Report - megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip

Report Overview

Submitted URL
megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
IP
138.201.48.112
ASN
#24940 Hetzner Online GmbH
Submitted
2022-10-07 02:32:50
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.43.46.140
tovanillitechan.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	21 kB	139.45.197.239
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	824 B	172.64.205.17
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.6 kB	12 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	54.230.111.65
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	795 B	20 kB	104.17.25.14
onmarshtompor.com	24517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	975 B	2.6 kB	139.45.197.243
dozubatan.com	33479	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.6 kB	14 kB	139.45.197.237
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	37 kB	34.120.237.76
unpkg.com	11693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	2.3 kB	104.16.122.175
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
offerimage.com	304078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	820 B	26 kB	104.22.32.172
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	84 kB	139.45.197.153
iclickcdn.com	45415	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	1.0 kB	172.67.75.9
megafile.cc	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	557 kB	138.201.48.112
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	104.18.32.68
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	740 B	139.45.195.8
pseepsie.com	132332	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	172 kB	139.45.197.250
fleraprt.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	468 B	479 B	139.45.195.254
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	2.1 kB	139.45.197.236
bedrapiona.com	34930	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399 B	1.1 kB	139.45.197.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-07	medium	megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip	Malware
2022-10-07	medium	pseepsie.com/custom	Malware
2022-10-07	medium	pseepsie.com/custom	Malware
2022-10-07	medium	megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-06	medium	tovanillitechan.com	Sinkholed
2022-10-06	medium	tovanillitechan.com	Sinkholed
2022-10-06	medium	tovanillitechan.com	Sinkholed
2022-10-06	medium	fleraprt.com	Sinkholed
2022-10-06	medium	unphionetor.com	Sinkholed
2022-10-06	medium	unphionetor.com	Sinkholed
2022-10-06	medium	tovanillitechan.com	Sinkholed
2022-10-06	medium	unphionetor.com	Sinkholed
2022-10-06	medium	tovanillitechan.com	Sinkholed

JavaScript (27)

	URL	Size	First Seen	Last Seen
	http:text/javascript,window.pagespeed.psatemp%3D0%3B	27 B	2023-03-07	2024-04-04
Pretty URL http:text/javascript,window.pagespeed.psatemp%3D0%3B IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-04 06:40:42 Times Seen258 Hash f86030401d659579ca9f2dca91d7d691 bc05f88ca4d9dce8d78d6d39a3eed592ed714998 6d190c985949e8a0962ca2cede3c214de8085dc9d11c726af6c00c1ae5bb7ba9 Loading...

	http:text/javascript,document.write(new%20Date().getFullYear())	40 B	2023-03-07	2024-04-25
Pretty URL http:text/javascript,document.write(new%20Date().getFullYear()) IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:07 Last Seen2024-04-25 04:04:00 Times Seen4691 Hash 6bd43cf0ae158526c6ab93dc3be79f28 15c289e342bd3fdf5b1e95f7abf25a2bc78bf357 7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38 Loading...

	unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js	7.4 kB	2023-03-07	2024-02-08
Pretty URL unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js IP 104.16.122.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-02-08 07:46:02 Times Seen604 Hash 6170d2a086cb1d5769c6fd1f76edf99b d61c541caceb4e5deb35d8642702b89091a8bb42 6fc678b64782a17a266b5675e195be5956efd7513fd228143901b427983df928 Loading...

	tovanillitechan.com/42/38?z=4250688	0 B	2023-03-07	2024-04-25
Pretty URL tovanillitechan.com/42/38?z=4250688 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 05:55:46 Times Seen37055699 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unphionetor.com/fv.js?t=72747&cb=1238288186	5.2 kB	2023-03-07	2024-04-24
Pretty URL unphionetor.com/fv.js?t=72747&cb=1238288186 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-24 01:48:23 Times Seen2355 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip	103 B	2023-03-08	2023-03-08
Pretty URL megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:58:51 Last Seen2023-03-08 07:58:51 Times Seen1 Hash e5e9508c811498439eaba5ffdbab057f 7ccc434c6b8ed660462ef5de2e925fc28b3bafe3 29a5e25b4d01d88708f315c6870e94875e2e5b5edbbb684a55c1a240312d9b6e Loading...

	megafile.cc/js/sw.js	5.0 kB	2023-03-08	2023-03-11
Pretty URL megafile.cc/js/sw.js IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:30:56 Last Seen2023-03-11 15:01:04 Times Seen1 Hash 8ab70cb38c048a680e9f1f2936c37543 1b137d46d2bf9dd94394ffbb4a19e14444c78428 0afe4d9ec494e489a46aab165c2d6a9ce415b4cc23514cd97f406b05923dcd4b Loading...

	http:text/javascript,(function(s%2Cu%2Cz%2Cp)%7Bs.src%3Du%2Cs.setAttribute('data-zone'%2Cz)%2Cp.appendChild(s)%3B%7D)(document.createElement('script')%2C'https%3A%2F%2Ficlickcdn.com%2Ftag.min.js'%2C4250690%2Cdocument.body%7C%7Cdocument.documentElement)	193 B	2023-03-07	2023-06-27
Pretty URL http:text/javascript,(function(s%2Cu%2Cz%2Cp)%7Bs.src%3Du%2Cs.setAttribute('data-zone'%2Cz)%2Cp.appendChild(s)%3B%7D)(document.createElement('script')%2C'https%3A%2F%2Ficlickcdn.com%2Ftag.min.js'%2C4250690%2Cdocument.body%7C%7Cdocument.documentElement) IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:25:39 Last Seen2023-06-27 15:25:24 Times Seen7 Hash c092bf52889e0079ec60a2528584cb55 5c22cdd0d2d1415cd556081059732cc539b9615f b14e51a0b832914deed2152dbba7972822426ef5d05866fe24e0e8205946391f Loading...

	megafile.cc/js/site.js	6.5 kB	2023-03-07	2023-12-13
Pretty URL megafile.cc/js/site.js IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-12-13 20:16:01 Times Seen190 Hash 643fea0198e4fb9e271ddd811cf34f68 0d8277c1cde619b82a6867bc17cfdbbcd6674a46 f68f8db8d8fe95d02e60e2f4f97c74e4eb521d845cee1c7d53bec6159dc92ad5 Loading...

	dozubatan.com/400/4250687	82 kB	2023-03-08	2023-03-08
Pretty URL dozubatan.com/400/4250687 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:58:51 Last Seen2023-03-08 07:58:51 Times Seen1 Hash fff8db2cdd72e5a0dad424503ed82799 129e71cd03144081acfcd91f238ef1f7dda4ed5e 38494dc33911bdd292a63c745055e1cc4b36f8a34e5ac509042922fece800d8d Loading...

	tovanillitechan.com/1?z=4250688	8.7 kB	2023-03-08	2023-03-08
Pretty URL tovanillitechan.com/1?z=4250688 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:58:51 Last Seen2023-03-08 07:58:51 Times Seen1 Hash e4b45122cda6c99b6e383204817d4666 b9912b5f581f1b66f8967a611ceb5515f62c4787 60ea79775e093e1229d7d02a1639011262b9993446b5f1efff8567a874ae5d66 Loading...

	tzegilo.com/stattag.js	33 kB	2023-03-07	2023-03-17
Pretty URL tzegilo.com/stattag.js IP 172.64.205.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:13:21 Last Seen2023-03-17 12:47:57 Times Seen1 Hash df875929410d71d763e9fa10b830bb2a b0711a8d2bf6ad4ffa4640534588b423f2ef7fec 0be796b658c6cee0d55aa164994d0d83f9ec7aa7ecf1eb41c1ddf208bba9e3b1 Loading...

	megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip	102 kB	2023-03-08	2023-03-08
Pretty URL megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:31:55 Last Seen2023-03-08 13:48:56 Times Seen1 Hash d81397a5e000f17e2180d15b6520afb9 5613fa45aac39504cc6b2ba8a7c58417213e2bea bcbf8a19405ef6b4067be320a1a8ccbd4bd15efdd83705cd708e4c2ba0915d04 Loading...

	tovanillitechan.com/27/8895279539f8e7258627d3f113c8e00a	376 kB	2023-03-08	2023-03-08
Pretty URL tovanillitechan.com/27/8895279539f8e7258627d3f113c8e00a IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:17:10 Last Seen2023-03-08 12:45:55 Times Seen1 Hash cce4a0f0b9c805fb9dc66830a643d4e7 74fde84c8211861f7b58881418c7a1b15957eb36 ffdf868a37167c65b9776cad0ab0015866b822532e43c9155afa48740109bf92 Loading...

	cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js	118 kB	2023-03-07	2024-04-21
Pretty URL cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-21 00:54:15 Times Seen1058 Hash 516f35ea42aa797b3b106a8f108edb88 9b1313b221c5d59835c31da0327f4273a2647174 9677264de392aeedd3b391fe53578415c87835405d14068380f9bf3970a48286 Loading...

	iclickcdn.com/tag.min.js	72 kB	2023-03-08	2023-03-08
Pretty URL iclickcdn.com/tag.min.js IP 172.67.75.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:22:17 Last Seen2023-03-08 08:51:36 Times Seen1 Hash f3f2f653a80990829a0fb0815f2d256f b64af7b038440fc91abaf420dc1c358dc444e1e3 80cba9ab122210d254d35a009bcf3d0deea04e7c869e569205cb4665d4eec4ec Loading...

	http:text/javascript,let%20mode%3D'light'%3Blet%20theme%3DlocalStorage.getItem(%22theme%22)%3Bif(theme%3D%3Dnull)%7Bif(mode%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7D%7Delse%7Bif(theme%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7Delse%7B%24('.theme').removeClass('dark')%3B%7D%7D	213 B	2023-03-07	2023-08-29
Pretty URL http:text/javascript,let%20mode%3D'light'%3Blet%20theme%3DlocalStorage.getItem(%22theme%22)%3Bif(theme%3D%3Dnull)%7Bif(mode%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7D%7Delse%7Bif(theme%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7Delse%7B%24('.theme').removeClass('dark')%3B%7D%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-08-29 21:14:02 Times Seen131 Hash ccea0e1846102f4f1ed17644f6c6baa6 e43c87b583bef9f3e325ab7bf9ccf4a1f80bc35a e84714cb230edad68ac36e473976e94ca40d378d53fc1b7b539c03879f7ab887 Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js	19 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-24 18:19:29 Times Seen2343 Hash 541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd Loading...

	cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js	59 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-24 18:19:29 Times Seen3272 Hash 259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce Loading...

	cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js	11 kB	2023-03-07	2024-04-21
Pretty URL cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:42 Last Seen2024-04-21 00:54:15 Times Seen706 Hash 27784b7376dd992368c71b6c5559f358 f86d2ac408c4de0d5281cf91d6ddfb93e5e5d2ff 11be927cda59c8b6019ebbea838285c5beaf21183ea4b83dbd4e4fbf9413ce4a Loading...

	interstitial-07.com/?l=cJn1yDWhtv1vRuI&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D2244573049%26z%3D4250688%26b%3D14566425%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DUYrXuwbe_gWMEM7oPahFHOLTo-lLha2HkCFTDwhU0ZDfs79xqFDnt1Y7ZZlb2paNWtHrdhMyIMtK3uxl0gCobSJpZ8fw2qlLssqt9avKX5NJqvvxMdHffaKpK1c1pKtHcZ2GlcWPAittcOmSiY6c9I4yfpv2J8r5MWohvm5puiVt6xRPHHaOFIIDsStbnGQh565vykUdGItM6x76qXmtRuBqJ8c6G_pLYx7DsAMxfcwe9TmsDiKGME_i45y8xGQeeXX53oO4Wz3KW_AQ1EmtcqoF7rH4vD4Wn1VUaeeJ08kYnJwfNXK7XzlcUnvqeKnAUsx0s6xKiPSTB7rK2SSMJbB80JSHLNgyJO7YdZZXzpz05-PhG2qm5FzYatjv2-5tkR5RoUpMTZW9v_bDyiUSd4Ef7BEghzi3E6tGr__MALnfMYFuSpAvIyMeid2zTut53HUc-uw-IKv0bO4BZvw53pOrOfNqzDBRbzssXCLuvrnRME3RO9xBPUQoU1edM2O_aYwTSLVzL_LGOAtVB_O0uMZuWhMAGswaUPCnZOxMCMDs8Xpt7uUNsA312q5e7fBv5z-herbC3twN60ivZ_g4cf0rsroX5Km8wS5BGmV9ehkUh9dQfbvPYgtOQWhD9PHq0B1G286QxsdKk6Ut%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D794b63af-cd8f-4389-8a26-4e058512ed09%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmegafile.cc%252Fdont-hotlink%252Fb127e6f6-21f1-496b-8425-860f2f88f624.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.4 kB	2023-03-08	2023-03-08
Pretty URL interstitial-07.com/?l=cJn1yDWhtv1vRuI&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D2244573049%26z%3D4250688%26b%3D14566425%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DUYrXuwbe_gWMEM7oPahFHOLTo-lLha2HkCFTDwhU0ZDfs79xqFDnt1Y7ZZlb2paNWtHrdhMyIMtK3uxl0gCobSJpZ8fw2qlLssqt9avKX5NJqvvxMdHffaKpK1c1pKtHcZ2GlcWPAittcOmSiY6c9I4yfpv2J8r5MWohvm5puiVt6xRPHHaOFIIDsStbnGQh565vykUdGItM6x76qXmtRuBqJ8c6G_pLYx7DsAMxfcwe9TmsDiKGME_i45y8xGQeeXX53oO4Wz3KW_AQ1EmtcqoF7rH4vD4Wn1VUaeeJ08kYnJwfNXK7XzlcUnvqeKnAUsx0s6xKiPSTB7rK2SSMJbB80JSHLNgyJO7YdZZXzpz05-PhG2qm5FzYatjv2-5tkR5RoUpMTZW9v_bDyiUSd4Ef7BEghzi3E6tGr__MALnfMYFuSpAvIyMeid2zTut53HUc-uw-IKv0bO4BZvw53pOrOfNqzDBRbzssXCLuvrnRME3RO9xBPUQoU1edM2O_aYwTSLVzL_LGOAtVB_O0uMZuWhMAGswaUPCnZOxMCMDs8Xpt7uUNsA312q5e7fBv5z-herbC3twN60ivZ_g4cf0rsroX5Km8wS5BGmV9ehkUh9dQfbvPYgtOQWhD9PHq0B1G286QxsdKk6Ut%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D794b63af-cd8f-4389-8a26-4e058512ed09%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmegafile.cc%252Fdont-hotlink%252Fb127e6f6-21f1-496b-8425-860f2f88f624.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:58:51 Last Seen2023-03-08 07:58:51 Times Seen1 Hash 501ae5e94aeda1a74c9221393b0d0bb1 9ed43c919dc1cd0d5d0ebba4a7d57af746a59f86 68b262bf3ae78037a3e9d1a94c4b1882f60a294d80b2fd2af8f677a4566c64e8 Loading...

	megafile.cc/pagespeed_static/js_defer.I4cHjq6EEP.js	12 kB	2023-03-07	2024-04-04
Pretty URL megafile.cc/pagespeed_static/js_defer.I4cHjq6EEP.js IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-04 06:40:42 Times Seen473 Hash 2387078eae8410f7e540e3866bcb2fda 324d38dcb7f7bcb16b355b6afdbbc87bd089422d 59dbda86041a5f394b83391ffe0b939341aabb817fa60a6ea78c80f5835596b5 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-25 05:53:07 Times Seen261106 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js	6.8 kB	2023-03-07	2023-03-17
Pretty URL unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js IP 104.16.122.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-03-17 12:45:31 Times Seen1 Hash 504ad616f6fd714ea19cb18c5f002ec0 51fa2aebcca15418f3deb887e700062570f8d295 3f530043897758190014c6b777195dad6846a4f579ff416cf24829b5c702f33b Loading...

	pseepsie.com/pfe/current/tag.min.js?z=4250689	15 kB	2023-03-08	2023-03-08
Pretty URL pseepsie.com/pfe/current/tag.min.js?z=4250689 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:31:55 Last Seen2023-03-08 13:48:56 Times Seen1 Hash 545d28a9a21c095f1433971c9ed69bb4 680c5b3b704ecbd02620b93adff1fbfd89ae8ae3 c8a0fb0320831047a2276f2759bd6650de39079719e9f0486329532239236d3a Loading...

		Size	First Seen	Last Seen
	#1 Eval - 56cec86d2062369c1181696d8e57079d	42 B	2023-03-07	2023-12-17
Pretty Observations First Seen2023-03-07 01:23:52 Last Seen2023-12-17 23:38:32 Times Seen150 Hash 56cec86d2062369c1181696d8e57079d a829bc3ec7acab468fc649127853881751b2e61d 2477b814b8ad1a91f87132c07e73e884d9448987538b5be15f5292327cbbca6f Loading...

	#2 Eval - d50013535e5100700eb04f886dc445bb	80 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 07:58:51 Last Seen2023-03-08 07:58:51 Times Seen1 Hash d50013535e5100700eb04f886dc445bb 90c41ff562d1d7a02835936b3e94ab36d02b5ab4 d40ff3bc38fc83cf4eaf0af0e6407a4d70aa6a9f9138d49d03a9629734554df4 Loading...

HTTP Transactions (71)

URL IP Response Size

megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip

138.201.48.112

301 Moved Permanently

162 B

URL HTTP/1.1
megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 07 Oct 2022 02:32:38 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16306
Expires: Fri, 07 Oct 2022 07:04:24 GMT
Date: Fri, 07 Oct 2022 02:32:38 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

54.230.111.65

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
54.230.111.65:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YrDiIh75BRWRrc0OmuoJlnITjRcT3MsR2WTK5fYLa4FSGh2D8Fnn8A==
Age: 125120

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ab7d8709d334de0e46dcb86aabfbff1
f221138a8ad9d0bfa3c054370dcdb363a67dc310
b91d37f606eaf448b9c7dfc05566a11de004ce44503409e1a776288ee2622805

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B91D37F606EAF448B9C7DFC05566A11DE004CE44503409E1A776288EE2622805"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12153
Expires: Fri, 07 Oct 2022 05:55:11 GMT
Date: Fri, 07 Oct 2022 02:32:38 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: SiPBzeF/kweS0YI2pTnX4x+13+l8OVXI/HGxLmDdAgS5mMI2xHl72bnRqaLIRnjLdA8RQU942MA=
x-amz-request-id: B4TJYBSSHENEQX99
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 07 Oct 2022 01:58:59 GMT
age: 2019
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

megafile.cc/css/theme.min.css

138.201.48.112

200 OK

75 kB

URL HTTP/2
megafile.cc/css/theme.min.css
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
75 kB (74660 bytes)
Hash
f007a5fedaae8c4b6b09ad257e793705
5dfb33189703b79058a8c8b0fe80ef45efd156dc
cc19d724d6299bd2c720e998d4953ee46a2486dbea6c52d8d0eac2b0050cd8a1

HTTP Headers

GET /css/theme.min.css HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
Cookie: XSRF-TOKEN=eyJpdiI6InV3ZUhDVzFKQTRwK3drRGFZbUFmZXc9PSIsInZhbHVlIjoicGpobStsN3Y5VnFxcmFsQm85OE1uZkZWSmxyWkpFeHhONloxdHY0TUJLMVliN3BQSmFFb1RnRmZ3ZDhFZUxxMkJYNWRjUkFFVk1uV3dXL09oemkrUDRmZWdFckpLemUvcGdzYzA1dE1la29meUgvc0hWVjNZYTQrSzQrQU1nbk4iLCJtYWMiOiIxOTdhOTEyMmI2N2E3ZDIyYWQ4MTY4ODc0OGMxMDE4NWMwNWI2NGI0ZmU2MTc3NzJkMzg5NTA5ZWRjMzE2MmEyIiwidGFnIjoiIn0%3D; megafile_session=eyJpdiI6IkpPRldPemUrV3pVOFlac3AxVUZGSnc9PSIsInZhbHVlIjoiOER3ejJjQXhDcFFoMEhoZnFIMFR0NnZjM1FXK3F2c0VGd2lZQy9YT2swVUpka3R2SkNJREJMQ0U0cFZtNDlQNWZIZm4xVVZhODIxNzNMYVVDZHNrK1pqY0oyRVRkN0Nya1pmMFBqMERlOUU5dXQ1am5yZStsenZjT0t0ZHBITkIiLCJtYWMiOiJkNmYzOTVmNzQzYTFlOWQ1MmY3NzE1ZDIzYjdiMThmMTBmYTdkZGEzNjcwMDBhOWNkODgwNDVjNTFjYTE0ZDA3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/css
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-original-content-length: 598523
vary: Accept-Encoding
content-encoding: gzip
content-length: 74660
etag: W/"PSA-aj-KFkkUdcMAX"
date: Fri, 07 Oct 2022 02:32:39 GMT
expires: Sun, 03 Oct 2032 22:11:45 GMT
cache-control: max-age=315344345
X-Firefox-Spdy: h2

megafile.cc/img/logo-mega-info.webp

138.201.48.112

200 OK

48 kB

URL HTTP/2
megafile.cc/img/logo-mega-info.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
48 kB (47744 bytes)
Hash
24b5e70e71e83c8c562ac2d40374fea0
b6679e95ff055f03b9f3cd01b42266e75e491447
fa36bc0ece4ea1b26647c9f1ec5f22558d000e32549edfbba2089e866f83ae72

