megalink.pw/07xhsn
172.67.204.111301 Moved Permanently 0 B IP 172.67.204.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /07xhsn HTTP/1.1
Host: megalink.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Sep 2022 22:40:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 07 Sep 2022 23:40:58 GMT
Location: https://megalink.pw/07xhsn
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qRdkTkMRmkiWxeaGhQtV9Nk3vW64QereVVu03qTlXLJ%2BqQUH2p8U86URPnaZWTQzjxD%2Fg79EWVW%2Bm36Chv0j79E7ebsdeUU97IVksVtP6YFrtjBihcTgwKivPoMbOA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7472f2fd2ba90afe-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 22:04:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tYIB7i9aZLF7Bxr-DO_t0kQ9mHecdQMHzCpS2rxZbWrezrgAKx-S7w==
Age: 2159
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13372
Expires: Thu, 08 Sep 2022 02:23:50 GMT
Date: Wed, 07 Sep 2022 22:40:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nmQJef7RcStQuYXybc7YiFsucr9_iYiF_lsDWE2sVfaY3_WsbH8_bg==
age: 68064
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:40:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 07 Sep 2022 22:38:18 GMT
Expires: Wed, 07 Sep 2022 22:59:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8iSI1zekE8jmO8UdMFTojp_aOBhlWmT5kFpNyYkFtpRho3bORdSDRA==
Age: 161
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a81b0f5b5d11bf95fc176833b2f6e808
5b194aa5a8bf3a6b0d117ccfd0f487f6db0587b5
8f6ae83f2b85db7174bbbc6553e2921617b5c8a401315e76082682949a0bd9cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5676
Cache-Control: max-age=126020
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 22:40:59 GMT
Etag: "63185113-1d7"
Expires: Fri, 09 Sep 2022 09:41:19 GMT
Last-Modified: Wed, 07 Sep 2022 08:06:43 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b63f97bc3dce37e8ee6a0c9fcae468fe
cc70326582c0016d7434d0553486734266e57e71
6b3b365123beead4021532b8f2578b3761bbd47af45ed2a461a0476d53aa637d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 22:40:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic
142.250.74.10200 OK 1.4 kB URL HTTP/2 fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic
IP 142.250.74.10:0
Hash 4cd50276079c14a5057f67cfff139f7b
202b86ef90d76435661af7307d02b0b22353b01d
dadce22a1edca02d7638f0a63523e59f8f3c5d9e6b008ff1772287ce660163d1
GET /css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Sep 2022 22:40:59 GMT
date: Wed, 07 Sep 2022 22:40:59 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.41.252.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.252.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: G0iJtWBe52NquwH81HjHkw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ESEq1ZcAEpzfJCwVF1Ffn3YIAu8=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash acbf6d8b9d1ed9d5bac0bd2272e78822
f07612335f92e81f470fdd1373c509ab83384559
70c8176cfa79e11450452a885ae8b5e5f9f5f510333c62a164003b72292ebc53
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "70C8176CFA79E11450452A885AE8B5E5F9F5F510333C62A164003B72292EBC53"
Last-Modified: Mon, 05 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21560
Expires: Thu, 08 Sep 2022 04:40:20 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
moundgrandmotherel.com/5c/38/51/5c3851391068a309eed36b1eec6217ca.js
192.243.59.13200 OK 13 kB URL HTTP/1.1 moundgrandmotherel.com/5c/38/51/5c3851391068a309eed36b1eec6217ca.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37106), with no line terminators
Hash bd23d0547850990106a34c5deb5bcf3a
f56ac878951ab9b3f883cac25875681230bc9538
9da0d827ac450bf4a1d6bb38100e4e2aba34d6ac60396c3fe962f5407e98fb68
GET /5c/38/51/5c3851391068a309eed36b1eec6217ca.js HTTP/1.1
Host: moundgrandmotherel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Sep 2022 22:41:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f231fc60bd16bc0ec5600930abe0837
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ac7e934d1c32bd775836bdedbf79f0e
43326102df03fe8e531ccf5c9f85cfdefe9bcf03
8c52cd34223b58c44adc37c72bd408b371c5c6b6cf5e4b72a0078c1d57dfdc33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C52CD34223B58C44ADC37C72BD408B371C5C6B6CF5E4B72A0078C1D57DFDC33"
Last-Modified: Wed, 07 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13467
Expires: Thu, 08 Sep 2022 02:25:27 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c6e3283e85172efda9db94c2b80995d
f6f2050b7bafcf3b09d02da7d76c61f05c620ffb
2d0a0573ad8f3e3fc9622e5478cd1f919ad43f3ad5cb998661ebbe66a2419c5f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D0A0573AD8F3E3FC9622E5478CD1F919AD43F3AD5CB998661EBBE66A2419C5F"
Last-Modified: Wed, 07 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13772
Expires: Thu, 08 Sep 2022 02:30:32 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f6a2889331691687d85970f0dfb55d
9ed93e689b768412933dbb2f45dca81c06ec720c
17219c8c994534fa5109a0be64e76e68526ed14d5720187d78e0f05fe3a8fbde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17219C8C994534FA5109A0BE64E76E68526ED14D5720187D78E0F05FE3A8FBDE"
Last-Modified: Tue, 06 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14319
Expires: Thu, 08 Sep 2022 02:39:39 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da05c4b51a3dabf88135becc19f1af52
2c8e928a750eff713ffba9cacff2ee241b22c236
3a718561532594be11fba74ace11458dc337786dacb48c588777120b6916984f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 22:41:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 30305830d5da91ae2c48fbaa96772ce8
080d36169a8ef5d80ce30464f88bc588d4fba616
683354f9d2a6d5e6a80b8c0a7c9cf6b731d39f926492f33fb797d8f8d69fa635
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "683354F9D2A6D5E6A80B8C0A7C9CF6B731D39F926492F33FB797D8F8D69FA635"
Last-Modified: Mon, 05 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20037
Expires: Thu, 08 Sep 2022 04:14:57 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:26:57 GMT
expires: Thu, 07 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 11643
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da05c4b51a3dabf88135becc19f1af52
2c8e928a750eff713ffba9cacff2ee241b22c236
3a718561532594be11fba74ace11458dc337786dacb48c588777120b6916984f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 22:41:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Hash 4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:26:57 GMT
expires: Thu, 07 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 11643
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
glizauvo.net/401/5293711
139.45.197.236200 OK 84 kB IP 139.45.197.236:0
Hash a3b72b1eb5373a6913ccc7b373cbae49
12c908af4708d98f2801361248a7106ea8b752fe
39aa37a4b970a7ae8962d3993222173f4cb1e7a91ee6ff0d341ee40d0f29c3d0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5293711 HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: application/javascript
x-trace-id: 1787e9f1418934366fe9febd03c8267e
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=1f9fe8f61e4448e495ee52a14c7ee326; expires=Thu, 07 Sep 2023 22:41:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 1a2adb6d06ff306d9d3118213e27e532
b0c6dede44100d653ac05c260c3c6a15a60f13f1
624d5505fb673fd21dacda10f774ee3d19f9c3c33db688473b3b7c55f5cc5c11
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 07 Sep 2022 22:41:00 GMT
Last-Modified: Wed, 07 Sep 2022 21:06:52 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lAkrq0CCSm2cJp0WmNM7Kdx3125mdqYwhVugUn4oZu-fyXW6PiOSdA==
Age: 5648
ocsp.sectigo.com/
104.18.32.68200 OK 281 B IP 104.18.32.68:0
Hash d1a787c754017bb7db6b938eb4f9cf4b
22e3e12fb1abf75694a88d41ce931414ce3820b8
3b81c6e551dac3f41f01df9d9989ed52b36629ebf08f4ca0d0d0a1d3e0cb698d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:00 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 09:53:49 GMT
Expires: Tue, 13 Sep 2022 09:53:48 GMT
Etag: "22e3e12fb1abf75694a88d41ce931414ce3820b8"
Cache-Control: max-age=471767,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7472f30b4f76b500-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b72e120fdcc3a85e5fb68617dfe8558b
28c0effc26a8c89b69d976ffbafcffe8da49401b
dc0d83af8dc36a0891e7f7b173c20fb2e3fc6f1da85a60d5be3387a5d30644cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC0D83AF8DC36A0891E7F7B173C20FB2E3FC6F1DA85A60D5BE3387A5D30644CB"
Last-Modified: Wed, 07 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12838
Expires: Thu, 08 Sep 2022 02:14:58 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash 1ba9854e3380a8d106e0eb3aa6ca433f
b69a325a8e3200bd0c21e944a1409a0bc7955fcb
faf9aca3fd482f6207c77d5570cbdb071db54be8e0d0665fc538cca79b882c60
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
set-cookie: uid_id2=7b372a6f-6f72-40b9-a599-485eba6ed597:3:1; expires=Sat, 04 Sep 2032 22:41:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 281 B IP 104.18.32.68:0
Hash d1a787c754017bb7db6b938eb4f9cf4b
22e3e12fb1abf75694a88d41ce931414ce3820b8
3b81c6e551dac3f41f01df9d9989ed52b36629ebf08f4ca0d0d0a1d3e0cb698d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:00 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 09:53:49 GMT
Expires: Tue, 13 Sep 2022 09:53:48 GMT
Etag: "22e3e12fb1abf75694a88d41ce931414ce3820b8"
Cache-Control: max-age=471767,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7472f30aef1db503-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8204
Expires: Thu, 08 Sep 2022 00:57:44 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8204
Expires: Thu, 08 Sep 2022 00:57:44 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8204
Expires: Thu, 08 Sep 2022 00:57:44 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8204
Expires: Thu, 08 Sep 2022 00:57:44 GMT
Date: Wed, 07 Sep 2022 22:41:00 GMT
Connection: keep-alive
bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.423.0
139.45.197.234200 OK 1.9 kB URL HTTP/2 bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.423.0
IP 139.45.197.234:0
