{"report_id":"f25f8f75-1256-4d2f-8cb7-4425b8e61074","version":6,"status":"done","tags":[],"date":"2026-03-25T15:56:55Z","url":{"schema":"http","addr":"luckymegawinner.com/l/687a7dbc10e46e6ab1083af9","fqdn":"luckymegawinner.com","domain":"luckymegawinner.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":0,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"title":"1XBET","dom":{"size":4804,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"686224d75576ae6c17700df9fbb0acae","sha1":"ec740d391ae8948be13080b52702f21dd60fc606","sha256":"c0334fb847421f40d1cc4bd19c27b719cf79626dad1700e599c0bf9f2ea74031","sha512":"5f713f7252a0a9873a9d66d78dc4008508d0625c203ae423690a153b18bbdae86850b567c561483336f992fd627c32070249a95e3206ee6f6fa68ebebed187ca","ssdeep":"96:WZusGfgCZMVLu3UPrEtOWj+EnYpnFAsQ06uEMgc61QbIswIM68Am+/NF7KqwtO2V:HfgCZOLu3urEtOWj+EYpn6GEMmQcswIO","tlshash":"bda1f02084cc6d3f421286daa0a5ebdd38dfcdb4ea3280d2f6b703a552d6dc1bd12566","dom_hash":"domhash0a52ae46c2dc04653d7fc9162a7ec811","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"luckymegawinner.com/l/687a7dbc10e46e6ab1083af9","fqdn":"luckymegawinner.com","domain":"luckymegawinner.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":0,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-29T15:56:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"luckymegawinner.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fastthemegaplay.com","ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"domain_registered":"2025-12-10","domain_rank":0,"first_seen":"2026-03-17T20:24:54.93882Z","last_seen":"2026-03-25T12:59:38.180356Z","alert_count":13,"request_count":13,"received_data":517163,"sent_data":7007,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"particles.js","description":"Particles.js is a JavaScript library for creating particles.","website":"https://github.com/VincentGarreau/particles.js","common_platform_enumeration":"","icon":"","categories":["JavaScript graphics"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-03-22T22:16:16.728956Z","alert_count":0,"request_count":4,"received_data":120516,"sent_data":2197,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-22T22:20:05.651051Z","alert_count":0,"request_count":1,"received_data":8957,"sent_data":499,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"luckymegawinner.com","ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"domain_registered":"2025-03-04","domain_rank":0,"first_seen":"2026-02-25T04:26:57.819882Z","last_seen":"2026-03-25T12:59:57.898967Z","alert_count":1,"request_count":1,"received_data":5568,"sent_data":514,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/js/index.js","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"2391c9574fa20b76373f00dd5651191a","sha1":"40484c4804181ff2081fc8cc3ab8d4f50fe22c4f","sha256":"d38f9051935818f8b5a3bc6bf9e2c488479bdf499783e9ed0d3f693a6fdd4ace","sha512":"4cdd2eb3e7825ce5a4ec76946954a918cff19d2c1bae199d6ac750791aab08c94046c4982b588d9b9623cc9287f07701a0d2e2d9b06a87a9e6fd0e0095686e8e","ssdeep":"192:q9OueEHGflTpMyKxuZ/DMaQe3cxLRxwKbOxSm:qkGEXUuZ6xLRxw0OMm","tlshash":"00e18404f3ef15bf95f363d670b9df89592dd061c0201038b1ad591c1bfba84a662ade","size":7088,"data":"","first_seen":"2025-08-31T16:58:51.019852Z","last_seen":"2026-04-10T14:10:17.092518Z","times_seen":84,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/js/jquery-3.6.0.min.js","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-22T06:53:38.19012Z","times_seen":453216,