HTTP Headers

GET /img/logo-mega-info.webp HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
Cookie: XSRF-TOKEN=eyJpdiI6InV3ZUhDVzFKQTRwK3drRGFZbUFmZXc9PSIsInZhbHVlIjoicGpobStsN3Y5VnFxcmFsQm85OE1uZkZWSmxyWkpFeHhONloxdHY0TUJLMVliN3BQSmFFb1RnRmZ3ZDhFZUxxMkJYNWRjUkFFVk1uV3dXL09oemkrUDRmZWdFckpLemUvcGdzYzA1dE1la29meUgvc0hWVjNZYTQrSzQrQU1nbk4iLCJtYWMiOiIxOTdhOTEyMmI2N2E3ZDIyYWQ4MTY4ODc0OGMxMDE4NWMwNWI2NGI0ZmU2MTc3NzJkMzg5NTA5ZWRjMzE2MmEyIiwidGFnIjoiIn0%3D; megafile_session=eyJpdiI6IkpPRldPemUrV3pVOFlac3AxVUZGSnc9PSIsInZhbHVlIjoiOER3ejJjQXhDcFFoMEhoZnFIMFR0NnZjM1FXK3F2c0VGd2lZQy9YT2swVUpka3R2SkNJREJMQ0U0cFZtNDlQNWZIZm4xVVZhODIxNzNMYVVDZHNrK1pqY0oyRVRkN0Nya1pmMFBqMERlOUU5dXQ1am5yZStsenZjT0t0ZHBITkIiLCJtYWMiOiJkNmYzOTVmNzQzYTFlOWQ1MmY3NzE1ZDIzYjdiMThmMTBmYTdkZGEzNjcwMDBhOWNkODgwNDVjNTFjYTE0ZDA3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 47744
etag: "629bc4a3-ba80"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
date: Fri, 07 Oct 2022 02:32:37 GMT
expires: Fri, 07 Oct 2022 02:37:37 GMT
cache-control: s-maxage=10
X-Firefox-Spdy: h2

megafile.cc/img/main/footer.webp

138.201.48.112

200 OK

243 kB

URL HTTP/2
megafile.cc/img/main/footer.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
243 kB (243166 bytes)
Hash
49fd922b97901a44010fad28a7a0cc64
253a5c0e3063b4c30fffaeb114ffd18b6cc10187
538f51f2ee8976117cb2791163a6baa5d5e029f2a05b902464707c317fc29f6c

HTTP Headers

GET /img/main/footer.webp HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
Cookie: XSRF-TOKEN=eyJpdiI6InV3ZUhDVzFKQTRwK3drRGFZbUFmZXc9PSIsInZhbHVlIjoicGpobStsN3Y5VnFxcmFsQm85OE1uZkZWSmxyWkpFeHhONloxdHY0TUJLMVliN3BQSmFFb1RnRmZ3ZDhFZUxxMkJYNWRjUkFFVk1uV3dXL09oemkrUDRmZWdFckpLemUvcGdzYzA1dE1la29meUgvc0hWVjNZYTQrSzQrQU1nbk4iLCJtYWMiOiIxOTdhOTEyMmI2N2E3ZDIyYWQ4MTY4ODc0OGMxMDE4NWMwNWI2NGI0ZmU2MTc3NzJkMzg5NTA5ZWRjMzE2MmEyIiwidGFnIjoiIn0%3D; megafile_session=eyJpdiI6IkpPRldPemUrV3pVOFlac3AxVUZGSnc9PSIsInZhbHVlIjoiOER3ejJjQXhDcFFoMEhoZnFIMFR0NnZjM1FXK3F2c0VGd2lZQy9YT2swVUpka3R2SkNJREJMQ0U0cFZtNDlQNWZIZm4xVVZhODIxNzNMYVVDZHNrK1pqY0oyRVRkN0Nya1pmMFBqMERlOUU5dXQ1am5yZStsenZjT0t0ZHBITkIiLCJtYWMiOiJkNmYzOTVmNzQzYTFlOWQ1MmY3NzE1ZDIzYjdiMThmMTBmYTdkZGEzNjcwMDBhOWNkODgwNDVjNTFjYTE0ZDA3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 243166
etag: "629bc970-3b5de"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
date: Fri, 07 Oct 2022 02:32:38 GMT
expires: Fri, 07 Oct 2022 02:37:38 GMT
cache-control: s-maxage=10
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css

104.17.25.14

200 OK

2.9 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
assembler source, ASCII text, with very long lines (17282)
Size
2.9 kB (2934 bytes)
Hash
78aabb09e30a9eb6f833cbb1b48bdb2e
e876ff16b6c511bc217973e51202aaaf23a4e936
8d76a29a92bc268043a7bd4d0b8f171fffd6c6c3c8e18aa314d6dac1aeb542ae

HTTP Headers

GET /ajax/libs/filepond/4.29.1/filepond.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megafile.cc
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 07 Oct 2022 02:32:39 GMT
content-type: text/css; charset=utf-8
content-length: 2934
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "613afc53-b76"
last-modified: Fri, 10 Sep 2021 06:33:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 723715
expires: Wed, 27 Sep 2023 02:32:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ZBH6EKwMWn%2FjtQL88fcICNknEQ6AFfGW551J2QvNW6Xh3Lf8SlEkLP5rFU1bIZG98urjKfrBAt%2Bh1L89lgFrsisaAUdji1G3sVJvlsyM%2BpcnzhvB0DArr%2BJ%2FJyu9XyJ6hDe1ADw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75633a3e695b0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css

104.17.25.14

200 OK

14 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65345)
Size
14 kB (14374 bytes)
Hash
642445b86596bdeaa98e92faa2064fc6
6c5539660bf533d34e37b917973c941d1c963374
4a5a39e9f325c5578dccd880c1d516eae190ee39f7539f4a6c6c52d2eee4cbdf

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 07 Oct 2022 02:32:39 GMT
content-type: text/css; charset=utf-8
content-length: 14374
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61498362-3826"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5989877
expires: Wed, 27 Sep 2023 02:32:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Maf443zFGVPHqBzW7OP2MQqKzzvnXFw5pqEgG3Oa5oTlewYpK0b800rwwr%2B4XBuz3qg6uaxp5Y9Pse2Gi%2FAxhTU4oupE7nAPU8qC6967495FhsPnlVyoJP1w9gkD5nQMY7PhgIxg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75633a3e6ae6b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

megafile.cc/img/logo-mega-info.png

138.201.48.112

200 OK

179 kB

URL HTTP/2
megafile.cc/img/logo-mega-info.png
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 4167 x 4167, 8-bit/color RGBA, non-interlaced\012- data
Size
179 kB (179409 bytes)
Hash
2e0ba32bb3fad3ba8048f1bf5c697931
9abc4eec9254ec6dd28bd5493604a1fdd13e0895
bb5076513ee0effdab48ff5826a0e8f02b4eb03d4e04eef3e0ea157f2feffa23

HTTP Headers

GET /img/logo-mega-info.png HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
Cookie: XSRF-TOKEN=eyJpdiI6InV3ZUhDVzFKQTRwK3drRGFZbUFmZXc9PSIsInZhbHVlIjoicGpobStsN3Y5VnFxcmFsQm85OE1uZkZWSmxyWkpFeHhONloxdHY0TUJLMVliN3BQSmFFb1RnRmZ3ZDhFZUxxMkJYNWRjUkFFVk1uV3dXL09oemkrUDRmZWdFckpLemUvcGdzYzA1dE1la29meUgvc0hWVjNZYTQrSzQrQU1nbk4iLCJtYWMiOiIxOTdhOTEyMmI2N2E3ZDIyYWQ4MTY4ODc0OGMxMDE4NWMwNWI2NGI0ZmU2MTc3NzJkMzg5NTA5ZWRjMzE2MmEyIiwidGFnIjoiIn0%3D; megafile_session=eyJpdiI6IkpPRldPemUrV3pVOFlac3AxVUZGSnc9PSIsInZhbHVlIjoiOER3ejJjQXhDcFFoMEhoZnFIMFR0NnZjM1FXK3F2c0VGd2lZQy9YT2swVUpka3R2SkNJREJMQ0U0cFZtNDlQNWZIZm4xVVZhODIxNzNMYVVDZHNrK1pqY0oyRVRkN0Nya1pmMFBqMERlOUU5dXQ1am5yZStsenZjT0t0ZHBITkIiLCJtYWMiOiJkNmYzOTVmNzQzYTFlOWQ1MmY3NzE1ZDIzYjdiMThmMTBmYTdkZGEzNjcwMDBhOWNkODgwNDVjNTFjYTE0ZDA3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 179409
etag: "629bc4a3-2bcd1"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
date: Fri, 07 Oct 2022 02:32:39 GMT
expires: Fri, 07 Oct 2022 02:37:39 GMT
cache-control: s-maxage=10
X-Firefox-Spdy: h2

megafile.cc/js/site.js

138.201.48.112

200 OK

2.0 kB

URL HTTP/2
megafile.cc/js/site.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (5640)
Size
2.0 kB (1993 bytes)
Hash
a779d1605363c034784168e0553fee12
203adaeac5eec419f7bdf4ba6840c9378c9692e5
0ac5db7b1ae244540526d4c971799e4c8ba3f5921dda88b94d10d2cb6a730bc6

