cce62204df3384a131f","sha512":"af1cfe529f3173efdc7f4aff67355529095e775d8edb38d8a7c9565e09807aff470a465ffdf89ef6555f06cc88efa675823becc942896c63fa64a3140858f539","ssdeep":"","tlshash":"5ba00294c5c00e3c80200c3a73cf901628e4d304120217880ca66b5108822abe333c91","first_seen":"2025-07-26T17:44:43.174102Z","last_seen":"2026-04-20T07:33:27.00856Z","times_seen":6298,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":0,"connect":28,"send":0,"wait":25,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}