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/js/particles.min.js","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"08bd8ed926fa216a54b076590a459e67","sha1":"b4d9a963b9200cc77ceaa1bf4a12537a29c0626a","sha256":"e143ea82cbb391479838962ed3a39a9f2319679ddf33e689217d26b0e206d724","sha512":"7f5bf533e4151c0a84bc10909b1ea78ccd16d9f0cff336108e61402ef94df6389972a4ea01926b981cb79747d57512ca6020271b4f5111e72f4b1102b8f2dd73","ssdeep":"384:FkfJtGvWjT6uYvqhCz8wSEHESxtVAFPQcYpeib+9rOEKXWd/:FC7T6uYvn8wRxwyryVOEKXW5","tlshash":"42a2934d23f73e77339ab2e05be9d122c774a4d1399b04b0f93c667da52549201ee7a0","size":23372,"data":"","first_seen":"2023-03-07T01:17:29Z","last_seen":"2026-04-22T01:47:24.069787Z","times_seen":1254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/js/jquery.validate.min.js","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"e5f8f26abaa9de188be591c0e332766a","sha1":"cb07cb5127c6c6142928dbd17088bd6d937b6c81","sha256":"d2dfc40dfb65bd09e79dd1d2276eeb441dbdf058bdab872bf7bd10ec198188ac","sha512":"2bbb942402107669cbfc13aaaaaeeef3211e320d7039f1f63f60e66063589acbd4f04b6ed5c7e4bf15756292af8f71b2aec0c012f77f950b911d3f6c2a21eb66","ssdeep":"384:Q6yrHpgLFWZ6/tX2lHJdkMiYnFpg5SLwaE2fSNAc0Eny+RWuK7NeB2wV/vtrx+Ow:fWZ6/8lHJdkMioFpg5SUB2yQEny+NNxa","tlshash":"83b2a68976d271065e9720f4509b660b61b669a1e008e83cb5b8d4d2bef8fcc50f7f78","size":24430,"data":"","first_seen":"2023-05-03T20:14:44Z","last_seen":"2026-04-21T15:36:58.507609Z","times_seen":690,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/img/logo.svg","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/img/logo.svg HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\nlast-modified: Tue, 03 Jun 2025 11:35:14 GMT\r\netag: W/\"683eddf2-63d\"\r\ncache-control: public, max-age=1, stale-while-revalidate=60, stale-if-error=3600\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nage: 58\r\ncf-cache-status: UPDATING\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9e1f1b354eae3181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1597,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"62a52e9f629e2dfa99ce7f4ced89fc28","sha1":"7f2487e588d6b191b41470810a7688b99cc817c4","sha256":"d27e7ede799733faf101e1e340a19944eeb825063fc755b06b687a41565720d0","sha512":"ce794fd83d5110d346c0e8ac48fa8c5397ac9ef106e6ef8e1c4dbd4ff9f55bdee96fc13bc55f9ea1d054de8e2a73c9d6f6fa83fd6f008855988e26aa0b5a5c27","ssdeep":"","tlshash":"19313ff426089a647c405bb6af1a907861a7f4edef708a408bc06f69f04784d4d9edc1","first_seen":"2025-08-31T16:58:51.026114Z","last_seen":"2026-04-10T14:10:17.093088Z","times_seen":84,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/js/index.js","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/js/index.js HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1f1b355ec93181-OSL\r\nlast-modified: Tue, 03 Jun 2025 11:47:44 GMT\r\netag: \"683ee0e0-1bb0\"\r\ncache-control: public, max-age=1, stale-while-revalidate=60, stale-if-error=3600\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nvary: accept-encoding\r\nage: 58\r\ncf-cache-status: UPDATING\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7088,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"2391c9574fa20b76373f00dd5651191a","sha1":"40484c4804181ff2081fc8cc3ab8d4f50fe22c4f","sha256":"d38f9051935818f8b5a3bc6bf9e2c488479bdf499783e9ed0d3f693a6fdd4ace","sha512":"4cdd2eb3e7825ce5a4ec76946954a918cff19d2c1bae199d6ac750791aab08c94046c4982b588d9b9623cc9287f07701a0d2e2d9b06a87a9e6fd0e0095686e8e","ssdeep":"192:q9OueEHGflTpMyKxuZ/DMaQe3cxLRxwKbOxSm:qkGEXUuZ6xLRxw0OMm","tlshash":"00e18404f3ef15bf95f363d670b9df89592dd061c0201038b1ad591c1bfba84a662ade","first_seen":"2025-08-31T16:58:51.019852Z","last_seen":"2026-04-10T14:10:17.092518Z","times_seen":84,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/js/particles.min.js","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/js/particles.min.js HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1f1b355ebf3181-OSL\r\nlast-modified: Thu, 26 Oct 2023 18:43:28 GMT\r\netag: \"653ab350-5b4c\"\r\ncache-control: public, max-age=1, stale-while-revalidate=60, stale-if-error=3600\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nvary: accept-encoding\r\nage: 58\r\ncf-cache-status: UPDATING\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23372,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (23002), with CRLF line terminators","md5":"08bd8ed926fa216a54b076590a459e67","sha1":"b4d9a963b9200cc77ceaa1bf4a12537a29c0626a","sha256":"e143ea82cbb391479838962ed3a39a9f2319679ddf33e689217d26b0e206d724","sha512":"7f5bf533e4151c0a84bc10909b1ea78ccd16d9f0cff336108e61402ef94df6389972a4ea01926b981cb79747d57512ca6020271b4f5111e72f4b1102b8f2dd73","ssdeep":"384:FkfJtGvWjT6uYvqhCz8wSEHESxtVAFPQcYpeib+9rOEKXWd/:FC7T6uYvn8wRxwyryVOEKXW5","tlshash":"42a2934d23f73e77339ab2e05be9d122c774a4d1399b04b0f93c667da52549201ee7a0","first_seen":"2023-03-07T01:17:29Z","last_seen":"2026-04-22T01:47:24.069787Z","times_seen":1254,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:21:09 GMT","end":"Mon, 18 May 2026 18:21:08 GMT"},"fingerprint":{"sha1":"D5:23:F9:83:DE:D4:E8:AB:85:EF:63:D4:2C:6E:62:44:96:04:04:8E","sha256":"D3:04:E0:CB:3E:1B:51:D2:DD:21:AB:B5:3E:6D:E3:40:D7:D5:1E:07:D1:8A:BF:8C:CC:01:FC:AE:92:1F:69:2D"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fastthemegaplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 23664\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 18 Mar 2026 18:54:18 GMT\r\nexpires: Thu, 18 Mar 2027 18:54:18 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:36 GMT\r\ncontent-type: font/woff2\r\nage: 594135\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23664,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23664, version 1.0","md5":"f92ee388273b5931a1b09a41d3906a3a","sha1":"d38fbadd1b1ceccffbfb43f677698f3a7112f0b4","sha256":"481dd0c01e6bbb129fd147eb5d8571016193cba141c4627ca60ceabdb5a46ea8","sha512":"a3a042b0a845b46de4c272bca16e48d5f332386dc3d4e6e8cf4ebc63238950c265d5a1b3955d257ff12fa3ced224ff11818385256786612130bd35dbd5fe2033","ssdeep":"384:GnNWef/I43MJlQUfZZgeoBpKtbPjHdLE+igeN/T67+mFirVAfPdixSNCsugG3iMF:GsCvIOUfZaeoytbZLE+i9pT67+/rVSdO","tlshash":"96b2e012e6c8bdf6e0c1093e25317ecb298fd9eba8724c624c1ab95d339257c5819d4c","first_seen":"2026-02-19T22:49:57.285177Z","last_seen":"2026-04-22T07:13:25.349711Z","times_seen":4653,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":85,"dns":1,"connect":13,"send":0,"wait":8,"receive":3,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:56:33.