HTTP Headers

GET /js/site.js HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
Cookie: XSRF-TOKEN=eyJpdiI6InV3ZUhDVzFKQTRwK3drRGFZbUFmZXc9PSIsInZhbHVlIjoicGpobStsN3Y5VnFxcmFsQm85OE1uZkZWSmxyWkpFeHhONloxdHY0TUJLMVliN3BQSmFFb1RnRmZ3ZDhFZUxxMkJYNWRjUkFFVk1uV3dXL09oemkrUDRmZWdFckpLemUvcGdzYzA1dE1la29meUgvc0hWVjNZYTQrSzQrQU1nbk4iLCJtYWMiOiIxOTdhOTEyMmI2N2E3ZDIyYWQ4MTY4ODc0OGMxMDE4NWMwNWI2NGI0ZmU2MTc3NzJkMzg5NTA5ZWRjMzE2MmEyIiwidGFnIjoiIn0%3D; megafile_session=eyJpdiI6IkpPRldPemUrV3pVOFlac3AxVUZGSnc9PSIsInZhbHVlIjoiOER3ejJjQXhDcFFoMEhoZnFIMFR0NnZjM1FXK3F2c0VGd2lZQy9YT2swVUpka3R2SkNJREJMQ0U0cFZtNDlQNWZIZm4xVVZhODIxNzNMYVVDZHNrK1pqY0oyRVRkN0Nya1pmMFBqMERlOUU5dXQ1am5yZStsenZjT0t0ZHBITkIiLCJtYWMiOiJkNmYzOTVmNzQzYTFlOWQ1MmY3NzE1ZDIzYjdiMThmMTBmYTdkZGEzNjcwMDBhOWNkODgwNDVjNTFjYTE0ZDA3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-original-content-length: 9351
vary: Accept-Encoding
content-encoding: gzip
content-length: 1993
etag: W/"PSA-aj-ZD_qAZjk-5"
date: Fri, 07 Oct 2022 02:32:39 GMT
expires: Sun, 03 Oct 2032 22:06:44 GMT
cache-control: max-age=315344044
X-Firefox-Spdy: h2

megafile.cc/js/sw.js

138.201.48.112

200 OK

2.2 kB

URL HTTP/2
megafile.cc/js/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (4955), with no line terminators
Size
2.2 kB (2233 bytes)
Hash
2ce73f68c419965f076c5900c6f1b9e7
f28854598ab2c2ffdf9bf9cd48c9041fb85b4173
39bd09349ed4a072356d7d50d6766ba762fab802a4c927c399d489896122dd6b

HTTP Headers

GET /js/sw.js HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
Cookie: XSRF-TOKEN=eyJpdiI6InV3ZUhDVzFKQTRwK3drRGFZbUFmZXc9PSIsInZhbHVlIjoicGpobStsN3Y5VnFxcmFsQm85OE1uZkZWSmxyWkpFeHhONloxdHY0TUJLMVliN3BQSmFFb1RnRmZ3ZDhFZUxxMkJYNWRjUkFFVk1uV3dXL09oemkrUDRmZWdFckpLemUvcGdzYzA1dE1la29meUgvc0hWVjNZYTQrSzQrQU1nbk4iLCJtYWMiOiIxOTdhOTEyMmI2N2E3ZDIyYWQ4MTY4ODc0OGMxMDE4NWMwNWI2NGI0ZmU2MTc3NzJkMzg5NTA5ZWRjMzE2MmEyIiwidGFnIjoiIn0%3D; megafile_session=eyJpdiI6IkpPRldPemUrV3pVOFlac3AxVUZGSnc9PSIsInZhbHVlIjoiOER3ejJjQXhDcFFoMEhoZnFIMFR0NnZjM1FXK3F2c0VGd2lZQy9YT2swVUpka3R2SkNJREJMQ0U0cFZtNDlQNWZIZm4xVVZhODIxNzNMYVVDZHNrK1pqY0oyRVRkN0Nya1pmMFBqMERlOUU5dXQ1am5yZStsenZjT0t0ZHBITkIiLCJtYWMiOiJkNmYzOTVmNzQzYTFlOWQ1MmY3NzE1ZDIzYjdiMThmMTBmYTdkZGEzNjcwMDBhOWNkODgwNDVjNTFjYTE0ZDA3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-original-content-length: 4982
vary: Accept-Encoding
content-encoding: gzip
content-length: 2233
etag: W/"PSA-aj-ircMs4wEim"
date: Fri, 07 Oct 2022 02:32:39 GMT
expires: Sun, 03 Oct 2032 22:18:19 GMT
cache-control: max-age=315344739
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

54.230.111.65

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
54.230.111.65:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Fri, 07 Oct 2022 02:29:41 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 07 Oct 2022 03:00:32 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BQcSvVYTc1EygjaRXwvS-Ag1C6troeJUCGyP2mVsd4Ljmcmw-W464A==
Age: 178

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8be5570b9a5ca76c580da007a824b029
38840f2ac6476bdd5608121c5653e338c7ad9715
0b94e05080ef85432b1815eb3c6c7594c9613cfde1b51eeabee46d0d9fde64b2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3784
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 02:32:39 GMT
Last-Modified: Fri, 07 Oct 2022 01:29:35 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a9ab062b715ddac45bef491600c90a99
73a952596f3e051c78ab61be77160f5ca9e06161
58cf31cb4c369ac6785c74e79615ab7f5a67eaa6adf518303953f394c212087f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58CF31CB4C369AC6785C74E79615AB7F5A67EAA6ADF518303953F394C212087F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15034
Expires: Fri, 07 Oct 2022 06:43:13 GMT
Date: Fri, 07 Oct 2022 02:32:39 GMT
Connection: keep-alive

push.services.mozilla.com/

52.43.46.140

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.46.140:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: O81r/+yQGsjd6rbZNxja8A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WQGeemfYfFMU5QrS3EQNJs23zWo=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7fec4ca2d12f880f43c26286774b53a2
229dfff518f6d5c21d5357c86acdfc243477bd3f
d2c1462ff26dd4842f8a795da1c1b5812f230f7fb0ef39055ccc38add3a87a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2C1462FF26DD4842F8A795DA1C1B5812F230F7FB0EF39055CCC38ADD3A87A69"
Last-Modified: Wed, 05 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5276
Expires: Fri, 07 Oct 2022 04:00:36 GMT
Date: Fri, 07 Oct 2022 02:32:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5ac31442f61c6fbba0479b5aa7ded58f
63c42442bf9676036255328da9ec1612b20c5355
9ee6b943b43e9cfde84ab4685940f38980448220fad6c43248ce31d961a89169

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9EE6B943B43E9CFDE84AB4685940F38980448220FAD6C43248CE31D961A89169"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2997
Expires: Fri, 07 Oct 2022 03:22:37 GMT
Date: Fri, 07 Oct 2022 02:32:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4605881d81987895764b4644965ceb50
1eb3d62f4689f276ec2d49f0cd462b07d601f07b
cf1ccfa5b3c21c8c289f6a51f0f18b8019d31ba10ae9bb76ed87c2350ab5cd9e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF1CCFA5B3C21C8C289F6A51F0F18B8019D31BA10AE9BB76ED87C2350AB5CD9E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17477
Expires: Fri, 07 Oct 2022 07:23:57 GMT
Date: Fri, 07 Oct 2022 02:32:40 GMT
Connection: keep-alive

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 02:32:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=574958,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75633a430f2eb527-OSL

my.rtmark.net/gid.js?userId=4c55a12078ce413a944ce3bbcf87b6f5

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=4c55a12078ce413a944ce3bbcf87b6f5
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
91a25d37f738acf1a026480c1dfa61b1
ebf9fbd134dbde84e95e641cb50ab517b17e916a
a86d647b9f594448af4565edbec9b59042093727ea91be4ec4caed367cb4568b

HTTP Headers

GET /gid.js?userId=4c55a12078ce413a944ce3bbcf87b6f5 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megafile.cc
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://megafile.cc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=4c55a12078ce413a944ce3bbcf87b6f5; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

pseepsie.com/zone?pub=0&zone_id=4250689&is_mobile=false&domain=megafile.cc&var=&ymid=&var_3=

139.45.197.250

200 OK

664 B

URL HTTP/2
pseepsie.com/zone?pub=0&zone_id=4250689&is_mobile=false&domain=megafile.cc&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (663)
Size
664 B (664 bytes)
Hash
61b8e425f14abb04a28256d7bbfcf9bb
8f5ef264bdfb8cee94436e1df0cebb6ffa55a0f3
7a54762394e3d98ad90830d3d762d0aa4243b6e1983f1c05948776c41a3bc82d

HTTP Headers

GET /zone?pub=0&zone_id=4250689&is_mobile=false&domain=megafile.cc&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megafile.cc/
Origin: https://megafile.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 5f97c5153bd78934509e034fe741508d
access-control-allow-origin: https://megafile.cc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
966c3031e485ede683e6d3a60e394062
8e0d0284287e797890dbe611c7a62e7f101d1684
392c591a8f522a1b18b5b4d9d017bcee661d0679d4c55c940e3692c13b48e700

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "392C591A8F522A1B18B5B4D9D017BCEE661D0679D4C55C940E3692C13B48E700"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4517
Expires: Fri, 07 Oct 2022 03:47:57 GMT
Date: Fri, 07 Oct 2022 02:32:40 GMT
Connection: keep-alive

tovanillitechan.com/42/38?z=4250688

139.45.197.239

200 OK

0 B

URL HTTP/2
tovanillitechan.com/42/38?z=4250688
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /42/38?z=4250688 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Cookie: scm=1; OAID=161af994282049e6b4af601753eb2a7a; oaidts=1665109960
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 0960830b78944cde4cc6b5dec5da4f84
access-control-expose-headers: X-Sc
set-cookie: OAID=161af994282049e6b4af601753eb2a7a; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
oaidts=1665109960; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

onmarshtompor.com/?rb=NzK9DFMs7J_QtYp0q0kxnu0_WdvL31rUEfBHXYpSHtzpcFrqeJGhP9y0EQTLymhkqQiG1dqUbEqTur8zJKA_IZCOl2K2dhJt72yCWTFzof3-tOzjDiQDmn1G_7dZ176QwZjhBPWfBHTzRglLHm5ki0sDe8WZigAoyOoqpYniLyH3kAMNrFTzeUvF9Tb386V8AYj4R8Hw1qPBgW-WDieQRA%3D%3D&request_ab2=0&zoneid=4250690&js_build=iclick-v1.433.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.433.0&bs=8979327d-a895-4fe6-9582-fe8b001da83e&userId=4c55a12078ce413a944ce3bbcf87b6f5&m=link