Hash acafc06f839a16a54d437447b5a06b4b
f888a5d4dba28fe40f600b5d433ddff065782fca
0baac2457b463491b5ee9d2a5919feec9667499bf037735c5bd2bfb9c0e3c200
GET /5/4938391/?oo=1&js_build=iclick-v1.423.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: application/json
x-trace-id: 4293cf984ffde95615fd1d2525484576
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=88552ad54bf74d7cb01efb79da430903; expires=Thu, 07 Sep 2023 22:41:00 GMT; path=/; secure; SameSite=None
oaidts=1662590460; expires=Thu, 07 Sep 2023 22:41:00 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c870cb13eb9cbc6e3cb66814dc06a157
b469f24dbfe01ee68650ef1b0abd6badb83e3325
d4dc98f6d2d86a94c85056797a4efd9ab938651fb06bf421c661b78a5c9d9319
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4570
x-amzn-requestid: c8acc548-6455-4951-9ca0-245a1c3bdf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VYGwEoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f55-58f59c61714ed9761d39c8b4;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UiG7UKRQy_MGckOpAsfoV4PUZZ2o8ko7Q6hqeYlzo5XS0874Cf2gxQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:33:06 GMT
etag: "b469f24dbfe01ee68650ef1b0abd6badb83e3325"
content-type: image/jpeg
age: 474
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b1ceaeb-6cf1-42e7-b7e3-28eb631f4b98.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b1ceaeb-6cf1-42e7-b7e3-28eb631f4b98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 77aa1349e0d44b4756bbede0cbd05413
339fc154a29a7459101dd6125bebf38219bfd11a
74e6439067201bba5e0edc7fd477c62c0566c5fac30b035150d06fea2d30cce0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b1ceaeb-6cf1-42e7-b7e3-28eb631f4b98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12131
x-amzn-requestid: c190466e-eab9-4705-be7e-9724d240a1a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VNF8BoAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f54-0f718d821b0107bb1b1474a9;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:28 GMT
x-amz-cf-pop: SFO20-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: FgyITZMcjYj-IQbBMI21OtlmpP9HE9ZG3mJ0TyWYNxwMR4S0gz9oSg==
via: 1.1 36cc13280ef76bb2fee6ae5eed6fec2e.cloudfront.net (CloudFront), 1.1 57bd3a2d9e0e4cbf89d9eb3d7dfb916e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:59:40 GMT
age: 2480
etag: "339fc154a29a7459101dd6125bebf38219bfd11a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0564fe6-5557-4644-ba02-30e6de571e27.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0564fe6-5557-4644-ba02-30e6de571e27.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 786824349d0ac6933b5beb4a10ce9cc7
63e6e7d760e736c45ca4778111ea8e61eb13edd6
4aea707f67116f423b68bd19e946b167b48c920693663f2b7b270c86947bffdb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0564fe6-5557-4644-ba02-30e6de571e27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7923
x-amzn-requestid: 657663ba-b3e9-4a84-9186-3f13ad230765
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VsGsQoAMFlSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f57-6fc934984bba83fe1b91056f;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: WSGEVR0aSN0fgOzZ7GRMqgQ7z8UqIJ72nRk4_T2-C7ViLZgDMIEcDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:28:23 GMT
age: 757
etag: "63e6e7d760e736c45ca4778111ea8e61eb13edd6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14aa345c-bb84-4f98-baec-fbf23ee3d778.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14aa345c-bb84-4f98-baec-fbf23ee3d778.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1b0c375abb664a29d73855e858a708b3
95b9ececb227d1976c99db67695c057aebea990d
242318dcfb94f2e3e497801491fed84b42fe94396e6feb2476b2257c964ca989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14aa345c-bb84-4f98-baec-fbf23ee3d778.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5755
x-amzn-requestid: 897520a8-3b51-4e6e-843b-2698aada72fa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9bqH7PIAMF0bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f7d-1310b45e2af9cde575c8b71d;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: brV_2N_l7Y54WsevMcTHChEPJy1bYTlBXGV5u5R-4TVx82mRecad7g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:33:06 GMT
age: 694
etag: "95b9ececb227d1976c99db67695c057aebea990d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a07d553b6441514870ed7e9e989a29a7
98c145b9326d1e6036fa9089d87a25232dd45b0b
373a586b596016baeb8de98022207c25af24c099c06077edbdfd837cffc31a0e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7492
x-amzn-requestid: 2c5e9ff3-c7a4-4a8f-96bf-74f0ca5d9137
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9dOHguIAMFjGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f87-70dbe6532b1a241e6dbe729e;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 6mfdlMHJozdykr4faiijvUuJPXVrJGU_n0MxJgCrZ-uWWdejGYfiAQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 020978022b22df6352245f09cfbc410c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:33:06 GMT
age: 571
etag: "98c145b9326d1e6036fa9089d87a25232dd45b0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f922505178de0cea92eedcfda85a9f67
50f1459de01174e594e03e7df4dfaa8eb1798672
981cd58768d6ad841673add855ddcc7106fbc85de05db9a1bd2d6bc8928b4c2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6214
x-amzn-requestid: 46a44af0-e547-49e8-bc39-f6c49d94e375
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj_0HFKbIAMFRbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b134d-0297c83c305422fa51b86dcf;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 07:03:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ZKcuRO8Z6wBMdm79iDZj5uRYk4YYpYJqOoG8hZqY81O0R7hfbe5bQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 05:12:06 GMT
age: 62934
etag: "50f1459de01174e594e03e7df4dfaa8eb1798672"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:00 GMT
content-length: 0
x-trace-id: 7e9745305bb93ae22ef52cb7e3c550d7
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings
139.45.197.251200 OK 693 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (692)
Hash 72481a223a98b912ed0ce00820703df6
0d235897166143bb8a7cd2a8adff4b1078f22ca8
bce31b58adc15232d970f17c259f2eeaaed78a775053644a4b13cdc36e7706a4
GET /zone?&pub=0&zone_id=5090892&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 5d59be8db11b1404ddab8ac18578067d
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 01f5631474a714351febb873a00522fa
51d3ffb2e4371fd9156dd29de9f9ba562c4b2151
4ef5ed9b59a9145e22b8eec6844107f4c5d8a6df7b30b95a2938cce18bc98c30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4EF5ED9B59A9145E22B8EEC6844107F4C5D8A6DF7B30B95A2938CCE18BC98C30"
Last-Modified: Wed, 07 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12810
Expires: Thu, 08 Sep 2022 02:14:31 GMT
Date: Wed, 07 Sep 2022 22:41:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8756459a86b9550231ce8d2503ef15a4
fe29ffeb5cbdc319353604a8f4236eb4bec083a8
80e9b93f9b33f4869eebba59d5d458fefc1b1c3437860f21ae44bdf17ad036f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80E9B93F9B33F4869EEBBA59D5D458FEFC1B1C3437860F21AE44BDF17AD036F2"
Last-Modified: Wed, 07 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13786
Expires: Thu, 08 Sep 2022 02:30:47 GMT
Date: Wed, 07 Sep 2022 22:41:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash db0f0a955e943d27f565b3f43c88493d
cc1156910ffa2c11cb31cedfd27dfe279f1ed29c
492588062115099e532e5363074424dfd6b0822a31b53d157873c851afcd2c59
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "492588062115099E532E5363074424DFD6B0822A31B53D157873C851AFCD2C59"
Last-Modified: Tue, 06 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7638
Expires: Thu, 08 Sep 2022 00:48:19 GMT
Date: Wed, 07 Sep 2022 22:41:01 GMT
Connection: keep-alive
static.a-ads.com/a-ads-banners/398696/320x100?region=eu-central-1
213.239.209.209200 OK 209 kB URL HTTP/2 static.a-ads.com/a-ads-banners/398696/320x100?region=eu-central-1
IP 213.239.209.209:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 320 x 100\012- data
Size 209 kB (208834 bytes)
Hash 741ebf3bc1b46dbba1e029f86acdc902
8fb96f120191181bd935eaf8a53781ed24e21517
c23f7ea8d695b78d6892a4b040554404edf71e3126968a72e15ddd28d7c64502
GET /a-ads-banners/398696/320x100?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: image/gif
content-length: 208834
x-amz-id-2: Xyjn9164QzGgbaY92VNqPNYYkoeMCTvSyn26idechUyV4n0Vicz90mlHwiIfyPWfE2RmXKtBsno=
x-amz-request-id: ERX3M4HMJXJQMDEQ
x-amz-replication-status: COMPLETED
last-modified: Fri, 24 Jun 2022 20:01:58 GMT
etag: "741ebf3bc1b46dbba1e029f86acdc902"
cache-control: max-age=315360000
x-amz-version-id: 8sv3eroSCRMCGEEIeiYTxGVb_PLn865y
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.a-ads.com/a-ads-banners/138572/320x100?region=eu-central-1
213.239.209.209200 OK 257 kB URL HTTP/2 static.a-ads.com/a-ads-banners/138572/320x100?region=eu-central-1
IP 213.239.209.209:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 320 x 100\012- data
Size 257 kB (256832 bytes)
Hash ae76d8f72c45dfef5c79cfb21c189976
ad3ac36539578c5363fda29904cadf5ae8822082
1ba499ee673c6b46e61f26edd36e853022f926d79b90fe2252ebdd9046de2f1d
GET /a-ads-banners/138572/320x100?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: image/gif
content-length: 256832
x-amz-id-2: NyiAQEPlKaso/USdZhzBJYmduEa78cjCMyHuAnkcwXB4eoj4ceyoLFyGYGW5gDeijSUplU3u67A=
x-amz-request-id: H2WJRQZXY7EA5709
last-modified: Thu, 11 Feb 2021 20:19:59 GMT
etag: "ae76d8f72c45dfef5c79cfb21c189976"
cache-control: max-age=315360000
x-amz-version-id: null
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/tag.min.js?z=4938390
139.45.197.250304 Not Modified 0 B URL HTTP/2 pseepsie.com/pfe/current/tag.min.js?z=4938390
IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pfe/current/tag.min.js?z=4938390 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 05 Sep 2022 12:32:41 GMT
If-None-Match: W/"6315ec69-3a38"