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/?refCode=sk_w238255c300299l23986p2169_ HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncf-ray: 9e1f1b336cb53181-OSL\r\nset-cookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930; expires=Thu, 26 Mar 2026 15:56:33 GMT; Max-Age=86400; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"particles.js","description":"Particles.js is a JavaScript library for creating particles.","website":"https://github.com/VincentGarreau/particles.js","common_platform_enumeration":"","icon":"","categories":["JavaScript graphics"]}],"data":{"size":4922,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9d62de8b0c4b351f0e8e0905944a57a1","sha1":"7b4a476f5f9daa6c47fb257ddbaf1ca4eaef0085","sha256":"04c022596f4549523e76bdcfedf80e89560dbf51447e527e4e42cf84e1d85511","sha512":"c5ba636b2ab33a2708918fa5725d0e84522665d0c77b0e7bda83c55de121749db67848c5828579edf20bb513b8bed61de39c6c89c063bcb41ef13411092f69d1","ssdeep":"96:AusA/BM0Lu3UPrEtOx+E1pnXAsQl6uEMgd61QfPwIM6vm+uF7KqwtOf1nmGu:J/BM0Lu3urEtOx+E1pnw1EM3QXwIM6vL","tlshash":"c7a12461848c7c7f421296de60a5e79d38df8e70ea3290d2f2fb436556d6dc0fe118a2","first_seen":"2026-03-25T12:59:38.303003Z","last_seen":"2026-03-25T15:56:55.797058Z","times_seen":4,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/css/select2.min.css","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/css/select2.min.css HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: text/css\r\ncf-ray: 9e1f1b354e913181-OSL\r\nlast-modified: Wed, 27 Mar 2024 12:23:39 GMT\r\netag: \"66040fcb-3f89\"\r\ncache-control: public, max-age=1, stale-while-revalidate=60, stale-if-error=3600\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nvary: accept-encoding\r\nage: 58\r\ncf-cache-status: UPDATING\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16265,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16263), with CRLF line terminators","md5":"bb4f601b18b642bda193fb02d8845d94","sha1":"dd955de114f23a39b7ce95f62c56b77aed15f7ed","sha256":"4a7641c6c583062a068c15438922a6ab5087da847d51d18b36929b013f106671","sha512":"e9be22785e1fe87e33b3fc557656c0c0985687ddcd080c303c8935464f65be56c77ec211d6e792a57c6f4653b5e6a510d06ee6f075a16e34497f645062066e09","ssdeep":"192:1EaNSrenTfc3aq6J5wV1Q9CPxWqAUJKk3BcH9t3E:1keTfXnS1Q9sWqbxRcdpE","tlshash":"ef72d935bacc2239b0bf8e7f6cf2b4946629dd5fc4111b9ab8e9e154c8e04540a4b60f","first_seen":"2023-04-27T00:33:01Z","last_seen":"2026-04-21T22:41:55.269911Z","times_seen":972,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/img/preloader.svg","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/img/preloader.svg HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\nlast-modified: Tue, 12 Dec 2023 14:54:55 GMT\r\netag: W/\"6578743f-26a\"\r\ncache-control: public, max-age=1, stale-while-revalidate=60, stale-if-error=3600\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nage: 58\r\ncf-cache-status: UPDATING\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9e1f1b354ea43181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":618,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"86ecea4e270f7a10d435b6592c5e6258","sha1":"68164d7de67eecfa9dda9ddbc81cc10683e94f8f","sha256":"b67acb03a1da43b0e54ceac90c104af85fa67bdb854b34fa3b95c77cf9c2b7cd","sha512":"18826d8760f4c456f716188e6466fe51b22c9cd8bcc808708128989ca246debcb6cd0301afa36a2d9da8373eaddccf5a36896bb18b5d3bf26262a2874353f7d7","ssdeep":"","tlshash":"18f0d3388600482e9714c560e3ed6d00536fe193039900e9f6506d3bf00d86955ef3cd","first_seen":"2024-12-18T06:32:00.171714Z","last_seen":"2026-04-21T15:36:58.509824Z","times_seen":627,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/js/jquery.validate.min.js","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/js/jquery.validate.min.js HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1f1b355ebb3181-OSL\r\nlast-modified: Wed, 05 Jul 2023 11:34:53 GMT\r\netag: \"64a5555d-5f70\"\r\ncache-control: public, max-age=1, stale-while-revalidate=60, stale-if-error=3600\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nvary: accept-encoding\r\nage: 58\r\ncf-cache-status: UPDATING\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24432,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (24290)","md5":"e5f8f26abaa9de188be591c0e332766a","sha1":"cb07cb5127c6c6142928dbd17088bd6d937b6c81","sha256":"d2dfc40dfb65bd09e79dd1d2276eeb441dbdf058bdab872bf7bd10ec198188ac","sha512":"2bbb942402107669cbfc13aaaaaeeef3211e320d7039f1f63f60e66063589acbd4f04b6ed5c7e4bf15756292af8f71b2aec0c012f77f950b911d3f6c2a21eb66","ssdeep":"384:Q6yrHpgLFWZ6/tX2lHJdkMiYnFpg5SLwaE2fSNAc0Eny+RWuK7NeB2wV/vtrx+Ow:fWZ6/8lHJdkMioFpg5SUB2yQEny+NNxa","tlshash":"83b2a68976d271065e9720f4509b660b61b669a1e008e83cb5b8d4d2bef8fcc50f7f78","first_seen":"2023-05-03T20:14:44Z","last_seen":"2026-04-21T15:36:58.507609Z","times_seen":690,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@100..900\u0026family=Rubik:wght@300..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:21:09 GMT","end":"Mon, 18 May 2026 18:21:08 GMT"},"fingerprint":{"sha1":"63:D1:AE:99:1E:49:D7:6C:71:F3:BA:F5:BA:47:74:1E:EB:90:E7:D6","sha256":"69:90:BB:9D:82:60:82:88:FF:CE:F6:B3:3D:DD:B5:B5:FB:F0:56:17:FD:FA:0D:BC:9C:5B:83:51:98:0D:2F:CF"}}},"request":{"raw":"GET /css2?family=Roboto:wght@100..900\u0026family=Rubik:wght@300..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 25 Mar 2026 15:56:33 GMT\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8271,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"0be00d297c1a99a9bae70bd47f4b42fa","sha1":"67fa2c2129fce9d4f405b21abe90be876bcfa104","sha256":"df87af338d0784f84c24f429bf3bb5b78895e779219493aaa1040f6d06e3ab0b","sha512":"75f7f77b73c1c899d4949333fb8a8569c5ff3799b3cd8d17efa731a787483922d6f7d043b48bc39cd8764a3451cffc5e9a9cdcbff1c1a1bf7c1935ef9131a9cf","ssdeep":"192:6N9fKN9DN9MN9fgN9/qnN9DbqGIwV49N9bN9uUN9YhClasCs/Aop:A9fw95969W9yN9/qY4T9h9B9blJH","tlshash":"dd020ee1081b4444ab835cd223ce7e36fe0e52113041d1b9abfd5b5b9cebc62626939d","first_seen":"2026-02-20T04:54:55.146735Z","last_seen":"2026-04-21T15:36:58.512588Z","times_seen":318,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":99,"dns":1,"connect":21,"send":0,"wait":36,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/rubik/v31/iJWKBXyIfDnIV7nFrXyw1W3fxIlGzg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:21:09 GMT","end":"Mon, 18 May 2026 18:21:08 GMT"},"fingerprint":{"sha1":"D5:23:F9:83:DE:D4:E8:AB:85:EF:63:D4:2C:6E:62:44:96:04:04:8E","sha256":"D3:04:E0:CB:3E:1B:51:D2:DD:21:AB:B5:3E:6D:E3:40:D7:D5:1E:07:D1:8A:BF:8C:CC:01:FC:AE:92:1F:69:2D"}}},"request":{"raw":"GET /s/rubik/v31/iJWKBXyIfDnIV7nFrXyw1W3fxIlGzg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fastthemegaplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15028\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 22 Mar 2026 02:02:18 GMT\r\nexpires: Mon, 22 Mar 2027 02:02:18 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:06 GMT\r\ncontent-type: font/woff2\r\nage: 309255\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15028,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15028, version 1.0","md5":"42df88898bab0fab4c59cd7590f670ed","sha1":"5a31376aff3fbaad3396224b7157d1294273b326","sha256":"6285243909b5d0b7d12b5795a99e37355e361ebfeef01b6f8bc95fbe46aa611c","sha512":"6df2554d7064157913f8f19bce08248edb1daaed201da4efdae927d3742a55a3f6584d07c94c5772fbd5222978b6857951054d6699dcdc8e16ba1c7b5bb3c1ca","ssdeep":"384:TzdHStVe4OxNyweZXvvMrcOYVGPfSGOPhz:TzdHS32yVZ/vMzYQHrKz","tlshash":"6762c090cbfdb6e3e93c26b44748fa853dd2fa205837e3d1afc2885170c071a36a5526","first_seen":"2025-06-04T19:39:20.238119Z","last_seen":"2026-04-22T06:04:38.598623Z","times_seen":1738,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"luckymegawinner.com/l/687a7dbc10e46e6ab1083af9","fqdn":"luckymegawinner.com","domain":"luckymegawinner.