139.45.197.243

200 OK

1.7 kB

URL HTTP/2
onmarshtompor.com/?rb=NzK9DFMs7J_QtYp0q0kxnu0_WdvL31rUEfBHXYpSHtzpcFrqeJGhP9y0EQTLymhkqQiG1dqUbEqTur8zJKA_IZCOl2K2dhJt72yCWTFzof3-tOzjDiQDmn1G_7dZ176QwZjhBPWfBHTzRglLHm5ki0sDe8WZigAoyOoqpYniLyH3kAMNrFTzeUvF9Tb386V8AYj4R8Hw1qPBgW-WDieQRA%3D%3D&request_ab2=0&zoneid=4250690&js_build=iclick-v1.433.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.433.0&bs=8979327d-a895-4fe6-9582-fe8b001da83e&userId=4c55a12078ce413a944ce3bbcf87b6f5&m=link
IP
139.45.197.243:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (2206), with no line terminators
Size
1.7 kB (1670 bytes)
Hash
441a10a33846a9a59aa0f37faa7baf43
0688f24021608712c6a173c8dc7dde599cff65cd
d72e88c957a0e816a7286026967c748baa7166681551845bda2aa8b4390135a1

HTTP Headers

GET /?rb=NzK9DFMs7J_QtYp0q0kxnu0_WdvL31rUEfBHXYpSHtzpcFrqeJGhP9y0EQTLymhkqQiG1dqUbEqTur8zJKA_IZCOl2K2dhJt72yCWTFzof3-tOzjDiQDmn1G_7dZ176QwZjhBPWfBHTzRglLHm5ki0sDe8WZigAoyOoqpYniLyH3kAMNrFTzeUvF9Tb386V8AYj4R8Hw1qPBgW-WDieQRA%3D%3D&request_ab2=0&zoneid=4250690&js_build=iclick-v1.433.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.433.0&bs=8979327d-a895-4fe6-9582-fe8b001da83e&userId=4c55a12078ce413a944ce3bbcf87b6f5&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megafile.cc/
Origin: https://megafile.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/json
x-trace-id: dc030cde86dc1fa0a3a666713bf79e6a
access-control-allow-origin: https://megafile.cc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=4c55a12078ce413a944ce3bbcf87b6f5; expires=Sat, 07 Oct 2023 02:32:40 GMT; path=/; secure; SameSite=None
oaidts=1665109960; expires=Sat, 07 Oct 2023 02:32:40 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 14 Oct 2022 02:32:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

pseepsie.com/pfe/current/universal.min.js?v=3.1.396

139.45.197.250

200 OK

170 kB

URL HTTP/2
pseepsie.com/pfe/current/universal.min.js?v=3.1.396
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
170 kB (169620 bytes)
Hash
7df5b6b691368734dccd742a1e2872d1
824a84082e92599599bcaf7de1a6fb0851f53cec
c2b2e9a07f688884417d35548141630b6441b6ce9d69a53780516ed78c4ad35c

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.396 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megafile.cc/
Origin: https://megafile.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1fafa"
access-control-allow-origin: https://megafile.cc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

megafile.cc/sw.js

138.201.48.112

200 OK

2.4 kB

URL HTTP/2
megafile.cc/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (5209), with no line terminators
Size
2.4 kB (2363 bytes)
Hash
60024048781353f7bc51300aff2ef6f3
fc88d0f69d4a5eff9deed7f510ddc842308cb0cb
a6e21637c84e841563ca45be1191fb5a294d9bd11b64e90dca4b735ad6f6b707

HTTP Headers

GET /sw.js HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InV3ZUhDVzFKQTRwK3drRGFZbUFmZXc9PSIsInZhbHVlIjoicGpobStsN3Y5VnFxcmFsQm85OE1uZkZWSmxyWkpFeHhONloxdHY0TUJLMVliN3BQSmFFb1RnRmZ3ZDhFZUxxMkJYNWRjUkFFVk1uV3dXL09oemkrUDRmZWdFckpLemUvcGdzYzA1dE1la29meUgvc0hWVjNZYTQrSzQrQU1nbk4iLCJtYWMiOiIxOTdhOTEyMmI2N2E3ZDIyYWQ4MTY4ODc0OGMxMDE4NWMwNWI2NGI0ZmU2MTc3NzJkMzg5NTA5ZWRjMzE2MmEyIiwidGFnIjoiIn0%3D; megafile_session=eyJpdiI6IkpPRldPemUrV3pVOFlac3AxVUZGSnc9PSIsInZhbHVlIjoiOER3ejJjQXhDcFFoMEhoZnFIMFR0NnZjM1FXK3F2c0VGd2lZQy9YT2swVUpka3R2SkNJREJMQ0U0cFZtNDlQNWZIZm4xVVZhODIxNzNMYVVDZHNrK1pqY0oyRVRkN0Nya1pmMFBqMERlOUU5dXQ1am5yZStsenZjT0t0ZHBITkIiLCJtYWMiOiJkNmYzOTVmNzQzYTFlOWQ1MmY3NzE1ZDIzYjdiMThmMTBmYTdkZGEzNjcwMDBhOWNkODgwNDVjNTFjYTE0ZDA3IiwidGFnIjoiIn0%3D; prefetchAd_4250690=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-original-content-length: 5236
vary: Accept-Encoding
content-encoding: gzip
content-length: 2363
etag: W/"PSA-aj-b0aYbWJj70"
date: Fri, 07 Oct 2022 02:32:40 GMT
expires: Sun, 03 Oct 2032 22:06:44 GMT
cache-control: max-age=315344043
X-Firefox-Spdy: h2

pseepsie.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
pseepsie.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megafile.cc/
Content-Type: application/json
Origin: https://megafile.cc
Content-Length: 412
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a892326761bc025ac73d6c962c052939
access-control-allow-origin: https://megafile.cc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

pseepsie.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
pseepsie.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megafile.cc/
Content-Type: application/json
Origin: https://megafile.cc
Content-Length: 770
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 78bdd4a9f8f261b7a614bd40b825ad76
access-control-allow-origin: https://megafile.cc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

tovanillitechan.com/9?z=4250688&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=4c55a12078ce413a944ce3bbcf87b6f5

139.45.197.239

204 No Content

0 B

URL HTTP/2
tovanillitechan.com/9?z=4250688&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=4c55a12078ce413a944ce3bbcf87b6f5
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=4250688&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=4c55a12078ce413a944ce3bbcf87b6f5 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://megafile.cc/
Origin: https://megafile.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megafile.cc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

dozubatan.com/500/4250687?excludes=&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
dozubatan.com/500/4250687?excludes=&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/4250687?excludes=&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megafile.cc/
Origin: https://megafile.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megafile.cc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

tovanillitechan.com/11?rnd=778491446&z=4250688&b=14566425&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=UYrXuwbe_gWMEM7oPahFHOLTo-lLha2HkCFTDwhU0ZDfs79xqFDnt1Y7ZZlb2paNWtHrdhMyIMtK3uxl0gCobSJpZ8fw2qlLssqt9avKX5NJqvvxMdHffaKpK1c1pKtHcZ2GlcWPAittcOmSiY6c9I4yfpv2J8r5MWohvm5puiVt6xRPHHaOFIIDsStbnGQh565vykUdGItM6x76qXmtRuBqJ8c6G_pLYx7DsAMxfcwe9TmsDiKGME_i45y8xGQeeXX53oO4Wz3KW_AQ1EmtcqoF7rH4vD4Wn1VUaeeJ08kYnJwfNXK7XzlcUnvqeKnAUsx0s6xKiPSTB7rK2SSMJbB80JSHLNgyJO7YdZZXzpz05-PhG2qm5FzYatjv2-5tkR5RoUpMTZW9v_bDyiUSd4Ef7BEghzi3E6tGr__MALnfMYFuSpAvIyMeid2zTut53HUc-uw-IKv0bO4BZvw53pOrOfNqzDBRbzssXCLuvrnRME3RO9xBPUQoU1edM2O_aYwTSLVzL_LGOAtVB_O0uMZuWhMAGswaUPCnZOxMCMDs8Xpt7uUNsA312q5e7fBv5z-herbC3twN60ivZ_g4cf0rsroX5Km8wS5BGmV9ehkUh9dQfbvPYgtOQWhD9PHq0B1G286QxsdKk6Ut&ruid=794b63af-cd8f-4389-8a26-4e058512ed09&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=80