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: "6315ec69-3a38"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 31d6fae447f2fe566c6a9a70e588825d
6248b5a173a856178cdfdd5ee4c717d207626675
cf01dbfc60ce075d1d9e1febfdd66b628ab3dcaddeb5f3c5e362e82203cb59a9
GET /zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 29679cfb984e8f19ead11f4ea8784b9f
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 912f9a32166cf6d4e458969545df501d
6cecdd7246361b80f2464910ba31ee1f4381ee7d
58d632863a6aab3b308ad380f47595e74120f4495f48e83e89647e4f42533fa3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 06:25:21 GMT
Expires: Mon, 12 Sep 2022 06:25:20 GMT
Etag: "6cecdd7246361b80f2464910ba31ee1f4381ee7d"
Cache-Control: max-age=372858,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7472f30df9b2b500-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 912f9a32166cf6d4e458969545df501d
6cecdd7246361b80f2464910ba31ee1f4381ee7d
58d632863a6aab3b308ad380f47595e74120f4495f48e83e89647e4f42533fa3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 06:25:21 GMT
Expires: Mon, 12 Sep 2022 06:25:20 GMT
Etag: "6cecdd7246361b80f2464910ba31ee1f4381ee7d"
Cache-Control: max-age=372858,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7472f30e0a0eb503-OSL
pseepsie.com/pfe/current/universal.min.js?v=3.1.392
139.45.197.250304 Not Modified 0 B URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.392
IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pfe/current/universal.min.js?v=3.1.392 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 05 Sep 2022 12:32:41 GMT
If-None-Match: W/"6315ec69-20481"
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: "6315ec69-20481"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 31d6fae447f2fe566c6a9a70e588825d
6248b5a173a856178cdfdd5ee4c717d207626675
cf01dbfc60ce075d1d9e1febfdd66b628ab3dcaddeb5f3c5e362e82203cb59a9
GET /zone?pub=0&zone_id=4938390&is_mobile=false&domain=megalink.pw&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 2ce7112f2b9744ef0d5c15486c93147e
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash a4d31356f61dc311ebcb85ccdeed57fe
bb72f221fc8f2f7cf554379436cf23ea5773744b
6c6dca9bae55fba47389f5105026e6c6da336357948fd256de331853175e0b1d
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=fee4df9794bc4f3589ba9a1c50db943e; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 6b9408ed309bb7ad29bbea20f6f1d608
9fcd66fcebb36178ada8951c023f3ea3c98ef56b
ed735d8eb85de4ac7b78a0e1dbe8a11b77f357a0916475ffda88884bec0bf1a1
GET /gid.js?pub=0&userId=&zoneId=5090892&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c506b05a46104e5ca12ecd17c8579df2; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
tovanillitechan.com/42/38?z=4938389
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=4938389
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=4938389 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=23c3db7b68894e7f9115ee795a846212; oaidts=1662590461
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: e2aa49aed90bfe0c9e95579507470bce
access-control-expose-headers: X-Sc
set-cookie: OAID=23c3db7b68894e7f9115ee795a846212; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
oaidts=1662590461; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=4938389
139.45.197.239200 OK 4.0 kB URL HTTP/2 tovanillitechan.com/1?z=4938389
IP 139.45.197.239:0
Hash 056b1a08fc1ad1090df91f5fae1343f2
063f149ad95ee9301eff18b9f5337f71546e9fd6
701d71ecf9eea85e67409bf6190fc69ca07757c560959f1f32598d5974bbdb09
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=4938389 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: d35607e7b91b275291ca24dbd7976a43
access-control-expose-headers: X-Sc
x-sc: FnWFm7hvefxs8TASWQnr7Ye22R2ICz-B4MdjDjr_vxqboifa2VOcylUWQfQARQJ8hJTwVpU9JPBvzbVc6BF3-E7ioAI=
set-cookie: scm=1; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
OAID=1b1381b8cdf249fd8d76f03dca2630c6; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
oaidts=1662590461; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fee4df9794bc4f3589ba9a1c50db943e
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fee4df9794bc4f3589ba9a1c50db943e
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fee4df9794bc4f3589ba9a1c50db943e HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
dozubatan.com/500/4938388?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4938388?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4938388?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d1ad226a3d89bb15c38dcd1b4face652
60fbfae06cabbb3dfbc358c8caa662237022ebe1
31d5252669c509db29f05d43b9cda8160fc3a7081bf4ba13c5bdfb4dcce25bad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "31D5252669C509DB29F05D43B9CDA8160FC3A7081BF4BA13C5BDFB4DCCE25BAD"
Last-Modified: Wed, 07 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13082
Expires: Thu, 08 Sep 2022 02:19:03 GMT
Date: Wed, 07 Sep 2022 22:41:01 GMT
Connection: keep-alive
tovanillitechan.com/27/55dfd372293146a7ca113106d0d608dd
139.45.197.239200 OK 131 kB URL HTTP/2 tovanillitechan.com/27/55dfd372293146a7ca113106d0d608dd
IP 139.45.197.239:0
File type ASCII text, with very long lines (65523)
Size 131 kB (131159 bytes)
Hash 1850a22e4ebd82ee6882b5d10d922adb
e26eefc4e6fb875502d22ee30439be7685fa2ba0
d7ef02e969ff3817a1216c588b703250da366e58d2dff63c51f3f78a14af50cf
Analyzer Verdict Alert quad9 Sinkholed
GET /27/55dfd372293146a7ca113106d0d608dd HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=23c3db7b68894e7f9115ee795a846212; oaidts=1662590461
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Wed, 07 Sep 2022 05:02:06 GMT
expires: Wed, 07 Oct 2082 05:02:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
oaphoace.net/500/5293715?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 oaphoace.net/500/5293715?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5293715?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
eehuzaih.com/500/4943451?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 eehuzaih.com/500/4943451?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4943451?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
glizauvo.net/500/5293711?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 1.2 kB URL HTTP/2 glizauvo.net/500/5293711?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1448), with no line terminators
Hash 1216672a3447e5ae120bd9c6e3134fe0
70db99af8ee320ee759b3aeb16cd860d06a9278f
63c6571eaff4459ce0a2ef0f2c682d6b7557e5cca6d810ae67d4276d1b8161d4
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5293711?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=1f9fe8f61e4448e495ee52a14c7ee326
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/javascript
x-trace-id: 1446451546726c5cd0317338c7d36668
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e; expires=Thu, 07 Sep 2023 22:41:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
oaphoace.net/500/5293715?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 77 kB URL HTTP/2 oaphoace.net/500/5293715?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash ee9f54b90161a7befc2dfa7dc9185689
c3c1a76c069152b4ff44b1c24419fdecadfd8e46
d494618557f232a7cbe706e86c2ac50602c3dcd418d1d163dbb3c67d9571543b
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5293715?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=bc75e24c06e74df28dcf076010ada916
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/javascript
x-trace-id: e162943bafc1e44f306a5fd62c356c98
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e; expires=Thu, 07 Sep 2023 22:41:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
eehuzaih.com/500/4943451?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 51 kB URL HTTP/2 eehuzaih.com/500/4943451?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 4a29630b5d8049ad2f7fa0d589d43652
98ed5d86c613723d6f3d272862cab222fd5f7875
b4a045f812504643241f1ea584a5fbf1bd5cd180a796ef47e08c305956a2459a
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4943451?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=661f2b4266ea4bd68a3de7dc301714b7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/javascript
x-trace-id: 1415e1939e745f575a0fcce4693a3784
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e; expires=Thu, 07 Sep 2023 22:41:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=hyN7LeQzRrCkeTLsxY_MQO5pp-Y91A40BZveGtQJx-S1TBE9cDKuLFyPXb4w4xPCaZu1HURp9_x_ETe6sUy39GpKVdgvndMIg-ADowI1anlIds8KxY2N3O_wTybtf8EnBf96cxHsAh_23De9g0YYNmJQnToAXFibJh9A5HdwijcnqoC9rM-Iu0JxBIXbb9dFt-wrHpafTnI6BjUavZroVBRZggM%3D&request_ab2=0&zoneid=4938391&js_build=iclick-v1.423.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.423.0&bs=a6a4490c-1d57-417e-9770-ff7066cf3215&userId=fee4df9794bc4f3589ba9a1c50db943e&m=link
139.45.197.243200 OK 1.6 kB URL HTTP/2 onmarshtompor.com/?rb=hyN7LeQzRrCkeTLsxY_MQO5pp-Y91A40BZveGtQJx-S1TBE9cDKuLFyPXb4w4xPCaZu1HURp9_x_ETe6sUy39GpKVdgvndMIg-ADowI1anlIds8KxY2N3O_wTybtf8EnBf96cxHsAh_23De9g0YYNmJQnToAXFibJh9A5HdwijcnqoC9rM-Iu0JxBIXbb9dFt-wrHpafTnI6BjUavZroVBRZggM%3D&request_ab2=0&zoneid=4938391&js_build=iclick-v1.423.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.423.0&bs=a6a4490c-1d57-417e-9770-ff7066cf3215&userId=fee4df9794bc4f3589ba9a1c50db943e&m=link
IP 139.45.197.243:0
File type JSON data\012- , ASCII text, with very long lines (2150), with no line terminators
Hash e1a048074f0e6fcbfd8fbbf73a129fe0
70538f2e805993fa2e8a5f7c57fb652f822c14e0
28c17517dc16947cff2794eefc8eef7bbabab964de5b16f1b1ee20813d9b6840
GET /?rb=hyN7LeQzRrCkeTLsxY_MQO5pp-Y91A40BZveGtQJx-S1TBE9cDKuLFyPXb4w4xPCaZu1HURp9_x_ETe6sUy39GpKVdgvndMIg-ADowI1anlIds8KxY2N3O_wTybtf8EnBf96cxHsAh_23De9g0YYNmJQnToAXFibJh9A5HdwijcnqoC9rM-Iu0JxBIXbb9dFt-wrHpafTnI6BjUavZroVBRZggM%3D&request_ab2=0&zoneid=4938391&js_build=iclick-v1.423.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.423.0&bs=a6a4490c-1d57-417e-9770-ff7066cf3215&userId=fee4df9794bc4f3589ba9a1c50db943e&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/json
x-trace-id: 1de86fac7be202cafac5a79c2388aece
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e; expires=Thu, 07 Sep 2023 22:41:01 GMT; path=/; secure; SameSite=None
oaidts=1662590461; expires=Thu, 07 Sep 2023 22:41:01 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 14 Sep 2022 22:41:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 752
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2d461afa2b240210db39424461eb2d34
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 365
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: dd11063b17bb9228de1bc08cf91255de
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.423.0
139.45.197.234200 OK 5.4 kB URL HTTP/2 bedrapiona.com/5/4938391/?oo=1&js_build=iclick-v1.423.0
IP 139.45.197.234:0
File type JSON data\012- , ASCII text, with very long lines (8420), with no line terminators
Hash 11f65120a83b53d9fbedfebc1cc53c54
c226e61f443ee59a719c1167e2b5581abecc54fe
4fe326c884c28cc3b9c2c7a54481cbfd472a9c8aba0a366798411fa87dd139e3
GET /5/4938391/?oo=1&js_build=iclick-v1.423.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: application/json
x-trace-id: 59610c13efdf7277ac63753ce12e9c4e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=41c285fa918e4e5c8931a38497227394; expires=Thu, 07 Sep 2023 22:41:00 GMT; path=/; secure; SameSite=None
oaidts=1662590460; expires=Thu, 07 Sep 2023 22:41:00 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ba46de73d7126d67695c967daffbbc2e
4959349decff0ca1741d7944b8cf3747224649b0
5a261aa703e61a4824ef3de0454e47046e3d224ca535e3d19f9790453861a827
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A261AA703E61A4824EF3DE0454E47046E3D224CA535E3D19F9790453861A827"
Last-Modified: Wed, 07 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12808
Expires: Thu, 08 Sep 2022 02:14:30 GMT
Date: Wed, 07 Sep 2022 22:41:02 GMT
Connection: keep-alive
reapinject.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bRRTGZ5sckDiByqGggsUJJOTsep21TQ8VIQRFpE1pQPQGszNjZ%2FDszmpmx%2BvkFFEJ9YJkrpw2n5NGpRWCP4AKOZV6iEDqciEH8j8gpJ4QQnYjDE9avff2%2Bw6%2F9958ue%2FOiA9HT1ev6V2pFF1arvu1N24FwZXahkzdsDZsR59GzSs1M3i7E9X9N2vvC9bXSw0%2F8P3AD2pr0oiuHi5NRcjsQSeod%2Fx6s1EPlpsYmv%2F31nmw1AMfnJEXIXm1%2BMi7CMkmSJPvV4Xt5zp7673EKZprgwE%2F%2Bjjtp7pIkczLrvHQTY%2FO3dD2ydpD6PRwhgs9%2BNcYy4p4jx8iTo%2FOIREPDmacsYJIEfPnUQwmEGoCSSdg%2BjYkf0IAxnF9E2ly97o2Bd15ptKpWpHFp39CFhVZ%2FP0i0uS7FSWHtS2tXC51ajHslpDDCWRvgswdI9%2B9AFkcg%2BVfQPJfyNLTDaTJwaZVGpKXs9mlnEB2J1BiBGo9uOknPbiuB5d5SPhpjQVB0PI5o367w1jIWyKOuB%2FQVjeggR%2B14dgUb4Q8G4GpEZjZQ2b20JcjGPcT7HYJyz3YvCLeh3sY8BKFICgsQUEJCklQ5ATFoDzkyjZseZcr6%2BLgPDfOc1iOdd7bp4c674mU7Gdn5IXpXryFb15CX5zWllnYXg7CzpSKhn5HCB5GcSAEixpBi1FYWULaC7NRd2VFXtn6CpmsyOJrPyOmx7DqGEy%2BDuougxbjVsMH3R432z520%2FuJ6FEl0349K8B1iSxfRL7j7aszcml2nvDKbxDs5Opn8bXqj3t%2FgZkSmSnxuXxE0FN3xjd1QQ5u6sKSHzazXCZyl05Pt5XTXCx8%2B4HYKbTh66t2dO8dNhWm5YOPhM03aMpl2rPk%2ForkXJg1bZggP67bT0R8w9ntFWdSl23ceHdtPcmMsFbqdAIqK0Ien4DJijzHi9mrfNnegjQTGFcicSfkPCD1MVi2B5vN%2Ba1egFFzT5x5KFw5No14%2FlNJAiXmPY1L2P%2F08bzet3fQM6%2BC5reRJiUGpsRAlaBqBOsWxnlmTq7%2BGs4CsfLGsTLeQayM%2BvrZcq08rbXC0KdRZzlotahoxc1GuxsFnNJGM2pEEQ2R24pduvz3PwAAAP%2F%2FAQAA%2F%2F%2FNwkOYYAQAAA%3D%3D
209.192.156.116200 OK 7 B URL HTTP/1.1 reapinject.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bRRTGZ5sckDiByqGggsUJJOTsep21TQ8VIQRFpE1pQPQGszNjZ%2FDszmpmx%2BvkFFEJ9YJkrpw2n5NGpRWCP4AKOZV6iEDqciEH8j8gpJ4QQnYjDE9avff2%2Bw6%2F9958ue%2FOiA9HT1ev6V2pFF1arvu1N24FwZXahkzdsDZsR59GzSs1M3i7E9X9N2vvC9bXSw0%2F8P3AD2pr0oiuHi5NRcjsQSeod%2Fx6s1EPlpsYmv%2F31nmw1AMfnJEXIXm1%2BMi7CMkmSJPvV4Xt5zp7673EKZprgwE%2F%2Bjjtp7pIkczLrvHQTY%2FO3dD2ydpD6PRwhgs9%2BNcYy4p4jx8iTo%2FOIREPDmacsYJIEfPnUQwmEGoCSSdg%2BjYkf0IAxnF9E2ly97o2Bd15ptKpWpHFp39CFhVZ%2FP0i0uS7FSWHtS2tXC51ajHslpDDCWRvgswdI9%2B9AFkcg%2BVfQPJfyNLTDaTJwaZVGpKXs9mlnEB2J1BiBGo9uOknPbiuB5d5SPhpjQVB0PI5o367w1jIWyKOuB%2FQVjeggR%2B14dgUb4Q8G4GpEZjZQ2b20JcjGPcT7HYJyz3YvCLeh3sY8BKFICgsQUEJCklQ5ATFoDzkyjZseZcr6%2BLgPDfOc1iOdd7bp4c674mU7Gdn5IXpXryFb15CX5zWllnYXg7CzpSKhn5HCB5GcSAEixpBi1FYWULaC7NRd2VFXtn6CpmsyOJrPyOmx7DqGEy%2BDuougxbjVsMH3R432z520%2FuJ6FEl0349K8B1iSxfRL7j7aszcml2nvDKbxDs5Opn8bXqj3t%2FgZkSmSnxuXxE0FN3xjd1QQ5u6sKSHzazXCZyl05Pt5XTXCx8%2B4HYKbTh66t2dO8dNhWm5YOPhM03aMpl2rPk%2ForkXJg1bZggP67bT0R8w9ntFWdSl23ceHdtPcmMsFbqdAIqK0Ien4DJijzHi9mrfNnegjQTGFcicSfkPCD1MVi2B5vN%2Ba1egFFzT5x5KFw5No14%2FlNJAiXmPY1L2P%2F08bzet3fQM6%2BC5reRJiUGpsRAlaBqBOsWxnlmTq7%2BGs4CsfLGsTLeQayM%2BvrZcq08rbXC0KdRZzlotahoxc1GuxsFnNJGM2pEEQ2R24pduvz3PwAAAP%2F%2FAQAA%2F%2F%2FNwkOYYAQAAA%3D%3D
IP 209.192.156.116:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSwW8bRRTGZ5sckDiByqGggsUJJOTsep21TQ8VIQRFpE1pQPQGszNjZ%2FDszmpmx%2BvkFFEJ9YJkrpw2n5NGpRWCP4AKOZV6iEDqciEH8j8gpJ4QQnYjDE9avff2%2Bw6%2F9958ue%2FOiA9HT1ev6V2pFF1arvu1N24FwZXahkzdsDZsR59GzSs1M3i7E9X9N2vvC9bXSw0%2F8P3AD2pr0oiuHi5NRcjsQSeod%2Fx6s1EPlpsYmv%2F31nmw1AMfnJEXIXm1%2BMi7CMkmSJPvV4Xt5zp7673EKZprgwE%2F%2Bjjtp7pIkczLrvHQTY%2FO3dD2ydpD6PRwhgs9%2BNcYy4p4jx8iTo%2FOIREPDmacsYJIEfPnUQwmEGoCSSdg%2BjYkf0IAxnF9E2ly97o2Bd15ptKpWpHFp39CFhVZ%2FP0i0uS7FSWHtS2tXC51ajHslpDDCWRvgswdI9%2B9AFkcg%2BVfQPJfyNLTDaTJwaZVGpKXs9mlnEB2J1BiBGo9uOknPbiuB5d5SPhpjQVB0PI5o367w1jIWyKOuB%2FQVjeggR%2B14dgUb4Q8G4GpEZjZQ2b20JcjGPcT7HYJyz3YvCLeh3sY8BKFICgsQUEJCklQ5ATFoDzkyjZseZcr6%2BLgPDfOc1iOdd7bp4c674mU7Gdn5IXpXryFb15CX5zWllnYXg7CzpSKhn5HCB5GcSAEixpBi1FYWULaC7NRd2VFXtn6CpmsyOJrPyOmx7DqGEy%2BDuougxbjVsMH3R432z520%2FuJ6FEl0349K8B1iSxfRL7j7aszcml2nvDKbxDs5Opn8bXqj3t%2FgZkSmSnxuXxE0FN3xjd1QQ5u6sKSHzazXCZyl05Pt5XTXCx8%2B4HYKbTh66t2dO8dNhWm5YOPhM03aMpl2rPk%2ForkXJg1bZggP67bT0R8w9ntFWdSl23ceHdtPcmMsFbqdAIqK0Ien4DJijzHi9mrfNnegjQTGFcicSfkPCD1MVi2B5vN%2Ba1egFFzT5x5KFw5No14%2FlNJAiXmPY1L2P%2F08bzet3fQM6%2BC5reRJiUGpsRAlaBqBOsWxnlmTq7%2BGs4CsfLGsTLeQayM%2BvrZcq08rbXC0KdRZzlotahoxc1GuxsFnNJGM2pEEQ2R24pduvz3PwAAAP%2F%2FAQAA%2F%2F%2FNwkOYYAQAAA%3D%3D HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3357656]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Sep 2022 22:41:02 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c16721172c54787c73d777dec2e4849
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 601d02860a32cd0667c2b4b6d5746e29
cd419b7dbf9f54edca0ceca468d14627d70f0764
18b245d8cf9427a2fab1793342ec08d8b1967083aad465785540d7f6bbc1af01
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18B245D8CF9427A2FAB1793342EC08D8B1967083AAD465785540D7F6BBC1AF01"
Last-Modified: Mon, 05 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2492
Expires: Wed, 07 Sep 2022 23:22:34 GMT
Date: Wed, 07 Sep 2022 22:41:02 GMT
Connection: keep-alive
mediasama.com/starharem/01/s/index_rt.html
144.217.67.42200 OK 1.5 kB URL HTTP/1.1 mediasama.com/starharem/01/s/index_rt.html
IP 144.217.67.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 30597b59f3cb1eadf603fcfb21952340
baca3a552764959edd4fc56947acc9a4f33822de
6ac92da5b37d94c53f231a18bb88be006ae20f1724a63151a97ed918d86cb25d
GET /starharem/01/s/index_rt.html HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:02 GMT
Server: Apache
Last-Modified: Wed, 20 Jul 2022 09:11:51 GMT
ETag: "17a0-5e438fdce23c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1525
Content-Type: text/html
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
216.58.207.202200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 216.58.207.202:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 05:04:26 GMT
expires: Sat, 02 Sep 2023 05:04:26 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 495396
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/styles.css
144.217.67.42200 OK 2.4 kB URL HTTP/1.1 mediasama.com/starharem/01/s/styles.css
IP 144.217.67.42:0
File type ASCII text, with very long lines (420)
Hash 8e7117f5f47cb6cde0a8e8eb38b16dbb
617fd3f0d3f420ee1967a20fb0b0af4ac34eca03
794f8aa66b6afcf9b7d9bfe5952860436dcfee6bf82e4368af6bc838ce89be98
GET /starharem/01/s/styles.css HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:02 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:29 GMT
ETag: "2638-5dc0be6400e82-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2406
Content-Type: text/css
unseenreport.com/pxf.gif?uuid=7b372a6f-6f72-40b9-a599-485eba6ed597&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=7b372a6f-6f72-40b9-a599-485eba6ed597&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=7b372a6f-6f72-40b9-a599-485eba6ed597&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=5c3851391068a309eed36b1eec6217ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 07 Sep 2022 22:41:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d42a1e9e2f3c5811a3487870336fbde7
Strict-Transport-Security: max-age=0; includeSubdomains
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 373
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:02 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2aeb68e907b86c226e908d6991f21b8f
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=8fe6d99460814c158ad4a5f424fb20ae&zoneId=4938390&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=8fe6d99460814c158ad4a5f424fb20ae&zoneId=4938390&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 6b9408ed309bb7ad29bbea20f6f1d608
9fcd66fcebb36178ada8951c023f3ea3c98ef56b
ed735d8eb85de4ac7b78a0e1dbe8a11b77f357a0916475ffda88884bec0bf1a1
GET /gid.js?pub=0&userId=8fe6d99460814c158ad4a5f424fb20ae&zoneId=4938390&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Cookie: ID=c506b05a46104e5ca12ecd17c8579df2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:02 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c506b05a46104e5ca12ecd17c8579df2; expires=Thu, 07 Sep 2023 22:41:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/js/main.js
144.217.67.42200 OK 549 B URL HTTP/1.1 mediasama.com/starharem/01/s/js/main.js
IP 144.217.67.42:0
Hash d8fa8e233a4db9fbce0c20d9a57a06fe
2366b2969771aa164bfdca6b5baf916806f6758a
f496e19ead804367daa801860cd95a7ec6854965a7c5cf2c49dda71532c19932
GET /starharem/01/s/js/main.js HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:02 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:50 GMT
ETag: "516-5dc0be78000b5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 549
Content-Type: application/javascript
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d510006684c41cbdf97ea19087d5d77f
175e3a9e1727d7841003b6c6c228ba2e79d41124
d30f31a4fd293a2bf326f667d47745533d99a6088849033b9086578b3541f741
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D30F31A4FD293A2BF326F667D47745533D99A6088849033B9086578B3541F741"
Last-Modified: Wed, 07 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12435
Expires: Thu, 08 Sep 2022 02:08:17 GMT
Date: Wed, 07 Sep 2022 22:41:02 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d510006684c41cbdf97ea19087d5d77f
175e3a9e1727d7841003b6c6c228ba2e79d41124
d30f31a4fd293a2bf326f667d47745533d99a6088849033b9086578b3541f741
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D30F31A4FD293A2BF326F667D47745533D99A6088849033B9086578B3541F741"
Last-Modified: Wed, 07 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12435
Expires: Thu, 08 Sep 2022 02:08:17 GMT
Date: Wed, 07 Sep 2022 22:41:02 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d510006684c41cbdf97ea19087d5d77f
175e3a9e1727d7841003b6c6c228ba2e79d41124
d30f31a4fd293a2bf326f667d47745533d99a6088849033b9086578b3541f741
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D30F31A4FD293A2BF326F667D47745533D99A6088849033B9086578B3541F741"
Last-Modified: Wed, 07 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12435
Expires: Thu, 08 Sep 2022 02:08:17 GMT
Date: Wed, 07 Sep 2022 22:41:02 GMT
Connection: keep-alive
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/img/icon.jpg
104.21.51.177200 OK 67 kB URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/img/icon.jpg
IP 104.21.51.177:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=821, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1232], progressive, precision 8, 444x333, components 3\012- Macintosh HFS Extended version -2833 data (mounted) (spared blocks) (unclean) (locked) last mounted by: '87\3', created: Mon Nov 15 07:50:58 1999, last modified: Mon Apr 2 19:14:08 2007, last checked: Fri Nov 18 14:08:25 1988, block size: -1700773017, number of blocks: 1360706695, free blocks: 2133437055\012- data
Hash f13d94fda6d7168498ae18be4c55b0ba
43aa0c195f210d1d932b5d381bbb37efe4003b64
7d1ae4e59aa009cf41e47b3cb1f8a3bc0c69b59d89e2407c3c6a8a0cba1c09fe
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/6/img/icon.jpg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:02 GMT
content-type: image/jpeg
content-length: 66900
last-modified: Tue, 01 Feb 2022 11:49:31 GMT
etag: "61f91e4b-10554"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3069318
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WsrSQGxya1taJEJscVPbwf0mBAw7yC%2BEcolHllgyIw0fGCgT%2Bw5fJ4k%2BpfjnGOKJsbCyYQh9xEDvDuNAAI%2B9A2fmxWbi2gpKklPaIVrDIVkaCrX%2Bzlfr45SMYnu6R9KXgy0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f318efffb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 1.0 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
File type gzip compressed data, max compression\012- data
Hash bc9323ceef2f6803244586192dd43831
93a7dde78c8df07871e15f051144bc3bbeb6b4fb
5bf5279fb28839cee04329c6160b8f418a6a8d96b45030383b337f6acd43ee58
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D30F31A4FD293A2BF326F667D47745533D99A6088849033B9086578B3541F741"
Last-Modified: Wed, 07 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12435
Expires: Thu, 08 Sep 2022 02:08:17 GMT
Date: Wed, 07 Sep 2022 22:41:02 GMT
Connection: keep-alive
reapinject.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Finterstitial%2Futility%2Fdefault%2Fblog%2Fflip_icon_fullpage%2F6%2Findex.html&l=1361&fd=602
209.192.156.116200 OK 0 B URL HTTP/1.1 reapinject.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Finterstitial%2Futility%2Fdefault%2Fblog%2Fflip_icon_fullpage%2F6%2Findex.html&l=1361&fd=602
IP 209.192.156.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Finterstitial%2Futility%2Fdefault%2Fblog%2Fflip_icon_fullpage%2F6%2Findex.html&l=1361&fd=602 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3357656]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Sep 2022 22:41:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.yourwebbars.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/index.html
104.26.7.19200 OK 21 kB URL HTTP/2 cdn.yourwebbars.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/index.html
IP 104.26.7.19:0
File type HTML document text\012- HTML document, ASCII text
Hash 87d37e3d0982220a8230960c2f74876d
5e8a8ade56fd2318acf3410bc9f3396b88b76bd1
85ad57ddf8aa439889067a7ca655b7ee2112387a7d37379134c075328159f055
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/6/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:02 GMT
content-type: text/html
last-modified: Tue, 01 Feb 2022 12:18:52 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oifPWCOc%2BEM0Pi2Y1fVnK7qe4OccnFZWPyHnQIfxftVJCIbBU0m4ulBaGY5YeWYx%2FSb%2BrYqhBQly3b4cVWv%2F8x2P8R7eUW4IGYBRtoEXyq7aVM4p%2F5Z4UO5iSZNbF7V27sdzzv4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f3147c21b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/img/2.jpg
144.217.67.42200 OK 369 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/2.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 369 kB (369239 bytes)
Hash b7d3bd4ae3d5f8477e040e6410517866
2b255c9583c47e5da4069d9c055d3430a0c1e03a
7bb68d5a9a92a500956397e156beb117a0ef605b6747800cacf9c9440b6fc7e4
GET /starharem/01/s/img/2.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:02 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5a257-5dc622e1424eb"
Accept-Ranges: bytes
Content-Length: 369239
Content-Type: image/jpeg
pseepsie.com/event
139.45.197.250200 OK 1.6 kB IP 139.45.197.250:0
Hash 8c7862514dee7a0f99851f65d46a414f
6e526596cc49d0ec00fe494348e776c423401a59
84e2afbf303f1c0f537c4c14bb0673b1dd767b9e504aca0fdad945929d0e28db
Analyzer Verdict Alert fortinet Malware
OPTIONS /event HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:03 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/js/script.js
104.21.51.177200 OK 194 B URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/js/script.js
IP 104.21.51.177:0
Hash 9d0d1d223e35512cabac61e5d1b60267
b55b590938c93453cda11f49e7d354598254b63b
9d8ffa56035e0f894424c6c6632304240af07bff691decb4e501d3ee8e381df3
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/6/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:03 GMT
content-type: application/javascript
last-modified: Mon, 22 Mar 2021 09:40:06 GMT
etag: W/"605865f6-18d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TxGfjfpvFuakvtEwxxneEBakz91lsYuTBycsx1qmi1%2Bkc45OUtcWJFo3U8M9061ODBKZZgrPqG7a8TCVyD1Z7BZxjcJtlj%2BUpG4W4ti%2FL6tcAkZec%2BUEHGYQfn7Oobg9yfU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f318af6fb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 11215
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/img/1.jpg
144.217.67.42200 OK 397 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/1.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 397 kB (397097 bytes)
Hash 43c140ec16ce96d582782ea93eeaa4fe
3390bf8e8708620fc0a851455e4729cb4f0248a2
3e176a04debe08dd522e7f0fbc9f7530880a92fb9845afd7391bbaa764a4ad55
GET /starharem/01/s/img/1.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:02 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "60f29-5dc622dfac0e8"
Accept-Ranges: bytes
Content-Length: 397097
Content-Type: image/jpeg
pseepsie.com/event
139.45.197.250200 OK 94 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash d3eecf307385ae960a4d636ba4e62878
0abd5ae25eeda201223dde6d7b90a9ba75ef5ac9
72418578e6f85f558836a5b673ab280b4ee062cfa33016f3d1e3e5a42ed0f310
Analyzer Verdict Alert fortinet Malware
POST /event HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Content-Type: application/json
Origin: https://megalink.pw
Content-Length: 1031
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:03 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 4e4e7e47ae0c13f51743edc1ee42fcee
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/img/7.jpg
144.217.67.42200 OK 327 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/7.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 327 kB (326553 bytes)
Hash c67c9fb0268eea7d188c4c9bc54a0bf4
216b83374ba6f011041b31dd381f22e99ea7a8c1
95ae6eba3fad2ff05cadc95b27fc79a198a9e873371ab5fb7bb97c1661cd4654
GET /starharem/01/s/img/7.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:03 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:45 GMT
ETag: "4fb99-5dc622e5033f2"
Accept-Ranges: bytes
Content-Length: 326553
Content-Type: image/jpeg
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/css/animate.css
104.21.51.177200 OK 4.8 kB URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/css/animate.css
IP 104.21.51.177:0
Hash c91016401e0a0b7b3d7572de48c76597
12fb634abb5e708b4f55d1489055b4f626d3cdd1
2472e286e0bf6f54cef9d99e9c63301c873fa02bc4e3979e1a18587a6d973120
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/6/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:03 GMT
content-type: text/css
last-modified: Mon, 22 Mar 2021 09:40:02 GMT
etag: W/"605865f2-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SlJlfHzdEWHq67%2F6wZDpPvCp09R%2FmpFLtni6Q4ue0H8M%2FDx9sHNOerhMYRcHIHM%2BO%2FFKEbki%2BzB8NdqkgOzYC9RZO8XZHEMaEsD%2B9cXJZFcqdnqztJvyGpf%2BRyJ5SGcn8Pk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f318dfecb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/img/3.jpg
144.217.67.42200 OK 375 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/3.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 375 kB (375159 bytes)
Hash 84c5f704120f28ad7bcde2ebab7442a0
fd2745300ba7ad59ff8044c7e9f76b1326ddd120
6227de9cf2198a85639d3808c134b85dc1e6a5ee5ee5709189c5e58d1b91b7c2
GET /starharem/01/s/img/3.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:03 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5b977-5dc622e17edac"
Accept-Ranges: bytes
Content-Length: 375159
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/4.jpg
144.217.67.42200 OK 325 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/4.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 325 kB (325446 bytes)
Hash ec18d276822ab5772f3458da7dbedfbc
f7a38f944aaba3e6b848f496bf4b8fee50b58161
da6b7082767f0ddffbec031c7f84b859c7a1f20624445bb26aa93895b75d7c09
GET /starharem/01/s/img/4.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:03 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "4f746-5dc622e2da82e"
Accept-Ranges: bytes
Content-Length: 325446
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/8.jpg
144.217.67.42200 OK 682 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/8.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-3584, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 211035008.000000\012- data
Size 682 kB (682050 bytes)
Hash cedcd46e956dee6a28f87198962b0477
7b38f1de654971e436983fb6a34a71540ba526c9
08c08ef6f1ed9da65259719bbcc97e9aec700d3b486a9f0a741cb5800be34db5
GET /starharem/01/s/img/8.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:03 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "a6842-5dc622e757ed6"
Accept-Ranges: bytes
Content-Length: 682050
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/6.jpg
144.217.67.42200 OK 261 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/6.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 261 kB (261364 bytes)
Hash 4b7cf78d93f3f009f850bedb6829d7f6
cc55cad898df47a2f089946aee9398fea7fa2ae6
44d0a6f8e7f7fe0354c05417445137070431686d671c51e9f3d3869867f2448f
GET /starharem/01/s/img/6.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:03 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:44 GMT
ETag: "3fcf4-5dc622e471bd1"
Accept-Ranges: bytes
Content-Length: 261364
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/10.jpg
144.217.67.42200 OK 238 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/10.jpg
IP 144.217.67.42:0
File type gzip compressed data, max compression\012- data
Size 238 kB (237638 bytes)
Hash 67ef47470192d10c8572079954ba5507
97989ac5980ef262c1bb169bc27b75258c43cbd6
87ed1b3b08629b6764639b7c63e495015f77b4ab63b6201c67c0da03a87f8626
GET /starharem/01/s/img/10.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:03 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "39dae-5dc622df755e8"
Accept-Ranges: bytes
Content-Length: 236974
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/5.jpg
144.217.67.42200 OK 461 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/5.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 461 kB (461412 bytes)
Hash 42ad3cffde2e4081df94ded8a30a1dc5
7b064f0fcb96e5b5c498c0c03bcbb9ab15e999b0
be788428faee6157125228734e5510d4f49212766eff23a1a1b178e456f153d1
GET /starharem/01/s/img/5.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:03 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "70a64-5dc622e35f52f"
Accept-Ranges: bytes
Content-Length: 461412
Content-Type: image/jpeg
reapinject.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72uyEFwpdVGlOrhSkMl783vsolhrJJg2tVHsTu%2BvmVznvncf9747b5JVsCDdCOPW1ct3kobaIvoHWGRS6CIo9LkxC%2FM%2FiNCViMw0OHrgcc553%2B%2Fic865X%2B75UxLC05Or18yO0pquNKth5Y1bUXSpsq4SP6qMOq1PW41LFTt8u9uqhm9W3pd8YFZqYRSGURhVVpWVPTNamYlQ6YNuVO2G1UatGjUbGNn%2F984HcDSAGJ6SF6FEufwoOA%2FFp0ji769KN8hM%2BtZ7sdc0MxZDcfhxMkhMniBelD0boJccnrlh3JPVhzDJwRwXZvivkamSBI8fgiWHZ5Bgw%2F05J9OQCZh4HvlwCqmnUHQKbm5DiScE4ALXN5DEd68bm9PtZyqdqSVZfvonVF6S5d%2FPI4m%2Fu6LVqLJptM%2BUSRxGvQJqNIXqT5H6I2Q756DyI%2FDsCyjxC1l5uo4k3t9w2kCJYj67UlOo3hRajkFdAD%2F7VADfC%2BDTALE4qfAoitqh4DTsdDmvi7ZkLRFGtN2LaBS2OvB8hjdGlo7B9Rjc7iK1uxioMaz%2FCW6rgBMBXFaS4MNdDEWBXBLkjiCnBLkiyDOCfFgcCO1qrrgrtPMsOsu1s1wvJibr79EDk%2FVlQvbSU%2FLCbC%2FB0jcvYSBPKk1e7zSjendGRethV0pRb7FISt6qRW1O4VQB5c7NR91RJXll8yukqiTLr%2F0MRo%2Fg9BG4eh3UXwTNJ%2B1aCLo1aXRC7CT3Y9mnWiWDappDmAJptoxsO9jTp%2BTC%2FDz1S79B8uPLn7Fr5R%2F3%2FgK3BVJb4HP1iKCv70xumpzs3zS5Iz9spJmK1Q6dnW4zo5lc%2BvYDuZ0bK9auuvG9d%2FhMmJUPPpIuW6eJUEnfkftXlBDSrhrLJflxzX0i2Q3vtq54m%2Fh0%2Fca7q2txaqVzyiRTUFUS8vgYXJXkOZHPX%2BXL7haUncL6ArE%2FJmcBZY7A0124dMHvzBKsXnhYGiD3xcTW2OKnVgRaLnrKCrj%2F9GxR77k76NtXQbPbSOICQ1tgqAtQPYbzS5MstceXf63PA0wHE6ZtsM%2B01V8%2FW65TJ5V6KNpM9mSbyUaz0ZNcsGaThbzHWV10OhyZK%2FmFi3%2F%2FAwAA%2F%2F8BAAD%2F%2F00WlnBgBAAA
209.192.156.116200 OK 7 B URL HTTP/1.1 reapinject.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72uyEFwpdVGlOrhSkMl783vsolhrJJg2tVHsTu%2BvmVznvncf9747b5JVsCDdCOPW1ct3kobaIvoHWGRS6CIo9LkxC%2FM%2FiNCViMw0OHrgcc553%2B%2Fic865X%2B75UxLC05Or18yO0pquNKth5Y1bUXSpsq4SP6qMOq1PW41LFTt8u9uqhm9W3pd8YFZqYRSGURhVVpWVPTNamYlQ6YNuVO2G1UatGjUbGNn%2F984HcDSAGJ6SF6FEufwoOA%2FFp0ji769KN8hM%2BtZ7sdc0MxZDcfhxMkhMniBelD0boJccnrlh3JPVhzDJwRwXZvivkamSBI8fgiWHZ5Bgw%2F05J9OQCZh4HvlwCqmnUHQKbm5DiScE4ALXN5DEd68bm9PtZyqdqSVZfvonVF6S5d%2FPI4m%2Fu6LVqLJptM%2BUSRxGvQJqNIXqT5H6I2Q756DyI%2FDsCyjxC1l5uo4k3t9w2kCJYj67UlOo3hRajkFdAD%2F7VADfC%2BDTALE4qfAoitqh4DTsdDmvi7ZkLRFGtN2LaBS2OvB8hjdGlo7B9Rjc7iK1uxioMaz%2FCW6rgBMBXFaS4MNdDEWBXBLkjiCnBLkiyDOCfFgcCO1qrrgrtPMsOsu1s1wvJibr79EDk%2FVlQvbSU%2FLCbC%2FB0jcvYSBPKk1e7zSjendGRethV0pRb7FISt6qRW1O4VQB5c7NR91RJXll8yukqiTLr%2F0MRo%2Fg9BG4eh3UXwTNJ%2B1aCLo1aXRC7CT3Y9mnWiWDappDmAJptoxsO9jTp%2BTC%2FDz1S79B8uPLn7Fr5R%2F3%2FgK3BVJb4HP1iKCv70xumpzs3zS5Iz9spJmK1Q6dnW4zo5lc%2BvYDuZ0bK9auuvG9d%2FhMmJUPPpIuW6eJUEnfkftXlBDSrhrLJflxzX0i2Q3vtq54m%2Fh0%2Fca7q2txaqVzyiRTUFUS8vgYXJXkOZHPX%2BXL7haUncL6ArE%2FJmcBZY7A0124dMHvzBKsXnhYGiD3xcTW2OKnVgRaLnrKCrj%2F9GxR77k76NtXQbPbSOICQ1tgqAtQPYbzS5MstceXf63PA0wHE6ZtsM%2B01V8%2FW65TJ5V6KNpM9mSbyUaz0ZNcsGaThbzHWV10OhyZK%2FmFi3%2F%2FAwAA%2F%2F8BAAD%2F%2F00WlnBgBAAA
IP 209.192.156.116:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72uyEFwpdVGlOrhSkMl783vsolhrJJg2tVHsTu%2BvmVznvncf9747b5JVsCDdCOPW1ct3kobaIvoHWGRS6CIo9LkxC%2FM%2FiNCViMw0OHrgcc553%2B%2Fic865X%2B75UxLC05Or18yO0pquNKth5Y1bUXSpsq4SP6qMOq1PW41LFTt8u9uqhm9W3pd8YFZqYRSGURhVVpWVPTNamYlQ6YNuVO2G1UatGjUbGNn%2F984HcDSAGJ6SF6FEufwoOA%2FFp0ji769KN8hM%2BtZ7sdc0MxZDcfhxMkhMniBelD0boJccnrlh3JPVhzDJwRwXZvivkamSBI8fgiWHZ5Bgw%2F05J9OQCZh4HvlwCqmnUHQKbm5DiScE4ALXN5DEd68bm9PtZyqdqSVZfvonVF6S5d%2FPI4m%2Fu6LVqLJptM%2BUSRxGvQJqNIXqT5H6I2Q756DyI%2FDsCyjxC1l5uo4k3t9w2kCJYj67UlOo3hRajkFdAD%2F7VADfC%2BDTALE4qfAoitqh4DTsdDmvi7ZkLRFGtN2LaBS2OvB8hjdGlo7B9Rjc7iK1uxioMaz%2FCW6rgBMBXFaS4MNdDEWBXBLkjiCnBLkiyDOCfFgcCO1qrrgrtPMsOsu1s1wvJibr79EDk%2FVlQvbSU%2FLCbC%2FB0jcvYSBPKk1e7zSjendGRethV0pRb7FISt6qRW1O4VQB5c7NR91RJXll8yukqiTLr%2F0MRo%2Fg9BG4eh3UXwTNJ%2B1aCLo1aXRC7CT3Y9mnWiWDappDmAJptoxsO9jTp%2BTC%2FDz1S79B8uPLn7Fr5R%2F3%2FgK3BVJb4HP1iKCv70xumpzs3zS5Iz9spJmK1Q6dnW4zo5lc%2BvYDuZ0bK9auuvG9d%2FhMmJUPPpIuW6eJUEnfkftXlBDSrhrLJflxzX0i2Q3vtq54m%2Fh0%2Fca7q2txaqVzyiRTUFUS8vgYXJXkOZHPX%2BXL7haUncL6ArE%2FJmcBZY7A0124dMHvzBKsXnhYGiD3xcTW2OKnVgRaLnrKCrj%2F9GxR77k76NtXQbPbSOICQ1tgqAtQPYbzS5MstceXf63PA0wHE6ZtsM%2B01V8%2FW65TJ5V6KNpM9mSbyUaz0ZNcsGaThbzHWV10OhyZK%2FmFi3%2F%2FAwAA%2F%2F8BAAD%2F%2F00WlnBgBAAA HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3357656]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Sep 2022 22:41:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 298c96f62df294ac84d957fb6908e009
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/css/style.css
104.21.51.177200 OK 1.5 kB URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/css/style.css
IP 104.21.51.177:0
Hash 9c453aa60bd0ef60ff5b9ceb86ef235b
e809577f3c2303e007d30a04fc1ea2de9f48ca54
a12a107b388d39f2aaf14ba7be10830cf02103a99212f257c99ac5504ec39737
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/6/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:03 GMT
content-type: text/css
last-modified: Tue, 01 Feb 2022 12:18:40 GMT
etag: W/"61f92520-15b2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jokgdo4VrzC1gXZHY8qCa44kSqEEQyKCXGr7DLKPsP1PEt6sfiMH9c25oOA51b7jlNhjHRaNHP77ANUsFl%2Fg%2Bg94u2dzII1LS%2Byx7lxK5xeIyy6qk3ytYXwwDO6qg%2FhAaGs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f318bf7bb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/img/9.jpg
144.217.67.42200 OK 342 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/9.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 342 kB (341673 bytes)
Hash a3a888cf217de9be2aa727dd1cc64757
b7bd361dfdceecfc5775d0ed32e5798abd271d5e
2fd4025336ad8a5edd704651a216cf6b9739089ad1c204bd1ea8e114d11770b9
GET /starharem/01/s/img/9.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:03 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "536a9-5dc622e6fb276"
Accept-Ranges: bytes
Content-Length: 341673
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/11.jpg
144.217.67.42200 OK 403 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/11.jpg
IP 144.217.67.42:0
File type JPEG image data, baseline, precision 8, 1920x1080, components 3\012- data
Size 403 kB (402740 bytes)
Hash c10654a068f849e614885c983ac9ab02
8d69da78045560f1c2de7bafc47b2c8a12e86424
3a864743d27da3ef1cea10d293532f84f9d564a98b34afef2a8f4b380472dfc2
GET /starharem/01/s/img/11.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 22:41:03 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 09:18:06 GMT
ETag: "62534-5dc5d6c134c3d"
Accept-Ranges: bytes
Content-Length: 402740
Content-Type: image/jpeg
reapinject.com/pixel/sbs?c=1
209.192.156.116200 OK 0 B URL HTTP/1.1 reapinject.com/pixel/sbs?c=1
IP 209.192.156.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: u_pl=17013269; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c3851391068a309eed36b1eec6217ca=[3357656]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Sep 2022 22:41:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/fonts/SFUIText-Regular.woff
104.21.51.177200 OK 73 kB URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/fonts/SFUIText-Regular.woff
IP 104.21.51.177:0
File type Web Open Font Format, TrueType, length 72696, version 11.0\012- data
Hash 53d97caea7ef8a12beab745fcc5744e1
b8c70e4f67957e4f2cb809a58d84c773a3bde6d0
542772868e28df6d786b6f00f9dec929cba214d928cb013b32588485b46f8715
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/6/fonts/SFUIText-Regular.woff HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:03 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Mon, 22 Mar 2021 09:40:04 GMT
etag: "605865f4-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZDg38NTgVPbSf3PDGGV4q1e8UKIGFU4joz%2B25DsmZLLyNd%2Fwa0MZe1bWE9c0NFcH4NL4aYhKh4j7sz9R1qrrJ1%2F1w%2B3yQO5ac5PQDDsTQnEvFaxbIiiNfBbyBQLMp8LM%2F1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f31b79d0b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eehuzaih.com/impression/eM_sixCEWPTPTi2OwupuzwY5kthDEIV17_1S2zKypmDAmurXszOe8EKIMPyDRimZVpUoNXwOvhzs2eCzHrZIAzIHdL5s9AvS5f-vM6EvnOnho6zbq8yjKaFCCHP2TXh0P3870XHNaKA5dm914d57EE3L5UyjGEuW4RmCqAJ_DJ4T3jSzrOOPTo20YUQWYvs0Hi_Dyb6cH6NxoVy7ePkqEs9eJJZmrmnbN9KyTRMZQykPsi-iJkv_nBi38dtkjZTuhegFM0_1N6Ia5Lr5ZhijFgigPCa_H26rXUyw07ou4mGXkXVzjhZVH34cYZxvKmXj2UOQOTo7LuUZ3pdm-j3jTzUQCitC3vl5Ydi702zXPEHmSVgUnjNuZtXD1n9JLvd52N5clScVlEkE0otT9bFTZqtZ9fIhDqxaC0ccl_El7TcJqLaEBHlSPa674msNi47TKqqhdUnbZ-A_CtEsfH2jlC4eZc3TQ98c9wqCrHVAHNVNLmdYydd7CAte3D5dpXYAz_ZK6GrzIKfz_WA2Aye67nEn_hi21g7HZoUp-o3K8hL_4nJK3YHZ_naMqeola6Gn97AmegYjGrA4w1fFKyBN6wWVU4s=?_z=4943451&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 eehuzaih.com/impression/eM_sixCEWPTPTi2OwupuzwY5kthDEIV17_1S2zKypmDAmurXszOe8EKIMPyDRimZVpUoNXwOvhzs2eCzHrZIAzIHdL5s9AvS5f-vM6EvnOnho6zbq8yjKaFCCHP2TXh0P3870XHNaKA5dm914d57EE3L5UyjGEuW4RmCqAJ_DJ4T3jSzrOOPTo20YUQWYvs0Hi_Dyb6cH6NxoVy7ePkqEs9eJJZmrmnbN9KyTRMZQykPsi-iJkv_nBi38dtkjZTuhegFM0_1N6Ia5Lr5ZhijFgigPCa_H26rXUyw07ou4mGXkXVzjhZVH34cYZxvKmXj2UOQOTo7LuUZ3pdm-j3jTzUQCitC3vl5Ydi702zXPEHmSVgUnjNuZtXD1n9JLvd52N5clScVlEkE0otT9bFTZqtZ9fIhDqxaC0ccl_El7TcJqLaEBHlSPa674msNi47TKqqhdUnbZ-A_CtEsfH2jlC4eZc3TQ98c9wqCrHVAHNVNLmdYydd7CAte3D5dpXYAz_ZK6GrzIKfz_WA2Aye67nEn_hi21g7HZoUp-o3K8hL_4nJK3YHZ_naMqeola6Gn97AmegYjGrA4w1fFKyBN6wWVU4s=?_z=4943451&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/eM_sixCEWPTPTi2OwupuzwY5kthDEIV17_1S2zKypmDAmurXszOe8EKIMPyDRimZVpUoNXwOvhzs2eCzHrZIAzIHdL5s9AvS5f-vM6EvnOnho6zbq8yjKaFCCHP2TXh0P3870XHNaKA5dm914d57EE3L5UyjGEuW4RmCqAJ_DJ4T3jSzrOOPTo20YUQWYvs0Hi_Dyb6cH6NxoVy7ePkqEs9eJJZmrmnbN9KyTRMZQykPsi-iJkv_nBi38dtkjZTuhegFM0_1N6Ia5Lr5ZhijFgigPCa_H26rXUyw07ou4mGXkXVzjhZVH34cYZxvKmXj2UOQOTo7LuUZ3pdm-j3jTzUQCitC3vl5Ydi702zXPEHmSVgUnjNuZtXD1n9JLvd52N5clScVlEkE0otT9bFTZqtZ9fIhDqxaC0ccl_El7TcJqLaEBHlSPa674msNi47TKqqhdUnbZ-A_CtEsfH2jlC4eZc3TQ98c9wqCrHVAHNVNLmdYydd7CAte3D5dpXYAz_ZK6GrzIKfz_WA2Aye67nEn_hi21g7HZoUp-o3K8hL_4nJK3YHZ_naMqeola6Gn97AmegYjGrA4w1fFKyBN6wWVU4s=?_z=4943451&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:05 GMT
content-type: image/gif
content-length: 43
x-trace-id: 082db99f00a5a5d43bcddbdeb490664a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dozubatan.com/impression/qjfBK3n6sL1mZYkx1ud2V4NAhnGr8YmG2PPS8qWWW23IHzZ02KDWuP6Nu99J5BmwE5wyDS7H35__WbC9MxablnP1NH5oAfot9yA50puupSIdW5emH9LyUrTaSCZRonlgVcdkM7M2vd3io5Qxv6SxAi8AIbotKxI502jlHqJA5KyiVAJ-0B4eq7ABU5XH_saxjJ9fPjkh-YiTFWuFo3wZUuDKx5U1oXbrgIEDyhO8YkGdu6vlEp2BlJloIc7cepqWcaFwUQV74Y2MYf91WxSAEVi0qsiD5ugXn2prqjMpUBJrrurEJA_rTooLY0PMt3X-bYQ9XUMOnwrJJwvBttp9x6xLf12lYNWTQDIzf_KXLmjlFZPewDxXbEphAIuM7D4Raemhxr5i2boefBwuwhph--uvcNvM9qXHHKTWBdnLwJtoRCibDM10NkmWHsZiQl3TJTze1_RqBqaEEysaqzxEyAGyXQf6h7DPBbvKMsK4VVz2sNtuQmFA_omVLCa6ey_xiKtvggFf6toi-812gHAyhP1_-6VlWonNbXZ_afFCycf1j5z3P22nMYbAmPIpRolw3Fak2KdjtVnBTJOE0LvRR-8CapoE3XcfTvpe4nvN4o8ncBpr_HLmM41ifRAqGTMvX7MspIoFKPg5VxPfK7K2b8TLa5Wa6t__290UOyaDqVqrci0aEC7VhhCeJPzvGN5165nkXreHQpQ=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/qjfBK3n6sL1mZYkx1ud2V4NAhnGr8YmG2PPS8qWWW23IHzZ02KDWuP6Nu99J5BmwE5wyDS7H35__WbC9MxablnP1NH5oAfot9yA50puupSIdW5emH9LyUrTaSCZRonlgVcdkM7M2vd3io5Qxv6SxAi8AIbotKxI502jlHqJA5KyiVAJ-0B4eq7ABU5XH_saxjJ9fPjkh-YiTFWuFo3wZUuDKx5U1oXbrgIEDyhO8YkGdu6vlEp2BlJloIc7cepqWcaFwUQV74Y2MYf91WxSAEVi0qsiD5ugXn2prqjMpUBJrrurEJA_rTooLY0PMt3X-bYQ9XUMOnwrJJwvBttp9x6xLf12lYNWTQDIzf_KXLmjlFZPewDxXbEphAIuM7D4Raemhxr5i2boefBwuwhph--uvcNvM9qXHHKTWBdnLwJtoRCibDM10NkmWHsZiQl3TJTze1_RqBqaEEysaqzxEyAGyXQf6h7DPBbvKMsK4VVz2sNtuQmFA_omVLCa6ey_xiKtvggFf6toi-812gHAyhP1_-6VlWonNbXZ_afFCycf1j5z3P22nMYbAmPIpRolw3Fak2KdjtVnBTJOE0LvRR-8CapoE3XcfTvpe4nvN4o8ncBpr_HLmM41ifRAqGTMvX7MspIoFKPg5VxPfK7K2b8TLa5Wa6t__290UOyaDqVqrci0aEC7VhhCeJPzvGN5165nkXreHQpQ=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/qjfBK3n6sL1mZYkx1ud2V4NAhnGr8YmG2PPS8qWWW23IHzZ02KDWuP6Nu99J5BmwE5wyDS7H35__WbC9MxablnP1NH5oAfot9yA50puupSIdW5emH9LyUrTaSCZRonlgVcdkM7M2vd3io5Qxv6SxAi8AIbotKxI502jlHqJA5KyiVAJ-0B4eq7ABU5XH_saxjJ9fPjkh-YiTFWuFo3wZUuDKx5U1oXbrgIEDyhO8YkGdu6vlEp2BlJloIc7cepqWcaFwUQV74Y2MYf91WxSAEVi0qsiD5ugXn2prqjMpUBJrrurEJA_rTooLY0PMt3X-bYQ9XUMOnwrJJwvBttp9x6xLf12lYNWTQDIzf_KXLmjlFZPewDxXbEphAIuM7D4Raemhxr5i2boefBwuwhph--uvcNvM9qXHHKTWBdnLwJtoRCibDM10NkmWHsZiQl3TJTze1_RqBqaEEysaqzxEyAGyXQf6h7DPBbvKMsK4VVz2sNtuQmFA_omVLCa6ey_xiKtvggFf6toi-812gHAyhP1_-6VlWonNbXZ_afFCycf1j5z3P22nMYbAmPIpRolw3Fak2KdjtVnBTJOE0LvRR-8CapoE3XcfTvpe4nvN4o8ncBpr_HLmM41ifRAqGTMvX7MspIoFKPg5VxPfK7K2b8TLa5Wa6t__290UOyaDqVqrci0aEC7VhhCeJPzvGN5165nkXreHQpQ=?_z=4938388&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:05 GMT
content-type: image/gif
content-length: 43
x-trace-id: 7eb284e8abd2fd1d37f32eee041fbe29
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
glizauvo.net/impression/XZm7g5FfEiGYgDEtUp66DCeTuz0j0YzzZtDRFAFvld-x5y8IsiwrRNgSxRegIiwXSqNnnAN4l4x-5ioJb5-5aEQbeMDVPrzwiCkmPnD0GAYlV4hokyXdhn5bZaEi-D8SwtFBjPwVRtFijlCk6q0Pk2iM6NbF24jIRyYTkz_8P8LAW9CTM8tbB_3hD335tVT7lz8KqmK02Vw4qv4i17sTEYPWVlZYU-Dynkf9p1285NYJIj7MUGrBcMsYTLmDN-uP6cAn6RfL-QgHO4N1IZ0rUe2yN6uC6V503l94vymEs6xzrr-Qwa5KW5LPyWl_-lrscN3WenKe919SQqDSzzBSCFzftJO3MmURi6i-ESjipRiNLGzNctazeSpX6QILWl1bzGdbAuvZ_u0PIg7WmDaz9a6qwXqF1DRneTOG8wDkxqm7Xz4inA7H2n0HNmg0xCfVd12ACKvwFLFwUkvl-3UYkTFSJP4PQp69fNmV-RXLpz1rhn2UUPmpb8xVk1fONKCi7_9N9EZmmu8_rFekQjxpTx9dDptW2VGzT02U3J5D-RRLHkh_P9J9kRrlqP_pqXZX4FkJSjXgCimoN4yBAP42clfWlbE=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 43 B URL HTTP/2 glizauvo.net/impression/XZm7g5FfEiGYgDEtUp66DCeTuz0j0YzzZtDRFAFvld-x5y8IsiwrRNgSxRegIiwXSqNnnAN4l4x-5ioJb5-5aEQbeMDVPrzwiCkmPnD0GAYlV4hokyXdhn5bZaEi-D8SwtFBjPwVRtFijlCk6q0Pk2iM6NbF24jIRyYTkz_8P8LAW9CTM8tbB_3hD335tVT7lz8KqmK02Vw4qv4i17sTEYPWVlZYU-Dynkf9p1285NYJIj7MUGrBcMsYTLmDN-uP6cAn6RfL-QgHO4N1IZ0rUe2yN6uC6V503l94vymEs6xzrr-Qwa5KW5LPyWl_-lrscN3WenKe919SQqDSzzBSCFzftJO3MmURi6i-ESjipRiNLGzNctazeSpX6QILWl1bzGdbAuvZ_u0PIg7WmDaz9a6qwXqF1DRneTOG8wDkxqm7Xz4inA7H2n0HNmg0xCfVd12ACKvwFLFwUkvl-3UYkTFSJP4PQp69fNmV-RXLpz1rhn2UUPmpb8xVk1fONKCi7_9N9EZmmu8_rFekQjxpTx9dDptW2VGzT02U3J5D-RRLHkh_P9J9kRrlqP_pqXZX4FkJSjXgCimoN4yBAP42clfWlbE=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/XZm7g5FfEiGYgDEtUp66DCeTuz0j0YzzZtDRFAFvld-x5y8IsiwrRNgSxRegIiwXSqNnnAN4l4x-5ioJb5-5aEQbeMDVPrzwiCkmPnD0GAYlV4hokyXdhn5bZaEi-D8SwtFBjPwVRtFijlCk6q0Pk2iM6NbF24jIRyYTkz_8P8LAW9CTM8tbB_3hD335tVT7lz8KqmK02Vw4qv4i17sTEYPWVlZYU-Dynkf9p1285NYJIj7MUGrBcMsYTLmDN-uP6cAn6RfL-QgHO4N1IZ0rUe2yN6uC6V503l94vymEs6xzrr-Qwa5KW5LPyWl_-lrscN3WenKe919SQqDSzzBSCFzftJO3MmURi6i-ESjipRiNLGzNctazeSpX6QILWl1bzGdbAuvZ_u0PIg7WmDaz9a6qwXqF1DRneTOG8wDkxqm7Xz4inA7H2n0HNmg0xCfVd12ACKvwFLFwUkvl-3UYkTFSJP4PQp69fNmV-RXLpz1rhn2UUPmpb8xVk1fONKCi7_9N9EZmmu8_rFekQjxpTx9dDptW2VGzT02U3J5D-RRLHkh_P9J9kRrlqP_pqXZX4FkJSjXgCimoN4yBAP42clfWlbE=?_z=5293711&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:05 GMT
content-type: image/gif
content-length: 43
x-trace-id: af2b3d177b396394c43f37f6ecfd5fb6
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
oaphoace.net/impression/JvyZJRXKiRJn5ejaPyM153yJnH7oXYd9nIZX6WjHlUsyL5sSAsQQ097VIn4F8I_DFU7H2h2L_tfxF3b3bVp3FZcTqkPzFjx7xNGMoBpmBW_vvzUY8syoizyZKJYWSV0aQh6DZaZUldgHXilEP-cnoSBfwuBGGLBSeA7U2Z2s5WhJNxxAVeKnW-Jqya71Eusrg3SP6c5HajG099SyHfk8QDzH79zRAxXA-vcO32h_yp75cm9pEnVxpHiZ2frreJP9GHUWqmBxntotbv31ulkPrZUoDEwgiFHAtMKSsl-qKZrLeynW4c53CtMHM-G9VpUBQue3h2CdkiMtx50YdgHQw9bgbGIySum4AAKccUJ-4-8Es1SVKoRvhWxwLUErzlc16ePUFBFgR01PLpWUz5fTnu6q5NY_G_7k98t7xHHY4rmxaVGI3w0BJQ6opx_8Tafa5aFKh10Q3V0KTJwz57ZySYoobQQ6UoIdmqzC-6cPlskwrwQiW1kTXG1KRs_EuESS1h1dvLSWsIbU5xmWWTHsVh8LC6o94nQ4W8B3cTmiBRuhITRFWhWcV6QXJ7ZvCjm4J0lzszvUxhl62Rj9znnSyfLfYdA=?_z=5293715&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 oaphoace.net/impression/JvyZJRXKiRJn5ejaPyM153yJnH7oXYd9nIZX6WjHlUsyL5sSAsQQ097VIn4F8I_DFU7H2h2L_tfxF3b3bVp3FZcTqkPzFjx7xNGMoBpmBW_vvzUY8syoizyZKJYWSV0aQh6DZaZUldgHXilEP-cnoSBfwuBGGLBSeA7U2Z2s5WhJNxxAVeKnW-Jqya71Eusrg3SP6c5HajG099SyHfk8QDzH79zRAxXA-vcO32h_yp75cm9pEnVxpHiZ2frreJP9GHUWqmBxntotbv31ulkPrZUoDEwgiFHAtMKSsl-qKZrLeynW4c53CtMHM-G9VpUBQue3h2CdkiMtx50YdgHQw9bgbGIySum4AAKccUJ-4-8Es1SVKoRvhWxwLUErzlc16ePUFBFgR01PLpWUz5fTnu6q5NY_G_7k98t7xHHY4rmxaVGI3w0BJQ6opx_8Tafa5aFKh10Q3V0KTJwz57ZySYoobQQ6UoIdmqzC-6cPlskwrwQiW1kTXG1KRs_EuESS1h1dvLSWsIbU5xmWWTHsVh8LC6o94nQ4W8B3cTmiBRuhITRFWhWcV6QXJ7ZvCjm4J0lzszvUxhl62Rj9znnSyfLfYdA=?_z=5293715&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/JvyZJRXKiRJn5ejaPyM153yJnH7oXYd9nIZX6WjHlUsyL5sSAsQQ097VIn4F8I_DFU7H2h2L_tfxF3b3bVp3FZcTqkPzFjx7xNGMoBpmBW_vvzUY8syoizyZKJYWSV0aQh6DZaZUldgHXilEP-cnoSBfwuBGGLBSeA7U2Z2s5WhJNxxAVeKnW-Jqya71Eusrg3SP6c5HajG099SyHfk8QDzH79zRAxXA-vcO32h_yp75cm9pEnVxpHiZ2frreJP9GHUWqmBxntotbv31ulkPrZUoDEwgiFHAtMKSsl-qKZrLeynW4c53CtMHM-G9VpUBQue3h2CdkiMtx50YdgHQw9bgbGIySum4AAKccUJ-4-8Es1SVKoRvhWxwLUErzlc16ePUFBFgR01PLpWUz5fTnu6q5NY_G_7k98t7xHHY4rmxaVGI3w0BJQ6opx_8Tafa5aFKh10Q3V0KTJwz57ZySYoobQQ6UoIdmqzC-6cPlskwrwQiW1kTXG1KRs_EuESS1h1dvLSWsIbU5xmWWTHsVh8LC6o94nQ4W8B3cTmiBRuhITRFWhWcV6QXJ7ZvCjm4J0lzszvUxhl62Rj9znnSyfLfYdA=?_z=5293715&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:05 GMT
content-type: image/gif
content-length: 43
x-trace-id: ec2b460cf1d76c1efa263aeda0526639
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 11218
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dozubatan.com/500/4938388?excludes=14745758&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4938388?excludes=14745758&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4938388?excludes=14745758&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:06 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
iclickcdn.com/tag.min.js
172.67.75.9200 OK 0 B IP 172.67.75.9:0
GET /tag.min.js HTTP/1.1
Host: iclickcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: c8eb67018dec64effb575b3784c9fe8e
cache-control: max-age=86400
last-modified: Tue, 06 Sep 2022 12:26:58 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 08 Sep 2022 00:08:03 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81174
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PADjKiS2XaZeC8CKe2jDNO7h%2FpgrYCsZ9ue1%2Bi%2BqrYeTDWi0%2F5SltYDkRSmvwC4ltud2et%2BAddxdVXLJr90XUbXNNmkshy8uGCksUmmpcfv1v4HnPnGQY%2FISBr9rgtU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f30a48bd0afa-OSL
content-encoding: br
X-Firefox-Spdy: h2
ad.a-ads.com/1959918?size=320x100
213.239.209.209200 OK 0 B URL HTTP/2 ad.a-ads.com/1959918?size=320x100
IP 213.239.209.209:0
ASN #24940 Hetzner Online GmbH
GET /1959918?size=320x100 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megalink.pw/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/4938388?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4938388?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/4938388?excludes=&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=aeb39c1435b643bc956f8b58bad3acea
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/javascript
x-trace-id: 4c8b26d01842b2735140832c36c4fdac
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e; expires=Thu, 07 Sep 2023 22:41:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/img/close.svg
104.21.51.177200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/6/img/close.svg
IP 104.21.51.177:0
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/6/img/close.svg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:02 GMT
content-type: image/svg+xml
last-modified: Mon, 22 Mar 2021 09:40:04 GMT
etag: W/"605865f4-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3069318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3grjCgMfC6KCO5aFMCLvj3v87jCiEgwmyEuASt9sMVBmDAc0HU%2B8vvAwLi9ku0FWI1Qv1FnyZibn6NDbE0JuBOGct%2FsHh%2FQUkC4%2BHxPlEq%2FzSlJOTzjxsSZIR2y%2BXJbJyaU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f318effbb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/tag.min.js?z=4938390
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/tag.min.js?z=4938390
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=4938390 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-3a38"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/400/4938388
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/4938388
IP 139.45.197.237:0
GET /400/4938388 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/javascript
x-trace-id: 1d8772fa2c55a2cf0eb8193d250ddf4a
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7a76a53d28d345d481ff67379099a1d7; expires=Thu, 07 Sep 2023 22:41:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
megalink.pw/07xhsn
104.21.85.98404 Not Found 0 B IP 104.21.85.98:0
Analyzer Verdict Alert fortinet Malware
GET /07xhsn HTTP/1.1
Host: megalink.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
date: Wed, 07 Sep 2022 22:40:59 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
set-cookie: AppSession=1e4707438b2d5cfbb2c128b8fcc99dcb; path=/; HttpOnly; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4bTBNBDN4WJQn4BYiKAXzCMuEA8uhB580%2BbYd43536tPYGnOrKdkR%2Bhy9G3elQSTcx65d9NzhmJQvf9%2Bn0BhCO7ZrtdcV1mJeoFSDCm33r2Yn6RQNZqZ4Dv3RS8vvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7472f2ff2a4cb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oaphoace.net/401/5293715
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5293715 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: application/javascript
x-trace-id: 019c0fd6099a1d605fd3500c27a712e5
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=bc75e24c06e74df28dcf076010ada916; expires=Thu, 07 Sep 2023 22:41:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
104.21.234.233200 OK 0 B URL HTTP/2 creepingbrings.com/sfp.js
IP 104.21.234.233:0
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b4d16b7d1debfab45891cbc98f676001
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Sep 2022 22:41:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sOC1YW0Od9WCOMofUgEKahJmzakD851TaZfJ3m5h1q5Bh4PeceuhmqFJwu51oWpbZKRIw1Jv0%2BWKhP8jE0Aw%2BLiZxoIK3onnDu%2BbBnCv9mPbxEFHF0w9DGZhOr8G3LXQa%2Fe9fho%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f30a9c4b769e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eehuzaih.com/401/4943451
139.45.197.237200 OK 0 B IP 139.45.197.237:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4943451 HTTP/1.1
Host: eehuzaih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: application/javascript
x-trace-id: 2c54c96be00f26521125856ad3c07552
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=661f2b4266ea4bd68a3de7dc301714b7; expires=Thu, 07 Sep 2023 22:41:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.205.240200 OK 0 B IP 172.67.205.240:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 19:39:20 GMT
etag: W/"6318f368-7f73"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hD%2Fc7aR9aPvMcO0pVlQmsRv2mxuCsV3RslfhZg1x6aEpg%2FSxIhwSXxt15XDbxlEZoAv2K7Js%2F4ve%2Fc51E5EMV5ug%2FkpbpD%2FuTJjXYmhIG%2BzRbEkGxo12rr%2FJ615T4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7472f30c0a53b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ad.a-ads.com/1959918?size=320x100
213.239.209.209200 OK 0 B URL HTTP/2 ad.a-ads.com/1959918?size=320x100
IP 213.239.209.209:0
ASN #24940 Hetzner Online GmbH
GET /1959918?size=320x100 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megalink.pw/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=4938389
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/1?z=4938389
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=4938389 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2dc87bcabb922d28dd64660fbcc18096
access-control-expose-headers: X-Sc
x-sc: RkLNLou4Ea6C7itKzUFmUss6yXHZleIIHRSoJQgr9yYA_nSy-mR8IdPdhqfOnWcYmh8cZfD9PoWKVOsP40ryDPRUdBk=
set-cookie: scm=1; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
OAID=23c3db7b68894e7f9115ee795a846212; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
oaidts=1662590461; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fee4df9794bc4f3589ba9a1c50db943e
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fee4df9794bc4f3589ba9a1c50db943e
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=4938389&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fee4df9794bc4f3589ba9a1c50db943e HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 48
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: scm=1; OAID=1b1381b8cdf249fd8d76f03dca2630c6; oaidts=1662590461
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://megalink.pw
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c35d0a7516d3df09deffa98fdc8d3897
access-control-expose-headers: X-Sc
set-cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
oaidts=1662590461; expires=Thu, 07 Sep 2023 22:41:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
redrotou.net/pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js
139.45.197.251200 OK 0 B URL HTTP/2 redrotou.net/pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js
IP 139.45.197.251:0
GET /pfe/current/micro.tag.min.js?z=5090892&sw=/sw-check-permissions-b9e04.js HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:00 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-1a29e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/universal.min.js?v=3.1.392
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.392
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.392 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megalink.pw/
Origin: https://megalink.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-20481"
access-control-allow-origin: https://megalink.pw
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/4938388?excludes=14745758&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4938388?excludes=14745758&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/4938388?excludes=14745758&oaid=fee4df9794bc4f3589ba9a1c50db943e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fmegalink.pw%2F07xhsn&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megalink.pw
Connection: keep-alive
Referer: https://megalink.pw/
Cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:06 GMT
content-type: application/javascript
x-trace-id: 3aa02b4418c30356d9c5f2cd46ab8b3f
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://megalink.pw
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fee4df9794bc4f3589ba9a1c50db943e; expires=Thu, 07 Sep 2023 22:41:06 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/400/4938388
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/4938388
IP 139.45.197.237:0
GET /400/4938388 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megalink.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 22:41:01 GMT
content-type: application/javascript
x-trace-id: 9a50ddce58489975242c301c59e14eae
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=aeb39c1435b643bc956f8b58bad3acea; expires=Thu, 07 Sep 2023 22:41:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2