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:56:32.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"luckymegawinner.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 14:00:35 GMT","end":"Sat, 23 May 2026 15:00:33 GMT"},"fingerprint":{"sha1":"7E:99:68:D5:58:E4:22:F8:A9:C1:31:40:21:94:6F:82:9E:5A:7A:B5","sha256":"5E:87:E7:BF:D4:C8:50:93:DC:3D:1C:C6:35:71:5B:D3:92:F8:88:8C:19:EE:91:EC:8C:37:FC:ED:4C:4C:93:CA"}}},"request":{"raw":"GET /l/687a7dbc10e46e6ab1083af9 HTTP/1.1\r\nHost: luckymegawinner.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://fastthemegaplay.com/landingpages/1xbt?refCode=sk_w238255c300299l23986p2169_\r\ncf-ray: 9e1f1b314cd70731-OSL\r\nset-cookie: PHPSESSID=a0b29fdac54dd19c7dc3b0493da8d8d8; expires=Thu, 26 Mar 2026 15:56:32 GMT; Max-Age=86400; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":4922,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T07:09:26.862004Z","times_seen":14049882,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":26,"dns":2,"connect":1,"send":0,"wait":195,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"luckymegawinner.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/landingpages/1xbt/?refCode=sk_w238255c300299l23986p2169_","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:56:33.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /landingpages/1xbt/?refCode=sk_w238255c300299l23986p2169_ HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\nlocation: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\ncf-ray: 9e1f1b330b0c3181-OSL\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4922,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T07:09:26.862004Z","times_seen":14049882,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/css/main.css","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/css/main.css HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: text/css\r\ncf-ray: 9e1f1b354e973181-OSL\r\nlast-modified: Tue, 03 Jun 2025 12:23:21 GMT\r\netag: \"683ee939-3ec7\"\r\ncache-control: public, max-age=1, stale-while-revalidate=60, stale-if-error=3600\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nvary: accept-encoding\r\nage: 58\r\ncf-cache-status: UPDATING\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16071,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16033)","md5":"94c1f37e0ed623bc2c4232547bb102b9","sha1":"8d942fabd26b5011892918ce72d9df848c92e9d2","sha256":"3c57f94d07e31ca6d99d28a324f8e10b671613c816a6ee54cca56d826271ba50","sha512":"962a24f82050eb5e6f4873b136a0ab01fbaf26045f5c47c5485cf9e19995577478e083b57a55ce00e5d7587ea9677eee1a52b21b945c579e00038c343fe31268","ssdeep":"192:FwJrfvy05V1J8tgpC86FMxYZrRUqAbLQAm:FaHFz8tgpC86ixY5RUqUQAm","tlshash":"2d7285335561220cf137cf7927d466a902388423ea174aeaa6436d64c7cf7d616b3bca","first_seen":"2025-08-31T16:58:51.023771Z","last_seen":"2026-04-10T14:10:17.091341Z","times_seen":84,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/js/jquery-3.6.0.min.js","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/js/jquery-3.6.0.min.js HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1f1b354eb43181-OSL\r\nlast-modified: Fri, 08 Jul 2022 10:09:40 GMT\r\netag: \"62c80264-15d9d\"\r\ncache-control: public, max-age=1, stale-while-revalidate=60, stale-if-error=3600\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nvary: accept-encoding\r\nage: 58\r\ncf-cache-status: UPDATING\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-22T06:53:38.19012Z","times_seen":453216,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/img/webp/bg-desk.webp","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/img/webp/bg-desk.webp HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/css/main.css\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: image/webp\r\ncontent-length: 316926\r\ncf-ray: 9e1f1b37180b3181-OSL\r\nlast-modified: Tue, 03 Jun 2025 12:23:21 GMT\r\netag: \"683ee939-4d5fe\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nage: 196\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":316926,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1160, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f8a9f71dc7c84ce0c3a1c99f9097b393","sha1":"6dfcb6e9834dd8f9ee4287f47189df373dd146df","sha256":"44b3dc6aa1a6f8a905c7f2392d155a5dc973b26d6b35c48fac1eb46075399a1a","sha512":"75361b60dd276e3db357794f869cfc01e4c3c6b1cee8e0c89d56570eaa7925f427fc16180e52567dc5af277b7cd141aa9be407b04c86482c3ddfe91372a8e4d5","ssdeep":"6144:xjFg/GnByqj1CyrZSLCOLy2dfWfO/DaTzLJi6MeIBci0iFNOFCF8aT/pq2finw1g:Lg/QBHXg5ykV/uTzLI6uBcdiFGCF5/pU","tlshash":"0d6423841d8df60edf2a4632bb2dd1c6a8f50eb331a3acd78f2254458619481b7f17a7","first_seen":"2025-08-31T16:58:51.02863Z","last_seen":"2026-04-10T14:10:17.083459Z","times_seen":85,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:21:09 GMT","end":"Mon, 18 May 2026 18:21:08 GMT"},"fingerprint":{"sha1":"D5:23:F9:83:DE:D4:E8:AB:85:EF:63:D4:2C:6E:62:44:96:04:04:8E","sha256":"D3:04:E0:CB:3E:1B:51:D2:DD:21:AB:B5:3E:6D:E3:40:D7:D5:1E:07:D1:8A:BF:8C:CC:01:FC:AE:92:1F:69:2D"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fastthemegaplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 23 Mar 2026 19:50:51 GMT\r\nexpires: Tue, 23 Mar 2027 19:50:51 GMT\r\ncache-control: public, max-age=31536000\r\nage: 158742\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-04-22T07:05:42.655352Z","times_seen":93061,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":127,"dns":1,"connect":25,"send":0,"wait":9,"receive":7,"ssl":102},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/rubik/v31/iJWKBXyIfDnIV7nBrXyw1W3fxIk.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:21:09 GMT","end":"Mon, 18 May 2026 18:21:08 GMT"},"fingerprint":{"sha1":"D5:23:F9:83:DE:D4:E8:AB:85:EF:63:D4:2C:6E:62:44:96:04:04:8E","sha256":"D3:04:E0:CB:3E:1B:51:D2:DD:21:AB:B5:3E:6D:E3:40:D7:D5:1E:07:D1:8A:BF:8C:CC:01:FC:AE:92:1F:69:2D"}}},"request":{"raw":"GET /s/rubik/v31/iJWKBXyIfDnIV7nBrXyw1W3fxIk.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fastthemegaplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 35348\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 22 Mar 2026 10:06:10 GMT\r\nexpires: Mon, 22 Mar 2027 10:06:10 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:39:37 GMT\r\ncontent-type: font/woff2\r\nage: 280223\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":35348,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 35348, version 