139.45.197.239

200 OK

0 B

URL HTTP/2
tovanillitechan.com/11?rnd=778491446&z=4250688&b=14566425&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=UYrXuwbe_gWMEM7oPahFHOLTo-lLha2HkCFTDwhU0ZDfs79xqFDnt1Y7ZZlb2paNWtHrdhMyIMtK3uxl0gCobSJpZ8fw2qlLssqt9avKX5NJqvvxMdHffaKpK1c1pKtHcZ2GlcWPAittcOmSiY6c9I4yfpv2J8r5MWohvm5puiVt6xRPHHaOFIIDsStbnGQh565vykUdGItM6x76qXmtRuBqJ8c6G_pLYx7DsAMxfcwe9TmsDiKGME_i45y8xGQeeXX53oO4Wz3KW_AQ1EmtcqoF7rH4vD4Wn1VUaeeJ08kYnJwfNXK7XzlcUnvqeKnAUsx0s6xKiPSTB7rK2SSMJbB80JSHLNgyJO7YdZZXzpz05-PhG2qm5FzYatjv2-5tkR5RoUpMTZW9v_bDyiUSd4Ef7BEghzi3E6tGr__MALnfMYFuSpAvIyMeid2zTut53HUc-uw-IKv0bO4BZvw53pOrOfNqzDBRbzssXCLuvrnRME3RO9xBPUQoU1edM2O_aYwTSLVzL_LGOAtVB_O0uMZuWhMAGswaUPCnZOxMCMDs8Xpt7uUNsA312q5e7fBv5z-herbC3twN60ivZ_g4cf0rsroX5Km8wS5BGmV9ehkUh9dQfbvPYgtOQWhD9PHq0B1G286QxsdKk6Ut&ruid=794b63af-cd8f-4389-8a26-4e058512ed09&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=80
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=778491446&z=4250688&b=14566425&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=UYrXuwbe_gWMEM7oPahFHOLTo-lLha2HkCFTDwhU0ZDfs79xqFDnt1Y7ZZlb2paNWtHrdhMyIMtK3uxl0gCobSJpZ8fw2qlLssqt9avKX5NJqvvxMdHffaKpK1c1pKtHcZ2GlcWPAittcOmSiY6c9I4yfpv2J8r5MWohvm5puiVt6xRPHHaOFIIDsStbnGQh565vykUdGItM6x76qXmtRuBqJ8c6G_pLYx7DsAMxfcwe9TmsDiKGME_i45y8xGQeeXX53oO4Wz3KW_AQ1EmtcqoF7rH4vD4Wn1VUaeeJ08kYnJwfNXK7XzlcUnvqeKnAUsx0s6xKiPSTB7rK2SSMJbB80JSHLNgyJO7YdZZXzpz05-PhG2qm5FzYatjv2-5tkR5RoUpMTZW9v_bDyiUSd4Ef7BEghzi3E6tGr__MALnfMYFuSpAvIyMeid2zTut53HUc-uw-IKv0bO4BZvw53pOrOfNqzDBRbzssXCLuvrnRME3RO9xBPUQoU1edM2O_aYwTSLVzL_LGOAtVB_O0uMZuWhMAGswaUPCnZOxMCMDs8Xpt7uUNsA312q5e7fBv5z-herbC3twN60ivZ_g4cf0rsroX5Km8wS5BGmV9ehkUh9dQfbvPYgtOQWhD9PHq0B1G286QxsdKk6Ut&ruid=794b63af-cd8f-4389-8a26-4e058512ed09&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=80 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megafile.cc
Connection: keep-alive
Referer: https://megafile.cc/
Cookie: scm=1; OAID=4c55a12078ce413a944ce3bbcf87b6f5; oaidts=1665109960
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://megafile.cc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 010231e0a315858305dd64f79d17e77f
access-control-expose-headers: X-Sc
set-cookie: OAID=4c55a12078ce413a944ce3bbcf87b6f5; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
oaidts=1665109960; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4f02499111f3797c5a096e9f9a23f37c
19daaa3d50e5acd25ec41242b0bedf54a9dd5a37
8158e4bd8ad6b27907098b5e0e958152f08f95ec1f99d3f31f3d5f49038e865e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8158E4BD8AD6B27907098B5E0E958152F08F95EC1F99D3F31F3D5F49038E865E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1525
Expires: Fri, 07 Oct 2022 02:58:05 GMT
Date: Fri, 07 Oct 2022 02:32:40 GMT
Connection: keep-alive

offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg

104.22.32.172

200 OK

11 kB

URL HTTP/2
offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
IP
104.22.32.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (11449 bytes)
Hash
96d73cf80f752e9319997c6e575c3b82
3dcf9d3b3e94698a842b1a98de17a02a8c3b4457
44dc0e0d92f12e669842f12722ca1a1848fb4be50deabd86c7d9deb64946db86

HTTP Headers

GET /www/images/96d73cf80f752e9319997c6e575c3b82.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: image/jpeg
content-length: 11449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "627e5574-2cb9"
expires: Fri, 07 Oct 2022 04:56:42 GMT
last-modified: Fri, 13 May 2022 12:56:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 77758
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75633a477aad98ee-ARN
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
8f914c75d78aabd8f442473c89339139
65f9275088f83adaabf31e48c76de615ceaf238d
e609b19f355624c89679e3029f5f54f6c1b0398d8b13aae97c6d11b2598dee66

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 02:32:40 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 12:52:20 GMT
Expires: Thu, 13 Oct 2022 12:52:19 GMT
Etag: "65f9275088f83adaabf31e48c76de615ceaf238d"
Cache-Control: max-age=554978,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75633a46a917b527-OSL

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megafile.cc/
Content-Type: text/plain;charset=UTF-8
Origin: https://megafile.cc
Content-Length: 1560
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 07 Oct 2022 02:33:03 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://megafile.cc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

interstitial-07.com/contents/s/d6/57/d0/b45c722c9203953e7fbb92fc33/01117258015882.jpeg

139.45.197.153

200 OK

20 kB

URL HTTP/2
interstitial-07.com/contents/s/d6/57/d0/b45c722c9203953e7fbb92fc33/01117258015882.jpeg
IP
139.45.197.153:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size
20 kB (19879 bytes)
Hash
d657d0b45c722c9203953e7fbb92fc33
e1ff29e4b8f1ea03d163e6a3c8f4d381cae5a3e2
40785963d6afef460b6d58db44d00d3bbed11a81f88e64e6a1b91d317b220d40

HTTP Headers

GET /contents/s/d6/57/d0/b45c722c9203953e7fbb92fc33/01117258015882.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=cJn1yDWhtv1vRuI&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D2244573049%26z%3D4250688%26b%3D14566425%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DUYrXuwbe_gWMEM7oPahFHOLTo-lLha2HkCFTDwhU0ZDfs79xqFDnt1Y7ZZlb2paNWtHrdhMyIMtK3uxl0gCobSJpZ8fw2qlLssqt9avKX5NJqvvxMdHffaKpK1c1pKtHcZ2GlcWPAittcOmSiY6c9I4yfpv2J8r5MWohvm5puiVt6xRPHHaOFIIDsStbnGQh565vykUdGItM6x76qXmtRuBqJ8c6G_pLYx7DsAMxfcwe9TmsDiKGME_i45y8xGQeeXX53oO4Wz3KW_AQ1EmtcqoF7rH4vD4Wn1VUaeeJ08kYnJwfNXK7XzlcUnvqeKnAUsx0s6xKiPSTB7rK2SSMJbB80JSHLNgyJO7YdZZXzpz05-PhG2qm5FzYatjv2-5tkR5RoUpMTZW9v_bDyiUSd4Ef7BEghzi3E6tGr__MALnfMYFuSpAvIyMeid2zTut53HUc-uw-IKv0bO4BZvw53pOrOfNqzDBRbzssXCLuvrnRME3RO9xBPUQoU1edM2O_aYwTSLVzL_LGOAtVB_O0uMZuWhMAGswaUPCnZOxMCMDs8Xpt7uUNsA312q5e7fBv5z-herbC3twN60ivZ_g4cf0rsroX5Km8wS5BGmV9ehkUh9dQfbvPYgtOQWhD9PHq0B1G286QxsdKk6Ut%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D794b63af-cd8f-4389-8a26-4e058512ed09%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmegafile.cc%252Fdont-hotlink%252Fb127e6f6-21f1-496b-8425-860f2f88f624.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: image/jpeg
content-length: 19879
last-modified: Wed, 05 Oct 2022 17:04:55 GMT
etag: "633db937-4da7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/9b/2c/29/3f4695bb8f89f5bdc53f2634e2/01175794239723.jpeg

139.45.197.153

200 OK

63 kB

URL HTTP/2
interstitial-07.com/contents/s/9b/2c/29/3f4695bb8f89f5bdc53f2634e2/01175794239723.jpeg
IP
139.45.197.153:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
63 kB (63121 bytes)
Hash
9b2c293f4695bb8f89f5bdc53f2634e2
fda95c173965012fa72bd0386a0f1e4f0e5220fa
f7090a9b5e00f32721b1d83183b54e836e4237f6d407186327f7835caf3c265a

HTTP Headers

GET /contents/s/9b/2c/29/3f4695bb8f89f5bdc53f2634e2/01175794239723.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=cJn1yDWhtv1vRuI&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D2244573049%26z%3D4250688%26b%3D14566425%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DUYrXuwbe_gWMEM7oPahFHOLTo-lLha2HkCFTDwhU0ZDfs79xqFDnt1Y7ZZlb2paNWtHrdhMyIMtK3uxl0gCobSJpZ8fw2qlLssqt9avKX5NJqvvxMdHffaKpK1c1pKtHcZ2GlcWPAittcOmSiY6c9I4yfpv2J8r5MWohvm5puiVt6xRPHHaOFIIDsStbnGQh565vykUdGItM6x76qXmtRuBqJ8c6G_pLYx7DsAMxfcwe9TmsDiKGME_i45y8xGQeeXX53oO4Wz3KW_AQ1EmtcqoF7rH4vD4Wn1VUaeeJ08kYnJwfNXK7XzlcUnvqeKnAUsx0s6xKiPSTB7rK2SSMJbB80JSHLNgyJO7YdZZXzpz05-PhG2qm5FzYatjv2-5tkR5RoUpMTZW9v_bDyiUSd4Ef7BEghzi3E6tGr__MALnfMYFuSpAvIyMeid2zTut53HUc-uw-IKv0bO4BZvw53pOrOfNqzDBRbzssXCLuvrnRME3RO9xBPUQoU1edM2O_aYwTSLVzL_LGOAtVB_O0uMZuWhMAGswaUPCnZOxMCMDs8Xpt7uUNsA312q5e7fBv5z-herbC3twN60ivZ_g4cf0rsroX5Km8wS5BGmV9ehkUh9dQfbvPYgtOQWhD9PHq0B1G286QxsdKk6Ut%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D794b63af-cd8f-4389-8a26-4e058512ed09%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmegafile.cc%252Fdont-hotlink%252Fb127e6f6-21f1-496b-8425-860f2f88f624.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: image/jpeg
content-length: 63121
last-modified: Wed, 05 Oct 2022 17:04:52 GMT
etag: "633db934-f691"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
671e371ca656241a058e39f941f52b91
e2f8c597830dbf6798c6e67563b25f8f2c5b9761
c8cf9147235e2f68fb2a2aa6aaab3d8934bb8e1a2a19e94e8c9ef6310ffdf88a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8CF9147235E2F68FB2A2AA6AAAB3D8934BB8E1A2A19E94E8C9EF6310FFDF88A"
Last-Modified: Wed, 05 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13586
Expires: Fri, 07 Oct 2022 06:19:07 GMT
Date: Fri, 07 Oct 2022 02:32:41 GMT
Connection: keep-alive

unphionetor.com/vctx?t=72747

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=72747
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 02:32:41 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 47ae9981a2d16c419c99275c79b07273
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 02:32:41 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 154f905189ed1db6f811334f47e8709f
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16207
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 02:32:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16207
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 02:32:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16207
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 02:32:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16207
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 02:32:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16207
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 02:32:41 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F925ee025-58b0-436d-8cda-192ec7c44c33.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F925ee025-58b0-436d-8cda-192ec7c44c33.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9995 bytes)
Hash
ae567a6922213a56f35ddc5d5cc1d0f1
fc49df76e8625d8542b0634bfcf12b8d6cda445c
135f25c0350ad26235447cdfba53a45e5d0f9f4c07a6c1e66dd2ed4a4a487f86