1.0","md5":"6e192bc03c1ec5b2ba6b1281ae4f4a71","sha1":"54dd8ad0f73f88eb7c28888d5582380a978f6571","sha256":"8fb387ef4c02189952d5644187a217863e71db410f9dfb3b0afd0ebc4447bec6","sha512":"412aec2aa07af44d4f5e889ddddb9af73b89cccb793aabbb1161583f3d13ff0adc2053edb329a039fa5bc7c9f5b4a69170365e3ad29cd95a8b81fe9997ae1f7d","ssdeep":"768:Dbm/Jw6U5CNNTG4IwnW0kpZ/NXBeh58pFpS0Lz6fihG4iW3lpsii3AYNb:umF5CN5GVwnONBV20Lz6fihGs33siiQk","tlshash":"97f2f1817ff58f13286ab078b5bf8f5b4778a348509674af92c3e7b48c851c85f12891","first_seen":"2025-06-02T19:11:03.283598Z","last_seen":"2026-04-22T06:18:34.662897Z","times_seen":24035,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":72,"dns":1,"connect":16,"send":0,"wait":9,"receive":9,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/1xbt/img/favicon.png","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_","date":"2026-03-25T15:56:33.973Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /1xbt/img/favicon.png HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\nCookie: PHPSESSID=4d69c96ccae71527a53ef2174d39c930\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:56:34 GMT\r\ncontent-type: image/png\r\ncontent-length: 380\r\ncf-ray: 9e1f1b385f013181-OSL\r\nlast-modified: Tue, 03 Jun 2025 11:35:56 GMT\r\netag: \"683ede1c-17c\"\r\ncache-control: public, max-age=1, stale-while-revalidate=60, stale-if-error=3600\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\nage: 58\r\ncf-cache-status: UPDATING\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":380,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"d4bc8a7a35d39b931a87c9f1cd557096","sha1":"5cea0c6fcf50976a91d41b59e9d2718d8c3db5ab","sha256":"8b944e0279717d43858657adff29e42a5ab7c3d5bf1efddf0c8b52e65f67688f","sha512":"5c8b5ac2788f52ce779240338b66d00b74e6c28ca0e634bde77f5bfd8138ccb949221b383cba0e708116669d538a851d8407ba5ff042b80c45d73865c0bebec7","ssdeep":"","tlshash":"50e0f18761c16664b6fa8726350530422b635184b0e24a0ecc4308c179e39302866719","first_seen":"2023-04-15T15:13:04Z","last_seen":"2026-04-10T14:10:17.09426Z","times_seen":445,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastthemegaplay.com/landingpages/1xbt?refCode=sk_w238255c300299l23986p2169_","fqdn":"fastthemegaplay.com","domain":"fastthemegaplay.com","tld":"com"},"ip":{"addr":"185.176.24.128","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:56:33.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fastthemegaplay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 10:42:45 GMT","end":"Sat, 09 May 2026 11:42:36 GMT"},"fingerprint":{"sha1":"DC:B4:53:89:03:9C:09:9A:D8:7D:89:6C:C1:74:A6:70:C6:B9:32:35","sha256":"EA:78:D3:51:EB:B5:03:C5:F5:82:21:B5:A3:A9:AA:9A:C4:0C:DC:08:BB:69:91:3D:D2:F9:54:E1:55:62:80:C8"}}},"request":{"raw":"GET /landingpages/1xbt?refCode=sk_w238255c300299l23986p2169_ HTTP/1.1\r\nHost: fastthemegaplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Wed, 25 Mar 2026 15:56:33 GMT\r\ncontent-type: text/html\r\ncontent-length: 162\r\nlocation: https://fastthemegaplay.com/landingpages/1xbt/?refCode=sk_w238255c300299l23986p2169_\r\ncf-ray: 9e1f1b32b95b3181-OSL\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=300; includeSubDomains;\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4922,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T07:09:26.862004Z","times_seen":14049882,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":25,"dns":1,"connect":1,"send":0,"wait":49,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"fastthemegaplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}