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F925ee025-58b0-436d-8cda-192ec7c44c33.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9995
x-amzn-requestid: 46d789c8-c830-4003-a752-472ee853a14b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi-GRZIAMFzag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-5d69f864308ea18c0440203e;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: i1F72tYrdjpymITjLWOWsfF_d-uZp_aXH-TWvE491s7IOtJZArpOqA==
via: 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:44:18 GMT
age: 17303
etag: "fc49df76e8625d8542b0634bfcf12b8d6cda445c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

139.45.197.239

200 OK

17 kB

URL HTTP/2
tovanillitechan.com/9?z=4250688&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=4c55a12078ce413a944ce3bbcf87b6f5
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
data
Size
17 kB (17076 bytes)
Hash
2a45e1dda0f1d5b285cffab65b7e7877
4617f66f4fe3388dec83e97105281d63d6be4968
ce9f43e8303b4b0792632fb611e099e091b4143ca5b14f37be95591ba097e9a1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=4250688&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=4c55a12078ce413a944ce3bbcf87b6f5 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 209
Origin: https://megafile.cc
Connection: keep-alive
Referer: https://megafile.cc/
Cookie: scm=1; OAID=161af994282049e6b4af601753eb2a7a; oaidts=1665109960
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://megafile.cc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 112873528b6f97fec0995647986027fa
access-control-expose-headers: X-Sc
set-cookie: OAID=4c55a12078ce413a944ce3bbcf87b6f5; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
oaidts=1665109960; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36097bf9-dd7a-4dde-af42-0e23e000e84a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.7 kB (2732 bytes)
Hash
e9646987c0395eec23e32dc00954d386
5545b691aeefcd31bbc6b6cad6726234773e9d74
900a2bfbe3984db79056d38764b1986399d827a7f54d1c54d4fd3b06c7981385

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36097bf9-dd7a-4dde-af42-0e23e000e84a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2732
x-amzn-requestid: 004a85ab-b33b-4b7f-86f2-9762e6cd2f0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmhkQGWgoAMF7mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f494e-473458094dc2ded55a681505;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: eJltrBVIRbJ-_OUHZjw8mtfK6Ivb9C51B6lC1C11eaq_O4Psd7evRg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ca66331b52971370c4e54619e8a952cc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:46:38 GMT
age: 17163
etag: "5545b691aeefcd31bbc6b6cad6726234773e9d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13437 bytes)
Hash
16339989f5c6c229a3dcc0ed1e52032f
a1ea26d6e4eb4a72cc8c87100b40035dab69d285
16703f888ee6f974bb89e1c4c16a75186b31b64130abcd1a3bcd3741159d912c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13437
x-amzn-requestid: ec801fbc-c339-46ce-ac5f-18d064e5ef21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_HdeoAMFyOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-02b52b770e6e76cf52b26e47;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: Iesqk_XbGiZE-n3mTa1_1WtlXiyEqz-4qfyt3_609O1eujdLcFu3zA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:01:58 GMT
etag: "a1ea26d6e4eb4a72cc8c87100b40035dab69d285"
content-type: image/jpeg
age: 16243
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

139.45.197.237

200 OK

10 kB

URL HTTP/2
dozubatan.com/500/4250687?excludes=&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
10 kB (10060 bytes)
Hash
b81f336c56b828bd646a43a0d05e2837
621cc47a4e8fcfa65c7a49b8b2930a107a4f5c16
0e5b7b30f2d4607fd8e742d91e16a68296893284fb1d11b8b43ea7a43f109901

HTTP Headers

GET /500/4250687?excludes=&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megafile.cc
Connection: keep-alive
Referer: https://megafile.cc/
Cookie: OAID=e9349d2af74744968781ea847086b28a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/javascript
x-trace-id: 1813f944e94e8a8d3d17f118dc9f11c4
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://megafile.cc
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=4c55a12078ce413a944ce3bbcf87b6f5; expires=Sat, 07 Oct 2023 02:32:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ee0abd8-4ecf-437c-9675-8f3d0154f2b9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6518 bytes)
Hash
7e1d0226194b6ccc5e2d460745b53fb4
715224d106cc3342482c53905322d6418421f6d2
0992c3232fd28edf9a9af56c2cc7f64f9ae53a2ec0cc4fb38c2cdb468a6a5791

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ee0abd8-4ecf-437c-9675-8f3d0154f2b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6518
x-amzn-requestid: 2d3dc175-26a9-40a2-b629-0c8b533d5037
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmhktGcloAMF0SA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4951-23e7e2852fe1f11c009d4c26;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:32:01 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: XZZtr9fG5zlx9W9TIX5zVjqvyZ5NEeSEPqtNUhwArlhBEIdcT5unpQ==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 f62c9ca47e35df5c65764381977823a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:01:47 GMT
etag: "715224d106cc3342482c53905322d6418421f6d2"
content-type: image/jpeg
age: 16254
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

dozubatan.com/impression/Sp5O-QOrar90GtwvTheSkQgypucn87aBMluy1Ulfvxw_ADnUTsZ5FqNMcNyGx1HVPLnrheMd36gFfSxg69n2Xc01GxuUCQCdIOBJhpmySpCO3kG8pqWCf-A026qVr8dkfNkXqC4Dbavf9FtvZspAg86-2pj_bedcFcjIuThbahU6Lbpb2GNMPi6pIs3lPYiv8iJ8h9xU01orPVQmwsIN33NZjYYZdk0GobwsFxEFsypbxYfMWJ6XI1pePEQ_AXz152oCze7z3UcptGtN8HXE0ZS4Vr3JluvKnyi6Yd9a3mWbnGOH7ZpTSDhgzZ0Lq0ATQfQJQL9kuU3vDFem9zxv-1NoyVcHkbCv1SWQEOl9q-pZnKYlWz3Pf3DYOqrAs1jmdnbNkjEfwdNPAIT6Ms4iyLy7P0jb_hZXP5zSWkYh7NcfW6Gpi8KvFwRj1tRuGl7OPV_kPY-YPn1Dymlk6YXX1zzeY5bEBPnffKUbIyFxuiQAafPYsu_Jefiu0pNlucsQP7yyXm4b4R8vQoTQtFJ5wzNpGnIJ0jzwfLON9I7fhiFSHjd3oBHScLOOybPI6M65faHtcfQlQuQlhbZ3h3aUSE7jOyo=?_z=4250687&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL HTTP/2
dozubatan.com/impression/Sp5O-QOrar90GtwvTheSkQgypucn87aBMluy1Ulfvxw_ADnUTsZ5FqNMcNyGx1HVPLnrheMd36gFfSxg69n2Xc01GxuUCQCdIOBJhpmySpCO3kG8pqWCf-A026qVr8dkfNkXqC4Dbavf9FtvZspAg86-2pj_bedcFcjIuThbahU6Lbpb2GNMPi6pIs3lPYiv8iJ8h9xU01orPVQmwsIN33NZjYYZdk0GobwsFxEFsypbxYfMWJ6XI1pePEQ_AXz152oCze7z3UcptGtN8HXE0ZS4Vr3JluvKnyi6Yd9a3mWbnGOH7ZpTSDhgzZ0Lq0ATQfQJQL9kuU3vDFem9zxv-1NoyVcHkbCv1SWQEOl9q-pZnKYlWz3Pf3DYOqrAs1jmdnbNkjEfwdNPAIT6Ms4iyLy7P0jb_hZXP5zSWkYh7NcfW6Gpi8KvFwRj1tRuGl7OPV_kPY-YPn1Dymlk6YXX1zzeY5bEBPnffKUbIyFxuiQAafPYsu_Jefiu0pNlucsQP7yyXm4b4R8vQoTQtFJ5wzNpGnIJ0jzwfLON9I7fhiFSHjd3oBHScLOOybPI6M65faHtcfQlQuQlhbZ3h3aUSE7jOyo=?_z=4250687&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/Sp5O-QOrar90GtwvTheSkQgypucn87aBMluy1Ulfvxw_ADnUTsZ5FqNMcNyGx1HVPLnrheMd36gFfSxg69n2Xc01GxuUCQCdIOBJhpmySpCO3kG8pqWCf-A026qVr8dkfNkXqC4Dbavf9FtvZspAg86-2pj_bedcFcjIuThbahU6Lbpb2GNMPi6pIs3lPYiv8iJ8h9xU01orPVQmwsIN33NZjYYZdk0GobwsFxEFsypbxYfMWJ6XI1pePEQ_AXz152oCze7z3UcptGtN8HXE0ZS4Vr3JluvKnyi6Yd9a3mWbnGOH7ZpTSDhgzZ0Lq0ATQfQJQL9kuU3vDFem9zxv-1NoyVcHkbCv1SWQEOl9q-pZnKYlWz3Pf3DYOqrAs1jmdnbNkjEfwdNPAIT6Ms4iyLy7P0jb_hZXP5zSWkYh7NcfW6Gpi8KvFwRj1tRuGl7OPV_kPY-YPn1Dymlk6YXX1zzeY5bEBPnffKUbIyFxuiQAafPYsu_Jefiu0pNlucsQP7yyXm4b4R8vQoTQtFJ5wzNpGnIJ0jzwfLON9I7fhiFSHjd3oBHScLOOybPI6M65faHtcfQlQuQlhbZ3h3aUSE7jOyo=?_z=4250687&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Cookie: OAID=4c55a12078ce413a944ce3bbcf87b6f5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:45 GMT
content-type: image/gif
content-length: 43
x-trace-id: ec18ec7f7808f8d3539bcc7d399d3851
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

dozubatan.com/500/4250687?excludes=15111844&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
dozubatan.com/500/4250687?excludes=15111844&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/4250687?excludes=15111844&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://megafile.cc/
Origin: https://megafile.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:45 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://megafile.cc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg

104.22.32.172

200 OK

13 kB

URL HTTP/2
offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
IP
104.22.32.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
13 kB (13449 bytes)
Hash
375d4eace3e9692bfe2fc21648f4c59a
57ef9b8278b63d567eab92b8607b68cee29071b8
46005b3961515220591e6df79d2713774deb57a082dda8162c3d182bcad3aa1b

HTTP Headers

GET /www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 07 Oct 2022 02:32:45 GMT
content-type: image/jpeg
content-length: 13449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6231b480-3489"
expires: Fri, 07 Oct 2022 13:45:32 GMT
last-modified: Wed, 16 Mar 2022 09:57:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 46032
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75633a654b0f98ee-ARN
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js

104.16.122.175

302 Found

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
IP
104.16.122.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 07 Oct 2022 02:32:39 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GER4K8X0Y8AB9GTRYZVD3APD-ams
cf-cache-status: EXPIRED
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75633a3f4bdc0b69-OSL
X-Firefox-Spdy: h2

megafile.cc/pagespeed_static/js_defer.I4cHjq6EEP.js

138.201.48.112

200 OK

0 B

URL HTTP/2
megafile.cc/pagespeed_static/js_defer.I4cHjq6EEP.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pagespeed_static/js_defer.I4cHjq6EEP.js HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
Cookie: XSRF-TOKEN=eyJpdiI6InV3ZUhDVzFKQTRwK3drRGFZbUFmZXc9PSIsInZhbHVlIjoicGpobStsN3Y5VnFxcmFsQm85OE1uZkZWSmxyWkpFeHhONloxdHY0TUJLMVliN3BQSmFFb1RnRmZ3ZDhFZUxxMkJYNWRjUkFFVk1uV3dXL09oemkrUDRmZWdFckpLemUvcGdzYzA1dE1la29meUgvc0hWVjNZYTQrSzQrQU1nbk4iLCJtYWMiOiIxOTdhOTEyMmI2N2E3ZDIyYWQ4MTY4ODc0OGMxMDE4NWMwNWI2NGI0ZmU2MTc3NzJkMzg5NTA5ZWRjMzE2MmEyIiwidGFnIjoiIn0%3D; megafile_session=eyJpdiI6IkpPRldPemUrV3pVOFlac3AxVUZGSnc9PSIsInZhbHVlIjoiOER3ejJjQXhDcFFoMEhoZnFIMFR0NnZjM1FXK3F2c0VGd2lZQy9YT2swVUpka3R2SkNJREJMQ0U0cFZtNDlQNWZIZm4xVVZhODIxNzNMYVVDZHNrK1pqY0oyRVRkN0Nya1pmMFBqMERlOUU5dXQ1am5yZStsenZjT0t0ZHBITkIiLCJtYWMiOiJkNmYzOTVmNzQzYTFlOWQ1MmY3NzE1ZDIzYjdiMThmMTBmYTdkZGEzNjcwMDBhOWNkODgwNDVjNTFjYTE0ZDA3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
vary: Accept-Encoding
date: Fri, 07 Oct 2022 02:32:39 GMT
last-modified: Fri, 07 Oct 2022 02:32:39 GMT
cache-control: max-age=315360000
etag: W/"0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
x-frame-options: DENY
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js

104.16.122.175

200 OK

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
IP
104.16.122.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megafile.cc/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 07 Oct 2022 02:32:39 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1d07-1hxUHKzrTl3rNdhkJwK4kJGou0I"
via: 1.1 fly.io
fly-request-id: 01G2PJZCDRWWWP671QTKZ7W61J-fra
cf-cache-status: HIT
age: 12936911
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75633a3fcc080b69-OSL
content-encoding: br
X-Firefox-Spdy: h2

bedrapiona.com/5/4250690/?oo=1&js_build=iclick-v1.433.0

139.45.197.234

200 OK

0 B

URL HTTP/2
bedrapiona.com/5/4250690/?oo=1&js_build=iclick-v1.433.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /5/4250690/?oo=1&js_build=iclick-v1.433.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megafile.cc
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:39 GMT
content-type: application/json
x-trace-id: 93cf315e21dc2af88166fc3b77f42959
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://megafile.cc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=4c55a12078ce413a944ce3bbcf87b6f5; expires=Sat, 07 Oct 2023 02:32:39 GMT; path=/; secure; SameSite=None
oaidts=1665109959; expires=Sat, 07 Oct 2023 02:32:39 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip

138.201.48.112

200 OK

0 B

URL HTTP/2
megafile.cc/dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /dont-hotlink/b127e6f6-21f1-496b-8425-860f2f88f624.zip HTTP/1.1
Host: megafile.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: XSRF-TOKEN=eyJpdiI6InV3ZUhDVzFKQTRwK3drRGFZbUFmZXc9PSIsInZhbHVlIjoicGpobStsN3Y5VnFxcmFsQm85OE1uZkZWSmxyWkpFeHhONloxdHY0TUJLMVliN3BQSmFFb1RnRmZ3ZDhFZUxxMkJYNWRjUkFFVk1uV3dXL09oemkrUDRmZWdFckpLemUvcGdzYzA1dE1la29meUgvc0hWVjNZYTQrSzQrQU1nbk4iLCJtYWMiOiIxOTdhOTEyMmI2N2E3ZDIyYWQ4MTY4ODc0OGMxMDE4NWMwNWI2NGI0ZmU2MTc3NzJkMzg5NTA5ZWRjMzE2MmEyIiwidGFnIjoiIn0%3D; expires=Mon, 07-Nov-2022 02:32:39 GMT; Max-Age=2678400; path=/; samesite=lax
megafile_session=eyJpdiI6IkpPRldPemUrV3pVOFlac3AxVUZGSnc9PSIsInZhbHVlIjoiOER3ejJjQXhDcFFoMEhoZnFIMFR0NnZjM1FXK3F2c0VGd2lZQy9YT2swVUpka3R2SkNJREJMQ0U0cFZtNDlQNWZIZm4xVVZhODIxNzNMYVVDZHNrK1pqY0oyRVRkN0Nya1pmMFBqMERlOUU5dXQ1am5yZStsenZjT0t0ZHBITkIiLCJtYWMiOiJkNmYzOTVmNzQzYTFlOWQ1MmY3NzE1ZDIzYjdiMThmMTBmYTdkZGEzNjcwMDBhOWNkODgwNDVjNTFjYTE0ZDA3IiwidGFnIjoiIn0%3D; expires=Mon, 07-Nov-2022 02:32:39 GMT; Max-Age=2678400; path=/; httponly; samesite=lax
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 07 Oct 2022 02:32:39 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

dozubatan.com/400/4250687

139.45.197.237

200 OK

0 B

URL HTTP/2
dozubatan.com/400/4250687
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /400/4250687 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/javascript
x-trace-id: 74c4ffc4b742b4027c5befbb62e8ea10
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=e9349d2af74744968781ea847086b28a; expires=Sat, 07 Oct 2023 02:32:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

pseepsie.com/pfe/current/tag.min.js?z=4250689

139.45.197.250

200 OK

0 B

URL HTTP/2
pseepsie.com/pfe/current/tag.min.js?z=4250689
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/tag.min.js?z=4250689 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

172.64.205.17

200 OK

0 B

URL HTTP/2
tzegilo.com/stattag.js
IP
172.64.205.17:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5947
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fvn3aN0M8rt9gBX8HCMia1nQ8jQizITNwWDBZpX27be4KmmUTBNBmvz7tXO4vjVyaWVW2fzpChj9qbhfFhwOd6hXQF3vFi626hKJXLPUdyxTI2%2FRZHWefrjtKWYKPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75633a443d5871ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

139.45.197.237

200 OK

0 B

URL HTTP/2
dozubatan.com/500/4250687?excludes=15111844&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /500/4250687?excludes=15111844&oaid=4c55a12078ce413a944ce3bbcf87b6f5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmegafile.cc%2Fdont-hotlink%2Fb127e6f6-21f1-496b-8425-860f2f88f624.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://megafile.cc
Connection: keep-alive
Referer: https://megafile.cc/
Cookie: OAID=4c55a12078ce413a944ce3bbcf87b6f5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:45 GMT
content-type: application/javascript
x-trace-id: e40293d48a749209cffdeaf2a3825f19
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://megafile.cc
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=4c55a12078ce413a944ce3bbcf87b6f5; expires=Sat, 07 Oct 2023 02:32:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=1238288186

139.45.197.236

200 OK

0 B

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=1238288186
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=1238288186 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:41 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 50bea0613b10d1e45f1378113def8336
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

tovanillitechan.com/1?z=4250688

139.45.197.239

200 OK

0 B

URL HTTP/2
tovanillitechan.com/1?z=4250688
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=4250688 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 02:32:40 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 6318733daaa377027fd285178e26df08
access-control-expose-headers: X-Sc
x-sc: abHV824M3Qd7w2R2-gFL4GkbJnsWBIsa6rW3umLmIRoQtIM8UqSLSG45uKPKmFNYdPP0h2KdI925kPBCwnT9ZAtK0Cw=
set-cookie: scm=1; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
OAID=161af994282049e6b4af601753eb2a7a; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
oaidts=1665109960; expires=Sat, 07 Oct 2023 02:32:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js

104.16.122.175

200 OK

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
IP
104.16.122.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megafile.cc/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 07 Oct 2022 02:32:39 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1a7f-Ufoq68yhVBjz3riH5wAGJXD40pU"
via: 1.1 fly.io
fly-request-id: 01G7558XE30T0T2M6RDRBFG7JV-fra
cf-cache-status: HIT
age: 8153203
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75633a3fdc090b69-OSL
content-encoding: br
X-Firefox-Spdy: h2

iclickcdn.com/tag.min.js

172.67.75.9

200 OK

0 B

URL HTTP/2
iclickcdn.com/tag.min.js
IP
172.67.75.9:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: iclickcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 07 Oct 2022 02:32:39 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 3135d9cbe81bf521a77295f376df42e8
cache-control: max-age=86400
last-modified: Wed, 05 Oct 2022 15:42:04 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 08 Oct 2022 01:17:27 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 4512
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZcDvZvw185GsXZenaK%2BbOt4vU6toIkbWqJ1M692kFKoH%2BXevSyCDK14zvX8M5oLmsN13dlhFYPBT0rkEFYa%2BDo1y5GDAS73ujuThLELUXqJfBkk%2Bq5CQsxGSVRQ%2BDro%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75633a3fe8b7b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js

104.16.122.175

302 Found

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
IP
104.16.122.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megafile.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 07 Oct 2022 02:32:39 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GER4K8X0F0NZ1K78QD8Q6WKZ-ams
cf-cache-status: EXPIRED
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75633a3f4bdd0b69-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations