megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
91.209.70.182301 Moved Permanently 162 B URL HTTP/1.1 megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
IP 91.209.70.182:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /2uokh/Phasmophobia_v0.7.0.1.part1.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 01 Oct 2022 20:05:44 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 24cdc937930ac2ef9c8f46ba1deabcc5
397417929951bf20f235d5f91510163ac213dc71
eb128aec099dbf1919ee5d965221e904ad3a2162583683cec44518640b505447
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB128AEC099DBF1919EE5D965221E904AD3A2162583683CEC44518640B505447"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10646
Expires: Sat, 01 Oct 2022 23:03:11 GMT
Date: Sat, 01 Oct 2022 20:05:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
18.165.201.17200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.165.201.17:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 20:02:45 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 ad6a59dd9fdc1afb57f7131fcd96bf20.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: YHx0unToRYWl74SAk7bpSGdbJhPQ0xE2NpEI7cfZgYepoRsc3qeeuw==
Age: 180
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.102200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.102:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 03:39:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d32d70ba49809b2292cca689969507a0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: KLRfc5GB6oAA0qPD2awrVVWNy6-WzaDAWilf8vmdlZC4xuSdor-Bcg==
age: 59549
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 8814816aa6512189fb73a0fbf1af861a
94061fe3845fe46cc2491d27ba3218c8c5b40773
1bccebbc673a31a235ad4324f10d520b334f36332cfe02792dce40d548410a48
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 20:05:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 30 Sep 2022 11:25:46 GMT
Expires: Fri, 07 Oct 2022 11:25:45 GMT
Etag: "94061fe3845fe46cc2491d27ba3218c8c5b40773"
Cache-Control: max-age=486599,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7537d09e5c3d0b59-OSL
megaup.net/themes/flow/images/main_logo_inverted.png
91.209.70.182200 OK 7.1 kB URL HTTP/2 megaup.net/themes/flow/images/main_logo_inverted.png
IP 91.209.70.182:0
File type PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d15526be10b904a6b48d1af04a10cc3
c09b6874359ac6d71db95593618a9acb55baa984
894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018
GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2601db85aa6894ea41f37fc0c1f2594a
afc9de950cf648d720a78467582b26346b8d53bc
3211c5c61098100152ea682c86ec84f3a80229b8d709e5cbe0022caba7dc9e24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 20:05:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.165.201.17200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.165.201.17:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Cache-Control, Alert, Last-Modified, Backoff, Retry-After, Expires, Content-Length, Pragma, ETag
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 01 Oct 2022 19:32:53 GMT
Expires: Sat, 01 Oct 2022 19:35:56 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 65cbd6c4094454b31bc32d6426b92cf2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: NFk9YlTEhbQ1YcB8Z58Ug6kfUmtxJhlbYMyVxlE8V01nSch0UgZ17Q==
Age: 1972
megaup.net/themes/flow/frontend_assets/css/fonts.css
91.209.70.182200 OK 749 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/fonts.css
IP 91.209.70.182:0
Hash e4983c542787c78943c5faad42cdfc07
7ba487091ce86e06d12955f21a8167a5d5855414
34088b354bdeb4350b9798b5cbed0c3d790144b87fae40e9d710c70a0c69461a
GET /themes/flow/frontend_assets/css/fonts.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-690"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-108868042-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (2039)
Hash 91276a2f5774aefe97c6cef74770b843
950420dc15752a16875535bed15a4f25247ace3e
001d6d6d0fc9b8d00dd6b05f90a7b920966617d2d1968455d48e606be3afa7ba
GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 20:05:45 GMT
expires: Sat, 01 Oct 2022 20:05:45 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Oct 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42365
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31836, version 1.1\012- data
Hash 4514fa5a5b3d1e0b14aa32a7d068124a
e634977bfabc20ed15fe7ed03d3876cf68834b93
5b0f118d658eacc5740b10b0dc2ebbd99ee8e8262c72ff29bfcda48c02b19861
GET /themes/flow/frontend_assets/fonts/raleway.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: font/woff
content-length: 31836
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c5c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/stylesheet.css
91.209.70.182200 OK 36 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/stylesheet.css
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash 84403c77bf91b3cc6a6702ec0397058e
5257a2b98a8c613c01fd293a0fbb0e695d3638a0
21eb7cb582ec73d40bc8b961bd1db2f4fd877075e180f5700e8a126b08a0b567
GET /themes/flow/frontend_assets/css/stylesheet.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6c82"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31980, version 1.1\012- data
Hash 99ac81a158028ac2023fb3350d2497e7
f08c12c91ab29282a616c3ba8e533f49b5b433ca
92a8c8eca8cfcfc53855bc48ba50b866704a00323c4e3089b564c939a668925d
GET /themes/flow/frontend_assets/fonts/raleway_semibold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: font/woff
content-length: 31980
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7cec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
108.138.212.227200 OK 189 kB URL HTTP/2 dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
IP 108.138.212.227:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 189 kB (188852 bytes)
Hash 495dedfd7ede098f039e5f4e37d1c62b
8bbd240029abeaaef8106b970d359a4e415e4339
80ff6b0105650506bf7eb79e05c3ac6ea55f11d93dbccd98e6cea75e543e8955
GET /?kzmmd=761186 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 188852
date: Sat, 01 Oct 2022 20:05:45 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 4b84bb80909a7ce00ada4d4940807b22.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: q1zVPSwSMfYgQIYFpV8NG14rKLI_Tz0pkbAsGgcqtH5PyO-DBrYQag==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
91.209.70.182200 OK 22 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash ad1af13fa56ff37fbf61626f4e1d6b10
bca65d0be26469bab7069bcb4b220e2d0553b509
74b272cbae30925e4e3c87ec24d976be420d043fbf21800688a0a9dbe26e3f20
GET /themes/flow/frontend_assets/css/isotope/isotope-style.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-af3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.dataTables.min.js
91.209.70.182200 OK 20 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.dataTables.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (768)
Hash 295bb6df5d5903381bc6425ac0f31997
b14ba29121c9c29292b43b7a7423095215b46790
f6dbbcc625c2acb1b9cc32fca0693b186ac0b1eaa8bee11129923999d62fd104
GET /themes/flow/js/jquery.dataTables.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-10fe4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
altowriestwispy.com/tysaSHG1FMaM/18410
172.255.6.50200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 172.255.6.50:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 20:05:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 02-Oct-2022 20:05:46 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 02-Oct-2022 20:05:46 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eb831fa6940db5c1ec5ac090b5f40b92
b9dacb2ea1bf3732d3db403724b8f1f6752a8e37
e07fa233fe87358472536138a812ae73d86be7b4acb797b2351237cfe4c9247d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E07FA233FE87358472536138A812AE73D86BE7B4ACB797B2351237CFE4C9247D"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21272
Expires: Sun, 02 Oct 2022 02:00:18 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GJiOdbmPoE454nziQT2ueA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OyIRBcYJySB1ARbtWUqD18U3t9o=
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c7ac9e29595749072622837820f8d808
191d4449aae47380468d57045d45cef96f6db384
bdb8c13be73e6d521c8a00aecfa51db277d908562bf1d31c675055f08868f215
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BDB8C13BE73E6D521C8A00AECFA51DB277D908562BF1D31C675055F08868F215"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16342
Expires: Sun, 02 Oct 2022 00:38:08 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
keydawnawe.com/gwZ1U5hjA8ii/32575
23.109.248.184200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 23.109.248.184:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 20:05:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 02-Oct-2022 20:05:46 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 02-Oct-2022 20:05:46 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
megaup.net/imageads/013.gif
91.209.70.182200 OK 273 kB URL HTTP/2 megaup.net/imageads/013.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 273 kB (272609 bytes)
Hash 7beac686260b0ebdea6f9f698938cafa
9780e2a185899456b34aad78a1cd8d1cfc856653
55b0832dd2d9cdc67b9bc6f605c4a8e45b69a533029eed40f87d4a949a49c4dc
GET /imageads/013.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: image/gif
content-length: 272609
last-modified: Thu, 01 Apr 2021 04:05:56 GMT
vary: Accept-Encoding
etag: "606546a4-428e1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
begantotireo.xyz/OFZEbmRZNCcDW1lrJkgRSjp5S1Z+c3YoAFU7PgUCXG52GQVBOGoNCFcjIAgWVzgwQApdImFcInI1KSQ0bSwRPCBrE3UtA2EaD1xQdgcCClZhMRY7J3whfDkTcjADBghSE3U/InUHERYleS51PzVfEScDKWweIyMMdhcsOyZBEzMtIXYTCAQAYAJ1NBRyZhEKJ2AfKTkcYR4POhRaEDM0FHI6Fj4gQRc0NiYMGQgAPXAYAgoMYS4GLzFVNTYsIXYeIiwhaQcCJw53OjcmI1UmLCw1SDchPxN8BC8KXH0EBi8xUmYoKyF9PCADMVoHLxoVYQcROCZBezNaM1QyFS0zfRAVXy4dZAI3A24SFl1VUgM8HTVzPBIPJ1MyfSg1QBMQJl0JBwFXMB48NwEKSGsRJDJZYA4MVHs0Bw
65.9.44.108200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/OFZEbmRZNCcDW1lrJkgRSjp5S1Z+c3YoAFU7PgUCXG52GQVBOGoNCFcjIAgWVzgwQApdImFcInI1KSQ0bSwRPCBrE3UtA2EaD1xQdgcCClZhMRY7J3whfDkTcjADBghSE3U/InUHERYleS51PzVfEScDKWweIyMMdhcsOyZBEzMtIXYTCAQAYAJ1NBRyZhEKJ2AfKTkcYR4POhRaEDM0FHI6Fj4gQRc0NiYMGQgAPXAYAgoMYS4GLzFVNTYsIXYeIiwhaQcCJw53OjcmI1UmLCw1SDchPxN8BC8KXH0EBi8xUmYoKyF9PCADMVoHLxoVYQcROCZBezNaM1QyFS0zfRAVXy4dZAI3A24SFl1VUgM8HTVzPBIPJ1MyfSg1QBMQJl0JBwFXMB48NwEKSGsRJDJZYA4MVHs0Bw
IP 65.9.44.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash ccc9b4b45c4684a191b62ce222737c67
6b39d086db0fc57e4ba8afe3496f8260bcaf45b4
fa32421a0505e20c3a16e8f2e45d5d46bc2ef4b1e1b745ed20d025c6d9203056
GET /OFZEbmRZNCcDW1lrJkgRSjp5S1Z+c3YoAFU7PgUCXG52GQVBOGoNCFcjIAgWVzgwQApdImFcInI1KSQ0bSwRPCBrE3UtA2EaD1xQdgcCClZhMRY7J3whfDkTcjADBghSE3U/InUHERYleS51PzVfEScDKWweIyMMdhcsOyZBEzMtIXYTCAQAYAJ1NBRyZhEKJ2AfKTkcYR4POhRaEDM0FHI6Fj4gQRc0NiYMGQgAPXAYAgoMYS4GLzFVNTYsIXYeIiwhaQcCJw53OjcmI1UmLCw1SDchPxN8BC8KXH0EBi8xUmYoKyF9PCADMVoHLxoVYQcROCZBezNaM1QyFS0zfRAVXy4dZAI3A24SFl1VUgM8HTVzPBIPJ1MyfSg1QBMQJl0JBwFXMB48NwEKSGsRJDJZYA4MVHs0Bw HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: xEgH1MSfxYce-adTQ1SNmj5yKh_sgZRqlIao7tucdzGJMOZGaJCM2A==
X-Firefox-Spdy: h2
begantotireo.xyz/d2N6YXUWARkMShZeGEcABQ9HREcxRkgnERoOAAoTE1tIFhQODVQCGRgWHgcHGA0OTxsSF19TMxYxP1QHOSYRDzwmNSkFHzYNPhYZAAAyBSE2DUsIPzULGCsPJRk9MDQcIDhZBDUiPxk0HgA4LjQtDDJRQQMGIlQ7ICAdED4hOiktNhgXLAYjASkpDj80O0sIOgAMMCs2BFM7DRIbKS0VLxQNAhATHFc9BCIAUS0GIwQHDRk6NQ0RDj8ANTgsIjFbLVENDwASJxE2JAJSMTJXPQQhLlcuBhY+BSIJMzUkOAkTMRcuLTYUDzgjM0AiFBkXNTsWURNGTgknFz85X1M3MzVKVjwkBD81Mg9ROSc8NDlJMxo/BBZVUx0QFQ8FShFODDkmIkopADsvTxA3
65.9.44.108200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/d2N6YXUWARkMShZeGEcABQ9HREcxRkgnERoOAAoTE1tIFhQODVQCGRgWHgcHGA0OTxsSF19TMxYxP1QHOSYRDzwmNSkFHzYNPhYZAAAyBSE2DUsIPzULGCsPJRk9MDQcIDhZBDUiPxk0HgA4LjQtDDJRQQMGIlQ7ICAdED4hOiktNhgXLAYjASkpDj80O0sIOgAMMCs2BFM7DRIbKS0VLxQNAhATHFc9BCIAUS0GIwQHDRk6NQ0RDj8ANTgsIjFbLVENDwASJxE2JAJSMTJXPQQhLlcuBhY+BSIJMzUkOAkTMRcuLTYUDzgjM0AiFBkXNTsWURNGTgknFz85X1M3MzVKVjwkBD81Mg9ROSc8NDlJMxo/BBZVUx0QFQ8FShFODDkmIkopADsvTxA3
IP 65.9.44.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3000), with no line terminators
Hash 2538ef14dc12a20e7ecb9846de8db8c0
3052e7f614e9f4621a4f1ce065c5979cec8fb980
d5e3cb7077a01835c18684a98210a1d1dfb924808e71607130842550abec2aa6
GET /d2N6YXUWARkMShZeGEcABQ9HREcxRkgnERoOAAoTE1tIFhQODVQCGRgWHgcHGA0OTxsSF19TMxYxP1QHOSYRDzwmNSkFHzYNPhYZAAAyBSE2DUsIPzULGCsPJRk9MDQcIDhZBDUiPxk0HgA4LjQtDDJRQQMGIlQ7ICAdED4hOiktNhgXLAYjASkpDj80O0sIOgAMMCs2BFM7DRIbKS0VLxQNAhATHFc9BCIAUS0GIwQHDRk6NQ0RDj8ANTgsIjFbLVENDwASJxE2JAJSMTJXPQQhLlcuBhY+BSIJMzUkOAkTMRcuLTYUDzgjM0AiFBkXNTsWURNGTgknFz85X1M3MzVKVjwkBD81Mg9ROSc8NDlJMxo/BBZVUx0QFQ8FShFODDkmIkopADsvTxA3 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1158
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: 0-XQYcV6jNbjnks4gcAMKadyF4gkPXpRqO78Y4bo_8cVHs06epfh9g==
X-Firefox-Spdy: h2
begantotireo.xyz/M0pRYUFSKDIMflJ3M0c0QSZsRHN1b2MnJV4nKwonV3JjFiBKJH8CLVw/NQczXCQlTy9WPnRTB1obPzsrYh46CQZiej8jK2osE1I2fC4UBRJWG2gKCXELJDc7eQYaGwsDBhIoM3ICFFEPSn8/NRVUGQkPBFUGOQIPeS0DCgREejgjCX0bEAgXUSxhKwd9HzoVCWV+JzUSdgISCxN3ATY4Eml6JgsSRH4kMDhAKxUYAFApFSMWUT09DxN1BCEwGX0CAw8LBBBhMxV/HBASAEs+OiJyegUGUiVeLhQrBlAkJQ8TdQcrNXNXDBgPJmMoFDsKaQslGARiZwgIFFp7BTQQUAYyCiVnKQAJOGF6CxsCYBs3JBJhLB0wdHQpYlh2Yg9gGQlJLh00JhUgIg4vQ3cZEgxdHhkgCUULHA
65.9.44.108200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/M0pRYUFSKDIMflJ3M0c0QSZsRHN1b2MnJV4nKwonV3JjFiBKJH8CLVw/NQczXCQlTy9WPnRTB1obPzsrYh46CQZiej8jK2osE1I2fC4UBRJWG2gKCXELJDc7eQYaGwsDBhIoM3ICFFEPSn8/NRVUGQkPBFUGOQIPeS0DCgREejgjCX0bEAgXUSxhKwd9HzoVCWV+JzUSdgISCxN3ATY4Eml6JgsSRH4kMDhAKxUYAFApFSMWUT09DxN1BCEwGX0CAw8LBBBhMxV/HBASAEs+OiJyegUGUiVeLhQrBlAkJQ8TdQcrNXNXDBgPJmMoFDsKaQslGARiZwgIFFp7BTQQUAYyCiVnKQAJOGF6CxsCYBs3JBJhLB0wdHQpYlh2Yg9gGQlJLh00JhUgIg4vQ3cZEgxdHhkgCUULHA
IP 65.9.44.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3015), with no line terminators
Hash af76b6b31972383150071c9d5c196d90
bfe85162f94206ed93b716f1e509cc1f921a9718
b6616b2948d8e1484a63196beed51b716f848da13c6ecb1fca04ed8d150ccf29
GET /M0pRYUFSKDIMflJ3M0c0QSZsRHN1b2MnJV4nKwonV3JjFiBKJH8CLVw/NQczXCQlTy9WPnRTB1obPzsrYh46CQZiej8jK2osE1I2fC4UBRJWG2gKCXELJDc7eQYaGwsDBhIoM3ICFFEPSn8/NRVUGQkPBFUGOQIPeS0DCgREejgjCX0bEAgXUSxhKwd9HzoVCWV+JzUSdgISCxN3ATY4Eml6JgsSRH4kMDhAKxUYAFApFSMWUT09DxN1BCEwGX0CAw8LBBBhMxV/HBASAEs+OiJyegUGUiVeLhQrBlAkJQ8TdQcrNXNXDBgPJmMoFDsKaQslGARiZwgIFFp7BTQQUAYyCiVnKQAJOGF6CxsCYBs3JBJhLB0wdHQpYlh2Yg9gGQlJLh00JhUgIg4vQ3cZEgxdHhkgCUULHA HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1173
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: AJ1AjjjFOIJIRDubKhtAhQXDfxeIw64WL71cz5f3NqqSAMN9uxPtDQ==
X-Firefox-Spdy: h2
begantotireo.xyz/T0hkOFAuKgdVby51Bh4lPSRZHWIJbVZ+NCIlHlM2K3BWTzE2JkpbPCA9AF4iICYQFj4qPEEKFgcbCXVlAnshSBQJLDJsOnsDPGllBS4ybRsOIwhLExo4B3AqPy0HYAEmDCV6HQw/B38VOCA3bip7EjxpZQ0qJQEJFxo+CwIZMAB9PisbLAkZGQMiDB4JGTEOFAkBK3Aqewk3fj8KBSVMGh4kBx1iCQkDajUHIiVzBhlwNVphCW1WfhIjcVJqNzwMM2waHAsmYhMMDT10ETd4DnwFNwQycDgbGTVMGAkeMXYWJAEtajc8DCVCKAgLCnIZKQ1UchcjGlBtYWJ9M305CgUseRV8LSJ1GQ54Ig8FOC8zaWMgDjF9FRoEJUASCSMpdQcocABpBzgfJnkZaSIXVz4/dSx/AwkrEQAmAzhVWQ
65.9.44.108200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/T0hkOFAuKgdVby51Bh4lPSRZHWIJbVZ+NCIlHlM2K3BWTzE2JkpbPCA9AF4iICYQFj4qPEEKFgcbCXVlAnshSBQJLDJsOnsDPGllBS4ybRsOIwhLExo4B3AqPy0HYAEmDCV6HQw/B38VOCA3bip7EjxpZQ0qJQEJFxo+CwIZMAB9PisbLAkZGQMiDB4JGTEOFAkBK3Aqewk3fj8KBSVMGh4kBx1iCQkDajUHIiVzBhlwNVphCW1WfhIjcVJqNzwMM2waHAsmYhMMDT10ETd4DnwFNwQycDgbGTVMGAkeMXYWJAEtajc8DCVCKAgLCnIZKQ1UchcjGlBtYWJ9M305CgUseRV8LSJ1GQ54Ig8FOC8zaWMgDjF9FRoEJUASCSMpdQcocABpBzgfJnkZaSIXVz4/dSx/AwkrEQAmAzhVWQ
IP 65.9.44.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash 248f3bc8cad881db2d6d84aaacdb3ae9
3507ad96af679772929b623c9bad7bd96adba069
d66a9556501b0a65f533b03e702f6f6502411a1b86010e970edd691a5d079e92
GET /T0hkOFAuKgdVby51Bh4lPSRZHWIJbVZ+NCIlHlM2K3BWTzE2JkpbPCA9AF4iICYQFj4qPEEKFgcbCXVlAnshSBQJLDJsOnsDPGllBS4ybRsOIwhLExo4B3AqPy0HYAEmDCV6HQw/B38VOCA3bip7EjxpZQ0qJQEJFxo+CwIZMAB9PisbLAkZGQMiDB4JGTEOFAkBK3Aqewk3fj8KBSVMGh4kBx1iCQkDajUHIiVzBhlwNVphCW1WfhIjcVJqNzwMM2waHAsmYhMMDT10ETd4DnwFNwQycDgbGTVMGAkeMXYWJAEtajc8DCVCKAgLCnIZKQ1UchcjGlBtYWJ9M305CgUseRV8LSJ1GQ54Ig8FOC8zaWMgDjF9FRoEJUASCSMpdQcocABpBzgfJnkZaSIXVz4/dSx/AwkrEQAmAzhVWQ HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: ZlBDWX9czwt1sc5I5uuYchFIOzTgecn0ADp-G4RmrvwL33h0hVIkFQ==
X-Firefox-Spdy: h2
medadelem.xyz/WHA2WlJ3T1Upbw01AwkGMiJRPz8WVQQcEDUYDwAKPzZsNGc1FmcPdCwZUmdlbkEHYmR+AF8+b2lWRS4zLAVFZ2N+GVg8PWVWQGdjdkMCdGBhXgZ8J2VBEC4iORcLa3QoBEI2b2lGAG5kbUQBbmBtQAM
104.21.81.96204 No Content 0 B URL HTTP/2 medadelem.xyz/WHA2WlJ3T1Upbw01AwkGMiJRPz8WVQQcEDUYDwAKPzZsNGc1FmcPdCwZUmdlbkEHYmR+AF8+b2lWRS4zLAVFZ2N+GVg8PWVWQGdjdkMCdGBhXgZ8J2VBEC4iORcLa3QoBEI2b2lGAG5kbUQBbmBtQAM
IP 104.21.81.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WHA2WlJ3T1Upbw01AwkGMiJRPz8WVQQcEDUYDwAKPzZsNGc1FmcPdCwZUmdlbkEHYmR+AF8+b2lWRS4zLAVFZ2N+GVg8PWVWQGdjdkMCdGBhXgZ8J2VBEC4iORcLa3QoBEI2b2lGAG5kbUQBbmBtQAM HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6gjLjWxl7bVSt7dhT4baYRJOMkULRrQG9s7k9xPLGYuHt7eS%2F6uI2Gah3na2Su6Qi3uTA5luZ2tLg1WSA4ximn5Dhwh9nMAWlsH%2B4pqX2L9zqwqQ3ZOhVyvl9k1d%2FQEy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537d0a48ceeb4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/S0hyNjZkdxFFCxoQJwJ5AyAFZGdzASFufAoJM056KA0jZnIeL1RCXy91SgQDcnlDEEYiLE8FBG07BldCPjtPBxAiJhRZC20+TwYYc2ZDBhh7bgcLB208AldRdnlURkI/JE8HAH18RAMCfHxAAwdz
104.21.81.96204 No Content 0 B URL HTTP/2 medadelem.xyz/S0hyNjZkdxFFCxoQJwJ5AyAFZGdzASFufAoJM056KA0jZnIeL1RCXy91SgQDcnlDEEYiLE8FBG07BldCPjtPBxAiJhRZC20+TwYYc2ZDBhh7bgcLB208AldRdnlURkI/JE8HAH18RAMCfHxAAwdz
IP 104.21.81.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /S0hyNjZkdxFFCxoQJwJ5AyAFZGdzASFufAoJM056KA0jZnIeL1RCXy91SgQDcnlDEEYiLE8FBG07BldCPjtPBxAiJhRZC20+TwYYc2ZDBhh7bgcLB208AldRdnlURkI/JE8HAH18RAMCfHxAAwdz HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6wF06qp9yrBRKa0TEpmVTdGdA1%2BJzTBwu8oIpf8RZGZBONCAkHkq%2B4vUiuopfp%2FDdaXU6nMyOgJZeXi%2BaeLG94%2FHxHyO8KZi4GV%2B%2FHrJxmo0mbLkwHzGEDRU7Te2RgF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537d0a48cf9b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/TnFFMThhTiZCBRocdF9tJRl9ZlR7GyACCS0nKEENKkBwVGIgFmNFUSpMfAUBdkdxF0gnFXgAAGgCMVBMOwJ4AB4nHyNeBWgHeAAWfl93HwhoBHgAHjoBJFYFf1c1RUwiTHQHDnpHcAUPekNwAg0
104.21.81.96204 No Content 0 B URL HTTP/2 medadelem.xyz/TnFFMThhTiZCBRocdF9tJRl9ZlR7GyACCS0nKEENKkBwVGIgFmNFUSpMfAUBdkdxF0gnFXgAAGgCMVBMOwJ4AB4nHyNeBWgHeAAWfl93HwhoBHgAHjoBJFYFf1c1RUwiTHQHDnpHcAUPekNwAg0
IP 104.21.81.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TnFFMThhTiZCBRocdF9tJRl9ZlR7GyACCS0nKEENKkBwVGIgFmNFUSpMfAUBdkdxF0gnFXgAAGgCMVBMOwJ4AB4nHyNeBWgHeAAWfl93HwhoBHgAHjoBJFYFf1c1RUwiTHQHDnpHcAUPekNwAg0 HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UzsEdlYdPRxLcMPjOi0OsWgwK7dRJDGo8vnStrxy6n4ncNa2Q%2FfDqQIgKanmxcXBSplfyrZJmYiENdxmN3mPKNs5qvH3iyQ3gbAxGn9c4kcCsKzef5pNpJQ4%2BEFBgzun"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537d0a49cfcb4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/Qm5EZ0dtUScUeiFfLAYVclcIBhAIFyIyATY3Ki1xEDkwCCMKDWITLiZTfFBxcV98QTcrCnlVfmQdMAYzNx15VmErACIIemQYeVZpckByV2lySDFadmQaNAYgf19iFzM2AnlWcXRaclJzdVp2UnV6
104.21.81.96204 No Content 0 B URL HTTP/2 medadelem.xyz/Qm5EZ0dtUScUeiFfLAYVclcIBhAIFyIyATY3Ki1xEDkwCCMKDWITLiZTfFBxcV98QTcrCnlVfmQdMAYzNx15VmErACIIemQYeVZpckByV2lySDFadmQaNAYgf19iFzM2AnlWcXRaclJzdVp2UnV6
IP 104.21.81.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Qm5EZ0dtUScUeiFfLAYVclcIBhAIFyIyATY3Ki1xEDkwCCMKDWITLiZTfFBxcV98QTcrCnlVfmQdMAYzNx15VmErACIIemQYeVZpckByV2lySDFadmQaNAYgf19iFzM2AnlWcXRaclJzdVp2UnV6 HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWh3U90itmBLArdFwJC3Y5kBUIshI8UR3TY5nuxCyU4yElO0xNDY6DwIrkb1ABsMPoXQSx5HAmdyjvxUXrxOqC8GQlgbd9eAOZdcmnQevYp1FuzSo2nQIbYYQScUU3ig"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537d0a49cfbb4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/YjBlcnRNDwYBSTQCPz0VDHYIJBoOUTQ1JjZUCUc3OFwBRyxSdUMGHQYNXUBBWwFUVAQLVFhBRkRDERMAF0NYQERSB0MbGgRfWEBSFA1VXExMAVVcRERFWENSFkAEFUlTFhUGAA4NVERCVgZQRkNWAlBDTQ
104.21.81.96204 No Content 0 B URL HTTP/2 medadelem.xyz/YjBlcnRNDwYBSTQCPz0VDHYIJBoOUTQ1JjZUCUc3OFwBRyxSdUMGHQYNXUBBWwFUVAQLVFhBRkRDERMAF0NYQERSB0MbGgRfWEBSFA1VXExMAVVcRERFWENSFkAEFUlTFhUGAA4NVERCVgZQRkNWAlBDTQ
IP 104.21.81.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /YjBlcnRNDwYBSTQCPz0VDHYIJBoOUTQ1JjZUCUc3OFwBRyxSdUMGHQYNXUBBWwFUVAQLVFhBRkRDERMAF0NYQERSB0MbGgRfWEBSFA1VXExMAVVcRERFWENSFkAEFUlTFhUGAA4NVERCVgZQRkNWAlBDTQ HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7AHDPqmbP7u3lZbl1wXngBIsgteMlgLZJ%2Fs3Z1Hk2XwQzvuBfiv6fV66q%2F0XMAtTacKiTU6KLF8BpJP7JXNCt4a9jhM%2B2fwaXqdbkPCpxJdvMnNFlZeXI7JuCzwMJNDB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537d0a4ad2db4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/dGQ5eTFbW1oKDCFWSUxlITZXLFo2XFoUfyAwYQEDFQhBKVc8LR8NWBBZDk8FRVAIX0EdAARIFwcQWA1EB1kIX1gaAlZEFwJZCFcCQEoLQB9EQkxEAFIQSRhWSVUfCUUACARIB0JQD0wFQ1ALTAVA
104.21.81.96204 No Content 0 B URL HTTP/2 medadelem.xyz/dGQ5eTFbW1oKDCFWSUxlITZXLFo2XFoUfyAwYQEDFQhBKVc8LR8NWBBZDk8FRVAIX0EdAARIFwcQWA1EB1kIX1gaAlZEFwJZCFcCQEoLQB9EQkxEAFIQSRhWSVUfCUUACARIB0JQD0wFQ1ALTAVA
IP 104.21.81.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dGQ5eTFbW1oKDCFWSUxlITZXLFo2XFoUfyAwYQEDFQhBKVc8LR8NWBBZDk8FRVAIX0EdAARIFwcQWA1EB1kIX1gaAlZEFwJZCFcCQEoLQB9EQkxEAFIQSRhWSVUfCUUACARIB0JQD0wFQ1ALTAVA HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zJ%2FiStF4p4tayBMl5wVkBrArv%2BITNce4%2FbpttBMeYCoqEE%2FEOBXsEfxL5lipCPVM%2B5OnpyxExPrtb81Is4HkIgz8Cbe8JbnUAP8qhDhrKuoVqsh%2BJ%2FzxZ0FqvLbxtNbS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537d0a4bd45b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c7ac9e29595749072622837820f8d808
191d4449aae47380468d57045d45cef96f6db384
bdb8c13be73e6d521c8a00aecfa51db277d908562bf1d31c675055f08868f215
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BDB8C13BE73E6D521C8A00AECFA51DB277D908562BF1D31C675055F08868F215"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16342
Expires: Sun, 02 Oct 2022 00:38:08 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 159b79ad1ea6b5775e183f7cec043b4e
7defc3d25de90faf616497445c285e020627ba6c
805c0543d34ebb9710b2aa73d0cb38358831c630e7361fc38079b0c6ede4c3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "805C0543D34EBB9710B2AA73D0CB38358831C630E7361FC38079B0C6EDE4C3D1"
Last-Modified: Thu, 29 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13193
Expires: Sat, 01 Oct 2022 23:45:39 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
begantotireo.xyz/OG0ySjJZD1EnDVlQUGxHSgEPbwB+SAAMVlUASCFUXFUAPVNBAxwpXlcYVixAVwNGZFxdGRd4dHw7XAhTa19re3pCPEYdYXE3YiRoajR3GEBeXFY9dVEGWQlxYiN8CUVLLEg9V3cvezl8eV11BGp5KHsJC1o3XhMAcwpVMmZgGkcJdm4jU3gCcCBaAFxeXXMjc3w4VR1IXyh9Hl1oJEUlS3cVVj1wbBkACUhTJn8zUXMjAxxdfDt8fmNwVAccXAwkU3lCfDdmABcKK1ccaw4qZhsXCi96JHx7DFgEV2EuCzlUCCNeB1wBWGQjY38LAS1cWl1oelcIVEgbXxUCQQtIbQ98HQdtKHcAQ10BaCdjbx0EGwBqLGIJe20gShMDdV18IXxVIwsZdWI6fnloYEtYOV1WHQ8kVXI4fg5BTBd2HX9r
65.9.44.108200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/OG0ySjJZD1EnDVlQUGxHSgEPbwB+SAAMVlUASCFUXFUAPVNBAxwpXlcYVixAVwNGZFxdGRd4dHw7XAhTa19re3pCPEYdYXE3YiRoajR3GEBeXFY9dVEGWQlxYiN8CUVLLEg9V3cvezl8eV11BGp5KHsJC1o3XhMAcwpVMmZgGkcJdm4jU3gCcCBaAFxeXXMjc3w4VR1IXyh9Hl1oJEUlS3cVVj1wbBkACUhTJn8zUXMjAxxdfDt8fmNwVAccXAwkU3lCfDdmABcKK1ccaw4qZhsXCi96JHx7DFgEV2EuCzlUCCNeB1wBWGQjY38LAS1cWl1oelcIVEgbXxUCQQtIbQ98HQdtKHcAQ10BaCdjbx0EGwBqLGIJe20gShMDdV18IXxVIwsZdWI6fnloYEtYOV1WHQ8kVXI4fg5BTBd2HX9r
IP 65.9.44.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3019), with no line terminators
Hash 4cbd6eb7aeec9cb8939660506eed7b0e
ec4d2bb7f15a14be426a1b8dd48c411648297044
b75c1fd30175c33636b609e4bfec7cfa20db12b04a78034af61b6492a3abcb30
GET /OG0ySjJZD1EnDVlQUGxHSgEPbwB+SAAMVlUASCFUXFUAPVNBAxwpXlcYVixAVwNGZFxdGRd4dHw7XAhTa19re3pCPEYdYXE3YiRoajR3GEBeXFY9dVEGWQlxYiN8CUVLLEg9V3cvezl8eV11BGp5KHsJC1o3XhMAcwpVMmZgGkcJdm4jU3gCcCBaAFxeXXMjc3w4VR1IXyh9Hl1oJEUlS3cVVj1wbBkACUhTJn8zUXMjAxxdfDt8fmNwVAccXAwkU3lCfDdmABcKK1ccaw4qZhsXCi96JHx7DFgEV2EuCzlUCCNeB1wBWGQjY38LAS1cWl1oelcIVEgbXxUCQQtIbQ98HQdtKHcAQ10BaCdjbx0EGwBqLGIJe20gShMDdV18IXxVIwsZdWI6fnloYEtYOV1WHQ8kVXI4fg5BTBd2HX9r HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1175
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: HPi32mQW9WBOYLNy1AGjfab7T6Fy1rW_A8VfOR5Oc0KCKPM4e_-PqQ==
X-Firefox-Spdy: h2
platform.bidgear.com/media/img/b15.png
104.26.3.107200 OK 649 B URL HTTP/2 platform.bidgear.com/media/img/b15.png
IP 104.26.3.107:0
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash d832fb80c97ff291b952757bb98240d2
63732e61a0784ed68fde494f83e4686a5c4bf7fa
7b35c11af8accdb40a14303dd3ae2762a97d2527933c56b6c9be6da2d0d11943
GET /media/img/b15.png HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: image/png
content-length: 649
last-modified: Mon, 25 Jul 2022 09:43:33 GMT
etag: "62de65c5-289"
expires: Sun, 23 Oct 2022 09:44:55 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 728433
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c3YIEdiAakVHjAxFzArdEpgb7DIjvnb4NJJVJbfeMAEnAWoJbXgyEfFPA3VQjLDBd7RvCy9T9ukNLt9%2Fur56vagMYSQCNau0IvhGM62H5CQsTa4zHBQl6ccLyRI6VmlinVGCa%2FD%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7537d0a60d8a1c0a-OSL
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/JcmJPUzURDSE1CgYLK24NQFd2YgRUCDw8WwJfGhljE1QFMQUxAAx1QQgGcmMTHgMhNAhUByEwCENELjdXT1ZpJ0UdCXImWxYHKTpbFwZpJlRPDyApXB4OLnYHNFdhYxBAUmcrBENHfBEQQFIjOlsHGmphBQpaeQwDRkd8ERBAUj0lEEEjdmUbQktqYQUVBy-w4WldQCWEFQ1J/YgVDR31jUxsQKjVaCkd9FQxETH91QE9T
108.138.212.227200 OK 354 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/JcmJPUzURDSE1CgYLK24NQFd2YgRUCDw8WwJfGhljE1QFMQUxAAx1QQgGcmMTHgMhNAhUByEwCENELjdXT1ZpJ0UdCXImWxYHKTpbFwZpJlRPDyApXB4OLnYHNFdhYxBAUmcrBENHfBEQQFIjOlsHGmphBQpaeQwDRkd8ERBAUj0lEEEjdmUbQktqYQUVBy-w4WldQCWEFQ1J/YgVDR31jUxsQKjVaCkd9FQxETH91QE9T
IP 108.138.212.227:0
File type ASCII text, with very long lines (451), with no line terminators
Hash c43869eb036805fdc80d45353738808e
27495033e28a05bfffa6fe72f7cefedf44bb6765
ae37dfccff919c740fcb7750c5b3b9ba95d68cd57deb3126ab38098c866f9a43
GET /JcmJPUzURDSE1CgYLK24NQFd2YgRUCDw8WwJfGhljE1QFMQUxAAx1QQgGcmMTHgMhNAhUByEwCENELjdXT1ZpJ0UdCXImWxYHKTpbFwZpJlRPDyApXB4OLnYHNFdhYxBAUmcrBENHfBEQQFIjOlsHGmphBQpaeQwDRkd8ERBAUj0lEEEjdmUbQktqYQUVBy-w4WldQCWEFQ1J/YgVDR31jUxsQKjVaCkd9FQxETH91QE9T HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 354
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4b84bb80909a7ce00ada4d4940807b22.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: 3znW3WvokJQ1Xp1-u5qKJHf-GqUrxm0yskbtf5QK0wNYk536piOEug==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/iQnZjQTkhGQ0nBjYfB3wOdEdSeQ9kHBAuVzJLKzJ0LCIrAHE0Ny5nTTgSXnEfLhcNJgRkEw0iBHNQAiVbf0JFNUktHV4vTSEHCjRDKgYSZ0wjSw4uQysaDyAccDBWbwlnRFNpQXNHRnJ7Z0RTLVAsAxtkC3IOW3dmdEJGcntnRFMzT2dFIngPbEZKZAtyEQ-YiUi1TUQcLckdTcQhyR0ZzCSQfESRfLQ5Gc397QE1xHzdLUg
108.138.212.227200 OK 593 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/iQnZjQTkhGQ0nBjYfB3wOdEdSeQ9kHBAuVzJLKzJ0LCIrAHE0Ny5nTTgSXnEfLhcNJgRkEw0iBHNQAiVbf0JFNUktHV4vTSEHCjRDKgYSZ0wjSw4uQysaDyAccDBWbwlnRFNpQXNHRnJ7Z0RTLVAsAxtkC3IOW3dmdEJGcntnRFMzT2dFIngPbEZKZAtyEQ-YiUi1TUQcLckdTcQhyR0ZzCSQfESRfLQ5Gc397QE1xHzdLUg
IP 108.138.212.227:0
File type ASCII text, with very long lines (827), with no line terminators
Hash 510d93fe1c7692d230bcfe83e0125519
d1c86d5620396b8fa0e6a14717330bcc3e85bb57
6388676a1b31f6f4e245949e373b16763763ee2fc5e7786764e9bf4308ed62e1
GET /iQnZjQTkhGQ0nBjYfB3wOdEdSeQ9kHBAuVzJLKzJ0LCIrAHE0Ny5nTTgSXnEfLhcNJgRkEw0iBHNQAiVbf0JFNUktHV4vTSEHCjRDKgYSZ0wjSw4uQysaDyAccDBWbwlnRFNpQXNHRnJ7Z0RTLVAsAxtkC3IOW3dmdEJGcntnRFMzT2dFIngPbEZKZAtyEQ-YiUi1TUQcLckdTcQhyR0ZzCSQfESRfLQ5Gc397QE1xHzdLUg HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 593
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4b84bb80909a7ce00ada4d4940807b22.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: TSsJO6Slsaia-cNMm1kgIeX0ZGL3k5YusjZBmf7RrEUD0ONxGvqSHQ==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/aRE5rNEknIQVSdjAnDwlwcHdTAn1iJBhbJzRzGQAkCB8qBAExAicBOAZoH04teX5NWCgqKVYSLCotVgVvJSoJCX1iOwoJJCs0AlglJWtZcnxqfk4GeWw2WgVsdwxOBnkoJwVBMWF8W0xxchFdAGx3DE4GeTY4TgcIfXhFBGBhfFtTLCclBBF7AnxbBXl0f1-sFbHZ+DV07ISgETGx2CFICZ3RoHgl4
108.138.212.227200 OK 189 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/aRE5rNEknIQVSdjAnDwlwcHdTAn1iJBhbJzRzGQAkCB8qBAExAicBOAZoH04teX5NWCgqKVYSLCotVgVvJSoJCX1iOwoJJCs0AlglJWtZcnxqfk4GeWw2WgVsdwxOBnkoJwVBMWF8W0xxchFdAGx3DE4GeTY4TgcIfXhFBGBhfFtTLCclBBF7AnxbBXl0f1-sFbHZ+DV07ISgETGx2CFICZ3RoHgl4
IP 108.138.212.227:0
File type ASCII text, with no line terminators
Hash ef5d8a6f229b71e47617322fc80350ca
3410a07575939d2a17aa16cb365cb85bdadc2f60
d42015d47c8b35c3b52f71134beb2ed04e5d273bc611f799e29d1368aab6e755
GET /aRE5rNEknIQVSdjAnDwlwcHdTAn1iJBhbJzRzGQAkCB8qBAExAicBOAZoH04teX5NWCgqKVYSLCotVgVvJSoJCX1iOwoJJCs0AlglJWtZcnxqfk4GeWw2WgVsdwxOBnkoJwVBMWF8W0xxchFdAGx3DE4GeTY4TgcIfXhFBGBhfFtTLCclBBF7AnxbBXl0f1-sFbHZ+DV07ISgETGx2CFICZ3RoHgl4 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4b84bb80909a7ce00ada4d4940807b22.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: vbj476YqVm1_nMWV6IkYJU-jbl8JjP9rbguFp7ckNlxpHfzn9qjpbg==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/HSmM5M3EpDFdVTj4KXQ5JfVUKAklsCUpcHzpecXQiDABMCwcGEwhSVz4ZXQ5BbA9YXRZ3RVxdEndSH1IVKF4NFQU6DFIOHz4ASFoEMAtJQlc/AgReHjAKVV8Qb1F/Bl96RgsDWTJSCBZCCEYLAx0jDUxLVHhTQQtHFVUNFkIIRgsDAzxGCnJIfE0JGlR4U1-5WEiEMHAE3eFMIA0F7UwgWQ3oFUEEULAxBFkMMWg8dQWwWBAI
108.138.212.227200 OK 458 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/HSmM5M3EpDFdVTj4KXQ5JfVUKAklsCUpcHzpecXQiDABMCwcGEwhSVz4ZXQ5BbA9YXRZ3RVxdEndSH1IVKF4NFQU6DFIOHz4ASFoEMAtJQlc/AgReHjAKVV8Qb1F/Bl96RgsDWTJSCBZCCEYLAx0jDUxLVHhTQQtHFVUNFkIIRgsDAzxGCnJIfE0JGlR4U1-5WEiEMHAE3eFMIA0F7UwgWQ3oFUEEULAxBFkMMWg8dQWwWBAI
IP 108.138.212.227:0
File type ASCII text, with very long lines (592), with no line terminators
Hash 74deead6b950e0a277d74f40abad0f9d
5521c49c30dbfee3ed91927b99f388106089f275
ae1d268f5dcc20583ef0bcf76b9d53ee0cb6d2f83bee14a97825a2d68194f44c
GET /HSmM5M3EpDFdVTj4KXQ5JfVUKAklsCUpcHzpecXQiDABMCwcGEwhSVz4ZXQ5BbA9YXRZ3RVxdEndSH1IVKF4NFQU6DFIOHz4ASFoEMAtJQlc/AgReHjAKVV8Qb1F/Bl96RgsDWTJSCBZCCEYLAx0jDUxLVHhTQQtHFVUNFkIIRgsDAzxGCnJIfE0JGlR4U1-5WEiEMHAE3eFMIA0F7UwgWQ3oFUEEULAxBFkMMWg8dQWwWBAI HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 458
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4b84bb80909a7ce00ada4d4940807b22.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: teSgvVNKvCYhuh5A4hHk6mzRlR17oatbJJ0kf4b4gRYcpR-zkI5PPg==
X-Firefox-Spdy: h2
a.exdynsrv.com/ad-provider.js
205.185.216.42200 OK 24 kB URL HTTP/1.1 a.exdynsrv.com/ad-provider.js
IP 205.185.216.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 81ef2e5397caa335947731e7e737f5c3
6a05a4b2d22c13ad2692170510bc8685b16002bf
cec22380c4f1438b29077d202d0396a6ad32b41761ed51d968f1bfbdf2423378
GET /ad-provider.js HTTP/1.1
Host: a.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 23727
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"d944899a6eb421496e94cbddc42"
X-HW: 1664654746.dop220.sk1.t,1664654746.cds205.sk1.shn,1664654746.dop220.sk1.t,1664654746.cds246.sk1.c
Access-Control-Allow-Origin: *, *
megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
91.209.70.182200 OK 951 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
IP 91.209.70.182:0
File type PNG image data, 114 x 114, 8-bit colormap, non-interlaced\012- data
Hash 76852bc6b2c028db97322a74e85bd020
ed52fb4de0d51f93277bbaae42fa80ba5f92c31e
8a5ef2ef8440c17db1b1b539065ba4a887e07a2c508b79c2d1659512e9016884
GET /themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: image/png
content-length: 951
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-3b7"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664654742644
104.26.3.107200 OK 2.4 kB URL HTTP/2 platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664654742644
IP 104.26.3.107:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (4445), with no line terminators
Hash 753c5f31e6d52a5b890a2420efd766d7
03ab63a1b6e11c45307bf1bf8c5acc08cbdeb529
9cc15cb9999897dfa4e955f4db5e080230595bfaa12ecba947f09a6399af8cab
GET /async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664654742644 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SSJL1iouPyeOV2NDmgEIvLnx9sX3akT%2BaOVyA837WJImrXdmVjA21ACHExgVkbndXqQPaE5tgR%2FlaxhkNDDp3bZeUhBTjSZ0CCYnqTv3h1vCFT2uonAcljurVV5VMVYuV76X8r9t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537d0a4ec631c0a-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2406f709deebae46a57115b2a28c6dbe
c03cb7f48ebb34d140a0518ce5bdcbc592042913
b8d1f67bd3d1803167b7851e2e2eb69b0f2560aee0c27495b64b3cb993221a58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 20:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 76fda9bb7d23b03c4b8203e61267bdfb
37b1fcf2c92e99799ebca1623a646b255691cdc3
9782e91ebd1487e505b2009b9b9854d0d3f958a66d47fcceb368ad2eb2955d16
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5048
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 20:05:46 GMT
Last-Modified: Sat, 01 Oct 2022 18:41:38 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sat, 01 Oct 2022 18:41:09 GMT
expires: Sat, 01 Oct 2022 20:41:09 GMT
cache-control: public, max-age=7200
age: 5077
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/DVnBaS2Y1HzQtWSIZPnZRYERrf1dwGikkCCZNNCwsAzweOBIsNA0GNXAEIC9bZlY2KggxTXwuCDVNa20HMhJnf0AiADUgWzgEOToPIwoyOxdwBTt2CzkKMycKN1VoDVN4QH95Vn4Ia3pDZTJ/eVY6GTQ+HnNCajNeYC9sf0NlMn95ViQGf3gnb0Z0e09zQm-osAzUbNW5UEEJqelZmQWp6Q2RAPCIUMxY1M0NkNmN9SGZWL3ZX
108.138.212.227200 OK 595 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/DVnBaS2Y1HzQtWSIZPnZRYERrf1dwGikkCCZNNCwsAzweOBIsNA0GNXAEIC9bZlY2KggxTXwuCDVNa20HMhJnf0AiADUgWzgEOToPIwoyOxdwBTt2CzkKMycKN1VoDVN4QH95Vn4Ia3pDZTJ/eVY6GTQ+HnNCajNeYC9sf0NlMn95ViQGf3gnb0Z0e09zQm-osAzUbNW5UEEJqelZmQWp6Q2RAPCIUMxY1M0NkNmN9SGZWL3ZX
IP 108.138.212.227:0
File type ASCII text, with very long lines (829), with no line terminators
Hash ce23cc12fc38ea072e24be0f8eea40d1
81fa55a9ae6f0aa862bab28b1f2f6ca5d97461f0
c1760faa521e37b94d0ac4de90027c0d2c62953dfb5ffdfd8dcd936e3406be0b
GET /DVnBaS2Y1HzQtWSIZPnZRYERrf1dwGikkCCZNNCwsAzweOBIsNA0GNXAEIC9bZlY2KggxTXwuCDVNa20HMhJnf0AiADUgWzgEOToPIwoyOxdwBTt2CzkKMycKN1VoDVN4QH95Vn4Ia3pDZTJ/eVY6GTQ+HnNCajNeYC9sf0NlMn95ViQGf3gnb0Z0e09zQm-osAzUbNW5UEEJqelZmQWp6Q2RAPCIUMxY1M0NkNmN9SGZWL3ZX HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 595
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4b84bb80909a7ce00ada4d4940807b22.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: N_dW5G8HHzQJ8eMbyK5-x5Rr4iAhNEA2J4yqlSxo7sI2_WM3gFykpQ==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 280 B IP 104.18.32.68:0
Hash 8812897bca3236915e3d430052240422
699b40dce0d85bdfe92f407d2b962f0496b5070f
814e48413af6de66d4d014aa9f909b092564fc28253aa90cfda6de694563b73f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 20:05:46 GMT
Content-Type: application/ocsp-response
Content-Length: 280
Connection: keep-alive
Last-Modified: Fri, 30 Sep 2022 21:53:49 GMT
Expires: Fri, 07 Oct 2022 21:53:48 GMT
Etag: "699b40dce0d85bdfe92f407d2b962f0496b5070f"
Cache-Control: max-age=524281,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7537d0a53b8f0b59-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 17f6b8a1291315c2c038c38a055a2834
875d45eb081dea8964f745db9b189f1788aac472
329a5f1dbd5f4ebb6b21fb6e95e42eb2e120fc0373fa1e4f07c5ac4d21cc4530
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 20:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 390 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 50ddceefb4c752c23dcea29a01035071
3aeb2e372fea9cb5fa94b18afd8f33a818bff082
3aa247284c27bb8f578fbfd77b067e18d3e7f12fe9ca6a8292e88e7bde919ca0
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 20:05:46 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-267437022%3A1664654746726729&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWp1lvwivQwkYiYKP3Ueb7ozQHa0c0UFnfr7ifjqlpuopTVdLjVL3KxEbrMWUgMP9CKoKY6N5w
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-qAuICoKZDfeGRj5Y3ETIZQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:AVLmOW9CWWGDASeKOQj1bRFQiG5nhQ:rWXMfdKasKSnWRAC;Path=/;Expires=Mon, 30-Sep-2024 20:05:46 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
begantotireo.xyz/utx?cb=LExMMmV3E6IG&top=megaup.net&tid=761186
65.9.44.108204 No Content 0 B URL HTTP/2 begantotireo.xyz/utx?cb=LExMMmV3E6IG&top=megaup.net&tid=761186
IP 65.9.44.108:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=LExMMmV3E6IG&top=megaup.net&tid=761186 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 20:06:46 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: TYiZ5tmR1EyA2C9sQB4JvQPfws9bKE2yz6OMpA-uPJwUZ2BGPoTMgg==
X-Firefox-Spdy: h2
begantotireo.xyz/utx?cb=ogvahYfXWq2u&top=megaup.net&tid=825911
65.9.44.108204 No Content 0 B URL HTTP/2 begantotireo.xyz/utx?cb=ogvahYfXWq2u&top=megaup.net&tid=825911
IP 65.9.44.108:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=ogvahYfXWq2u&top=megaup.net&tid=825911 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 20:06:46 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: hH7YIvx8MJ5IwpcdIucO2Sr2aGdC4Q7ZklzxmPv8SAWNfBpdcucYNw==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16441444a614c24e9dec5b59ca86d07c
135d180aed3bd344132c1305521407e498215d5c
7fcddd79a00a1550423d40ee04b1e4b595f5808c4c855389b5783056296a5878
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7FCDDD79A00A1550423D40EE04B1E4B595F5808C4C855389B5783056296A5878"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12567
Expires: Sat, 01 Oct 2022 23:35:13 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
www.google-analytics.com/j/collect?v=1&_v=j97&a=1262580457&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2F2uokh%2FPhasmophobia_v0.7.0.1.part1.rar&ul=en-us&de=UTF-8&dt=Phasmophobia%20v0.7.0.1.part1.rar%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=1422063871&gjid=2104390325&cid=1021979043.1664654743&tid=UA-108868042-1&_gid=1785754545.1664654743&_r=1>m=2ou9s0&z=869501206
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j97&a=1262580457&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2F2uokh%2FPhasmophobia_v0.7.0.1.part1.rar&ul=en-us&de=UTF-8&dt=Phasmophobia%20v0.7.0.1.part1.rar%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=1422063871&gjid=2104390325&cid=1021979043.1664654743&tid=UA-108868042-1&_gid=1785754545.1664654743&_r=1>m=2ou9s0&z=869501206
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j97&a=1262580457&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2F2uokh%2FPhasmophobia_v0.7.0.1.part1.rar&ul=en-us&de=UTF-8&dt=Phasmophobia%20v0.7.0.1.part1.rar%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=1422063871&gjid=2104390325&cid=1021979043.1664654743&tid=UA-108868042-1&_gid=1785754545.1664654743&_r=1>m=2ou9s0&z=869501206 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain
Content-Length: 0
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://megaup.net
date: Sat, 01 Oct 2022 20:05:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16441444a614c24e9dec5b59ca86d07c
135d180aed3bd344132c1305521407e498215d5c
7fcddd79a00a1550423d40ee04b1e4b595f5808c4c855389b5783056296a5878
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7FCDDD79A00A1550423D40EE04B1E4B595F5808C4C855389B5783056296A5878"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12567
Expires: Sat, 01 Oct 2022 23:35:13 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16441444a614c24e9dec5b59ca86d07c
135d180aed3bd344132c1305521407e498215d5c
7fcddd79a00a1550423d40ee04b1e4b595f5808c4c855389b5783056296a5878
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7FCDDD79A00A1550423D40EE04B1E4B595F5808C4C855389B5783056296A5878"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12567
Expires: Sat, 01 Oct 2022 23:35:13 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 864bab679db6c2af5f4055685debdb3b
0b802f42c7d6564834a9a5896d15b6bc7e61499f
24664d7baa8cb2e1b2061ce2072b585ca4ffc8892d17df36f6b754318d4f1231
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 20:05:46 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-335067496%3A1664654746783498&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrFvJSOlF3bZ1fM9eSEohMeAqfiPFGx-G6pVjVRv68mn__rV3DZGYqnhet7BMOWdlTF2DjY1g
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-XFviNvKRyDcPJz665VLMNg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:k2V0WAAwts8KUNWS-aJLCdrH-JFpdg:ldW_DxQ98Lykh4ij;Path=/;Expires=Mon, 30-Sep-2024 20:05:46 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16441444a614c24e9dec5b59ca86d07c
135d180aed3bd344132c1305521407e498215d5c
7fcddd79a00a1550423d40ee04b1e4b595f5808c4c855389b5783056296a5878
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7FCDDD79A00A1550423D40EE04B1E4B595F5808C4C855389B5783056296A5878"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12567
Expires: Sat, 01 Oct 2022 23:35:13 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16441444a614c24e9dec5b59ca86d07c
135d180aed3bd344132c1305521407e498215d5c
7fcddd79a00a1550423d40ee04b1e4b595f5808c4c855389b5783056296a5878
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7FCDDD79A00A1550423D40EE04B1E4B595F5808C4C855389B5783056296A5878"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12567
Expires: Sat, 01 Oct 2022 23:35:13 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
dmmzkfd82wayn.cloudfront.net/
108.138.212.227200 OK 73 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/
IP 108.138.212.227:0
File type ASCII text, with no line terminators
Hash de37377b72195a4f064edf7ec8a76676
ed544d5b6a37acad78498099407c648a93316ddb
b3209cc0b1d1b71e85af4e843afe00a3079f3286d52b3fb47e72c6c5c48b8399
GET / HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 73
date: Sat, 01 Oct 2022 20:05:46 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 4b84bb80909a7ce00ada4d4940807b22.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: -wCymKDFxLanI2fzmEjmzY7ttkhg-YVyoJI0mQ-HIWaX0CrtW9qO5Q==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ab779588f01243aca896d41395f8bd90
b8ef2d7cdc6366c283db0d608766a126dce37164
5531deca73d8380883740395d82457f4d39761134404876881242e2135b1546a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 20:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
syndication.exdynsrv.com/v1/api.php
95.211.229.248200 OK 2.4 kB URL HTTP/1.1 syndication.exdynsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5232), with no line terminators
Hash 4924a0f8fdc660ceb39c7e81a4f5db20
9191874f1c7fdb46aafc2cd1ed5784c32415da68
70ee6ce1c7ad98bcc4170baa54fd3a1fbd2ad0fb4fefa8efcbc4d1c85f498de2
POST /v1/api.php HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 294
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 20:05:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263389d9acaebb3.124716133258598532%22%3B%7D; expires=Mon, 30-Sep-2024 20:05:46 GMT; Max-Age=63072000; path=/; domain=exdynsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 76fda9bb7d23b03c4b8203e61267bdfb
37b1fcf2c92e99799ebca1623a646b255691cdc3
9782e91ebd1487e505b2009b9b9854d0d3f958a66d47fcceb368ad2eb2955d16
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5048
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 20:05:46 GMT
Last-Modified: Sat, 01 Oct 2022 18:41:38 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
begantotireo.xyz/utx?cb=x0HzWn5JnYzA&top=megaup.net&tid=876318
65.9.44.108204 No Content 0 B URL HTTP/2 begantotireo.xyz/utx?cb=x0HzWn5JnYzA&top=megaup.net&tid=876318
IP 65.9.44.108:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=x0HzWn5JnYzA&top=megaup.net&tid=876318 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 20:06:46 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: SM3XmJxYAzvNAdWPFS7-BQbBdQlBvd0zBiJSNge6LkYUr6S0JA_NPg==
X-Firefox-Spdy: h2
begantotireo.xyz/utx?cb=gcixQ6lFM1AS&top=megaup.net&tid=764141
65.9.44.108204 No Content 0 B URL HTTP/2 begantotireo.xyz/utx?cb=gcixQ6lFM1AS&top=megaup.net&tid=764141
IP 65.9.44.108:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=gcixQ6lFM1AS&top=megaup.net&tid=764141 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 20:06:46 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: aupHVbiIjn9EyJsEjQ08HbsAID3oJFuA-ICRLmpDF3qo-ujWMrXfZA==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16441444a614c24e9dec5b59ca86d07c
135d180aed3bd344132c1305521407e498215d5c
7fcddd79a00a1550423d40ee04b1e4b595f5808c4c855389b5783056296a5878
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7FCDDD79A00A1550423D40EE04B1E4B595F5808C4C855389B5783056296A5878"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12567
Expires: Sat, 01 Oct 2022 23:35:13 GMT
Date: Sat, 01 Oct 2022 20:05:46 GMT
Connection: keep-alive
syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OW0oEQQy8iheYppJOejr77beC4gGmZ1q/XARXUKjD2zOLiykS8qgkpVCdBBPkTsoJfrLCkBRIpknc+PD4RBO+97fl6yOd+4XuYigsEbDKyFa10KyY1EIXoWtoDMbs2VHmSnFmYkA9m+1ZAiBSWcGX5/vDZUDBEfeX1EobOb73PaCt64I5xNfqRcocPbYWWbuVZS078b9EXJEgvs/0r8EsltWUk9wK4zDwGC+fP+eVvNGvYunHhUwxwzhnc7TW8bpstqFruLeWuwvykInsv62nXKVUAQAA
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OW0oEQQy8iheYppJOejr77beC4gGmZ1q/XARXUKjD2zOLiykS8qgkpVCdBBPkTsoJfrLCkBRIpknc+PD4RBO+97fl6yOd+4XuYigsEbDKyFa10KyY1EIXoWtoDMbs2VHmSnFmYkA9m+1ZAiBSWcGX5/vDZUDBEfeX1EobOb73PaCt64I5xNfqRcocPbYWWbuVZS078b9EXJEgvs/0r8EsltWUk9wK4zDwGC+fP+eVvNGvYunHhUwxwzhnc7TW8bpstqFruLeWuwvykInsv62nXKVUAQAA
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01OW0oEQQy8iheYppJOejr77beC4gGmZ1q/XARXUKjD2zOLiykS8qgkpVCdBBPkTsoJfrLCkBRIpknc+PD4RBO+97fl6yOd+4XuYigsEbDKyFa10KyY1EIXoWtoDMbs2VHmSnFmYkA9m+1ZAiBSWcGX5/vDZUDBEfeX1EobOb73PaCt64I5xNfqRcocPbYWWbuVZS078b9EXJEgvs/0r8EsltWUk9wK4zDwGC+fP+eVvNGvYunHhUwxwzhnc7TW8bpstqFruLeWuwvykInsv62nXKVUAQAA HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263389d9acaebb3.124716133258598532%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 20:05:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263389d9acaebb3.124716133258598532%22%3B%7D; expires=Mon, 30 Sep 2024 20:05:46 GMT; path=; domain=.exdynsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263389d9acaebb3.124716133258598532%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22511.0199%22%7D; expires=Mon, 30 Sep 2024 20:05:46 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
static.a-ads.com/a-ads-banners/406740/300x250?region=eu-central-1
136.243.4.18200 OK 621 kB URL HTTP/2 static.a-ads.com/a-ads-banners/406740/300x250?region=eu-central-1
IP 136.243.4.18:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Size 621 kB (621339 bytes)
Hash c8694e7d5d3b9a928d4d57026ac2b68b
169b9f311167e19bd5061b53fc7e4f528e3ba7a9
0c23834abdcff9f74a47b37290da55f2c84c31c82ce26d9493b39a388b51ed6a
GET /a-ads-banners/406740/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: image/gif
content-length: 621339
x-amz-id-2: XRi/SSiPstuHurJMdJUcsYdZTSYz9MUIoxwYL/66Wy9Gvr0O5cJey7Qn29Q02+KsW9udgHasI20=
x-amz-request-id: 20HSCS9ZZ0ZTDKCV
x-amz-replication-status: COMPLETED
last-modified: Thu, 04 Aug 2022 08:17:39 GMT
etag: "c8694e7d5d3b9a928d4d57026ac2b68b"
cache-control: max-age=315360000
x-amz-version-id: CpzkFSVTHlSKMdhV9N03JaP1PcAFvRyH
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/551406/afd0544e028fe06635d1d3c51cd1eef2a7c975a8.jpg
185.76.9.19200 OK 19 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/551406/afd0544e028fe06635d1d3c51cd1eef2a7c975a8.jpg
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash ff6a68892425ef76a6e7764a11306af2
c2ec660f539089dc3c89ab382093f299b6eb8c29
684d20e32ef9147bdc154ecf5c5ca15575e8545bb44101d7e4f21955135af329
GET /library/551406/afd0544e028fe06635d1d3c51cd1eef2a7c975a8.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:47 GMT
content-type: image/jpeg
content-length: 18807
last-modified: Wed, 26 May 2021 05:14:02 GMT
etag: "60add91a-4977"
expires: Sat, 29 Jul 2023 23:25:57 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1690680215
server: CDN77-Turbo
x-77-nzt: AblMCQ3a4SP/hBVUAA
x-77-nzt-ray: XC8ge+XyxXs
x-cache: HIT
x-age: 5510532
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
fhisladyloveh.xyz/utx?tid=832633&top=megaup.net&cb=opxpBrKvMbic
108.157.214.20204 No Content 0 B URL HTTP/2 fhisladyloveh.xyz/utx?tid=832633&top=megaup.net&cb=opxpBrKvMbic
IP 108.157.214.20:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=832633&top=megaup.net&cb=opxpBrKvMbic HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 20:05:46 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 20:06:46 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 472198048b2177f6905d44f001875bcc.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: -Of5lQisuKyppJp5XO-H1p0CrAkcxCXKbcV7RrRW_xNjhOwBnOniGQ==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 103 kB IP 172.64.173.27:0
Size 103 kB (102903 bytes)
Hash 8fc1b3433aeaf5b19883e32fdf9e4926
cea07f29a6c817f022104e3e526bfb2af61c5a4c
d5946155de7cececca55267151e4c6128ca3c8dbe992be898ac15798bfcc95e2
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4047
last-modified: Sat, 01 Oct 2022 18:58:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1c7F%2BMmuBdWxipp%2F5fE%2FIvsxmxtAkd%2BDaOCs64A8ozCIte%2BXuKuQOzEMXvpJwD22kpzbwWt%2FvB4k8dhXIadkIiJj2nHoZ0bNL68ymy20T9x7GKvw8uCq9fohqh%2BHy%2FgN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7537d0a7a8de067e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsapphires.buzz/
107.22.28.167200 OK 0 B IP 107.22.28.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Content-Length: 382
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31568, version 1.1\012- data
Hash e0c4ac0e73196bd0469c5c33304b7773
bb071565f82907d117b0732dca8013409162c67d
ff3bf3a4a1bf2b922157b18d0e8cddd95f2fc2dfe09c30a3ce67bc11a84c67af
GET /themes/flow/frontend_assets/fonts/raleway_bold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5; _ga=GA1.2.1021979043.1664654743; _gid=GA1.2.1785754545.1664654743; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:47 GMT
content-type: font/woff
content-length: 31568
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7b50"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/sw.js
91.209.70.182200 OK 32 kB IP 91.209.70.182:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 642cc2347896d05d926e71ae94fd7a3e
cae219e1f2587f280642607ad092defef7702270
5a1933c4179153024b3c304484dd2a20f1d79167d7b1a8a0bebca66c3ceec6a1
GET /sw.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:52 GMT
vary: Accept-Encoding
etag: W/"60758f38-12fe6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
tsapphires.buzz/
107.22.28.167200 OK 0 B IP 107.22.28.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://megaup.net
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
ad.a-ads.com/1811811?size=300x250
136.243.4.18200 OK 35 kB URL HTTP/2 ad.a-ads.com/1811811?size=300x250
IP 136.243.4.18:0
ASN #24940 Hetzner Online GmbH
Hash 3a4f0fd943530b49ca64439c61984565
4db58171cc025bb4f74aef95bd4deb2983382309
408cb90dbc0c4a9920e1aa8f6c31179075f5ecff457f30a7413fbb82ac70547e
GET /1811811?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megaup.net/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
begantotireo.xyz/floater?cs=YXQ4N3pQRA8HS1JBAANJUEUPAko&abt=0&red=1&sm=83&k=download%20file%20phasmophobia%20part1&v=0.8.10.0&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=126.10340479192938&ref=https%3A%2F%2Fmegaup.net%2F2uokh%2FPhasmophobia_v0.7.0.1.part1.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_4Xiv=1664654743312&crc=1
65.9.44.108200 OK 4.9 kB URL HTTP/2 begantotireo.xyz/floater?cs=YXQ4N3pQRA8HS1JBAANJUEUPAko&abt=0&red=1&sm=83&k=download%20file%20phasmophobia%20part1&v=0.8.10.0&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=126.10340479192938&ref=https%3A%2F%2Fmegaup.net%2F2uokh%2FPhasmophobia_v0.7.0.1.part1.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_4Xiv=1664654743312&crc=1
IP 65.9.44.108:0
File type ASCII text, with very long lines (8395), with no line terminators
Hash d2bab8f7d0d4bdc75426507031db4d34
5023226ec0299a834876d7743b6b4d44a03613c4
8bf2e984161cf60a4d173793f57981d2c7030f2de14f29ed55071972c99b05ec
GET /floater?cs=YXQ4N3pQRA8HS1JBAANJUEUPAko&abt=0&red=1&sm=83&k=download%20file%20phasmophobia%20part1&v=0.8.10.0&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=126.10340479192938&ref=https%3A%2F%2Fmegaup.net%2F2uokh%2FPhasmophobia_v0.7.0.1.part1.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_4Xiv=1664654743312&crc=1 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 4937
date: Sat, 01 Oct 2022 20:05:47 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=db806e1d-1d57-4ff0-b1ff-2d77530f19b0
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: VblJv9V8EPEKJh0TauhPFmsOnIGcEmaDzMxoqVrvThRK20Rzk33H8w==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16459
Expires: Sun, 02 Oct 2022 00:40:06 GMT
Date: Sat, 01 Oct 2022 20:05:47 GMT
Connection: keep-alive
megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
91.209.70.182200 OK 23 kB URL HTTP/2 megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
IP 91.209.70.182:0
File type Unicode text, UTF-8 text, with very long lines (8746)
Hash 804919b19648dc3dcda6bbb7291e45d8
1354db5f26b21d2edeb406fd2f2d72bb64f5ab60
0b444eee2de3e65002a5f49ac89623eb9df87ada3dd973ff90c6086c79df0156
GET /themes/flow/js/clipboardjs/clipboard.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2296"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16459
Expires: Sun, 02 Oct 2022 00:40:06 GMT
Date: Sat, 01 Oct 2022 20:05:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 574cd0b975349cc445e798136863c8a0
74c20bb0c312988822deb9d46b20e4642357fbd7
62d6448a8da1ed783761e1e966c3f03f2d9b4351e04e13e71e330e4cce465fc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8269
x-amzn-requestid: 2ff31dda-d215-42fb-a439-de67799ebeb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y8dqPFvQIAMFxlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e7641-2c2e3443499003525414587b;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 03:15:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: btbI_vFcRysDsOGN3zHGO3PEnzCG8XZyV7E65PB1bwBab86rJM79ZQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:16:06 GMT
age: 78581
etag: "74c20bb0c312988822deb9d46b20e4642357fbd7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 139a144f8cb04ac8aae65f4bad1473e7
265840b2d2fc6eb764cc6409b05deee8d77a19c2
6e0f01b6bdd5a92e92c7b29a6172a2900c68900afd2abba948940621252e0fd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10380
x-amzn-requestid: 35ee2a77-159c-4bb4-a825-98c638398586
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdZYHsTIAMFQNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f6f-4f68073432bcea371c7b8f03;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IENB0e-e13ywHJKPgyLWn1bGPMMxFLUu3cIUcREjGhxDEMROEL1jBg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:45:19 GMT
age: 80428
etag: "265840b2d2fc6eb764cc6409b05deee8d77a19c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
91.209.70.182200 OK 11 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
IP 91.209.70.182:0
Hash a1c45ed9260a7cae2ce0cd5d0d085f74
5ffd35c90d0a0b5d8bbeb4358e1e80c4110629fd
b5e25a7821506f7346154da753e0310e1dec1f4c3cf02e2d19ececee287e05c2
GET /themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-8d4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d31a422078d02bda318c693c05a58dc
2df7db53629c7adda2c0a4dfe9c17791b73a75e1
a07fe4e135b52da6dfa9d8a55684f0a3bf5f5ce52c4064c8ab37836a939902a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8299
x-amzn-requestid: 91eed6b6-632f-472b-93d7-4192425fcdfd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF0SoAMFWgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-17bb04894cc786555d693ec3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8JvNUZRyYeZjd4ZxOrGMCbJxVf46NRhiHXsFvCAZn2QeUkdCzKoYbw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:15:58 GMT
age: 78589
etag: "2df7db53629c7adda2c0a4dfe9c17791b73a75e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b307b2d-4d65-4a44-bdc9-02e2eb3040fe.webp
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b307b2d-4d65-4a44-bdc9-02e2eb3040fe.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7660f52ff0ccc2805e4186bfaeb86f3
64012d0a87c77d8409fa1be7d8d29124a81e3206
c4c2c65c2f830c5820dd019ada07607e31d338b824e2d66f7b4449c1026e123b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b307b2d-4d65-4a44-bdc9-02e2eb3040fe.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6058
x-amzn-requestid: 5895a9dc-4ec5-41cb-b0fa-b3f47677affe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPda6H8toAMFz7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f78-0941b5457484dc0c534333e2;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vriq9NmhdO1tVDFT5N7jb_uOnhDDDOku1eNPuGKQiQ8JWCEHFRZSCQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:47:34 GMT
age: 80293
etag: "64012d0a87c77d8409fa1be7d8d29124a81e3206"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: f0791b53-3c5f-4d94-954d-992a529ebb60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPnunF35oAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63361ff6-2adb303349153ced73ccecf6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 22:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RGS_T9Cwl5Vjs_bxngHRomiYppE5fLe0SnH19VEfc5-PCT5tb5ku1A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 04:40:52 GMT
age: 55495
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tsapphires.buzz/
107.22.28.167200 OK 0 B IP 107.22.28.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://megaup.net
Content-Length: 350
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a7c73f65eb487dd1b71cab791c5a052b
b21fde09c0a99c3bea272cc5e1034b9b1caa20ec
5729bd0d1e2f553f39e754592c1316193097f9487132ea2666507ad54a7c9a0b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5729BD0D1E2F553F39E754592C1316193097F9487132EA2666507AD54A7C9A0B"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4898
Expires: Sat, 01 Oct 2022 21:27:28 GMT
Date: Sat, 01 Oct 2022 20:05:50 GMT
Connection: keep-alive
stunningruin.com/winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu%2Bf1yWbyorAdhhfGmIJPu%2BejpcZFgzEaC2c2y66InpbqqZ%2FKanqqmqmt6klNQkD3JiAc%2FTp0nX6irrH%2BAq3QWPASEzC2iuXtSFPYsM8aMvtC8H897ePp9nnp%2Fx50xD46fLl3XW5QkfL5V86rPven7V6urpNywOgyDt4Pm1aoZvNgJat7z1VdjsaHn657veb7nV5fJxF09nJ%2BAoPRex691vFqzXvNbTQxNAesqsLwCOThjT4LkeO5h5TJIlFD9%2B0ux3ch0%2BsK1vkt4pg0G8vCO2lA6V%2BjPyq6poKsOz7eh7cnyA2i1P6UIPbhYjGjMKj88QKQOz4khGuxNuUUJYoVIPoZ8UCJOShAvIfR7IHnCACFxYw2qf3BDm5xv%2Fo3yCTpmc4%2F%2BBOVjNvfLZaj%2B14sJDau3deIy0spi2C1AwxLUK5G6I2RbDJQfQWTvguSPbP7RKlR%2Fb80mGiSL6b8TlaBuiSQegVsGN%2FmIwXUrcGkFfXlaFb7vtz0puBd2hGjIdhwF0vN5u%2Btz3wtCODGhN0KWjiCSEYTZRmq2sUEjGPcByJZwvAClBVJ7ENZbHd9HLI4Xfv10Ep%2BB02m13vYb7U4r8Fpx0Gh1wtALBPd52G7H9WbQaiOi44UF9%2Fj1O8%2BsIyGGmB9%2F9zubBqwqoFyxqwwVMPExO49dI7PjhYut9QJWMtiMYSAL5DFDbhlyzpATQ54x5INiXya2bosDmVgX%2Bee5fp4bxa7OesW%2BznqxYjvpGXtiqs0f4i1sxKfVrifqYbfTbNTDZqcThbLZbgRhIIUvw7gZSlj65wJk%2FwduK9iiMXvq59%2BQTlwjP0LEj2CTIwh6FtxdAc8L8PUCW6qA1Pdt5pQi1TOOVE3oPtLsErLNyk5yxp6ecgk%2Bufuf8wpTIDUF3qGHDL3k7u4tnbO9Wzq37Ju1NKM%2BbfGJh25nPIv%2F%2F8Vr8WaujVxZsqPPXxYTYFLeez222SpXklTPsi8XScrYLGsjYvbtin0jjm46u77ojHLp6s1Xllf6qYmtJa1KcDq59jEEjdmlD3%2BaPo4rX70EMiWMK9B3F3KBdAmRbsOms5nVDCaZ9VHKkLti19Sj2XBiiGSmO3hUwP6rj2b1jv0elgpklv0FAAD%2F%2FwEAAP%2F%2FMLMnzXkEAAA%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1664654747&pid=91283&sub2=icon&auid=2713795605e63598806ca1a877e24657&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
192.243.61.226307 Temporary Redirect 0 B URL HTTP/1.1 stunningruin.com/winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu%2Bf1yWbyorAdhhfGmIJPu%2BejpcZFgzEaC2c2y66InpbqqZ%2FKanqqmqmt6klNQkD3JiAc%2FTp0nX6irrH%2BAq3QWPASEzC2iuXtSFPYsM8aMvtC8H897ePp9nnp%2Fx50xD46fLl3XW5QkfL5V86rPven7V6urpNywOgyDt4Pm1aoZvNgJat7z1VdjsaHn657veb7nV5fJxF09nJ%2BAoPRex691vFqzXvNbTQxNAesqsLwCOThjT4LkeO5h5TJIlFD9%2B0ux3ch0%2BsK1vkt4pg0G8vCO2lA6V%2BjPyq6poKsOz7eh7cnyA2i1P6UIPbhYjGjMKj88QKQOz4khGuxNuUUJYoVIPoZ8UCJOShAvIfR7IHnCACFxYw2qf3BDm5xv%2Fo3yCTpmc4%2F%2BBOVjNvfLZaj%2B14sJDau3deIy0spi2C1AwxLUK5G6I2RbDJQfQWTvguSPbP7RKlR%2Fb80mGiSL6b8TlaBuiSQegVsGN%2FmIwXUrcGkFfXlaFb7vtz0puBd2hGjIdhwF0vN5u%2Btz3wtCODGhN0KWjiCSEYTZRmq2sUEjGPcByJZwvAClBVJ7ENZbHd9HLI4Xfv10Ep%2BB02m13vYb7U4r8Fpx0Gh1wtALBPd52G7H9WbQaiOi44UF9%2Fj1O8%2BsIyGGmB9%2F9zubBqwqoFyxqwwVMPExO49dI7PjhYut9QJWMtiMYSAL5DFDbhlyzpATQ54x5INiXya2bosDmVgX%2Bee5fp4bxa7OesW%2BznqxYjvpGXtiqs0f4i1sxKfVrifqYbfTbNTDZqcThbLZbgRhIIUvw7gZSlj65wJk%2FwduK9iiMXvq59%2BQTlwjP0LEj2CTIwh6FtxdAc8L8PUCW6qA1Pdt5pQi1TOOVE3oPtLsErLNyk5yxp6ecgk%2Bufuf8wpTIDUF3qGHDL3k7u4tnbO9Wzq37Ju1NKM%2BbfGJh25nPIv%2F%2F8Vr8WaujVxZsqPPXxYTYFLeez222SpXklTPsi8XScrYLGsjYvbtin0jjm46u77ojHLp6s1Xllf6qYmtJa1KcDq59jEEjdmlD3%2BaPo4rX70EMiWMK9B3F3KBdAmRbsOms5nVDCaZ9VHKkLti19Sj2XBiiGSmO3hUwP6rj2b1jv0elgpklv0FAAD%2F%2FwEAAP%2F%2FMLMnzXkEAAA%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1664654747&pid=91283&sub2=icon&auid=2713795605e63598806ca1a877e24657&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 192.243.61.226:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu%2Bf1yWbyorAdhhfGmIJPu%2BejpcZFgzEaC2c2y66InpbqqZ%2FKanqqmqmt6klNQkD3JiAc%2FTp0nX6irrH%2BAq3QWPASEzC2iuXtSFPYsM8aMvtC8H897ePp9nnp%2Fx50xD46fLl3XW5QkfL5V86rPven7V6urpNywOgyDt4Pm1aoZvNgJat7z1VdjsaHn657veb7nV5fJxF09nJ%2BAoPRex691vFqzXvNbTQxNAesqsLwCOThjT4LkeO5h5TJIlFD9%2B0ux3ch0%2BsK1vkt4pg0G8vCO2lA6V%2BjPyq6poKsOz7eh7cnyA2i1P6UIPbhYjGjMKj88QKQOz4khGuxNuUUJYoVIPoZ8UCJOShAvIfR7IHnCACFxYw2qf3BDm5xv%2Fo3yCTpmc4%2F%2BBOVjNvfLZaj%2B14sJDau3deIy0spi2C1AwxLUK5G6I2RbDJQfQWTvguSPbP7RKlR%2Fb80mGiSL6b8TlaBuiSQegVsGN%2FmIwXUrcGkFfXlaFb7vtz0puBd2hGjIdhwF0vN5u%2Btz3wtCODGhN0KWjiCSEYTZRmq2sUEjGPcByJZwvAClBVJ7ENZbHd9HLI4Xfv10Ep%2BB02m13vYb7U4r8Fpx0Gh1wtALBPd52G7H9WbQaiOi44UF9%2Fj1O8%2BsIyGGmB9%2F9zubBqwqoFyxqwwVMPExO49dI7PjhYut9QJWMtiMYSAL5DFDbhlyzpATQ54x5INiXya2bosDmVgX%2Bee5fp4bxa7OesW%2BznqxYjvpGXtiqs0f4i1sxKfVrifqYbfTbNTDZqcThbLZbgRhIIUvw7gZSlj65wJk%2FwduK9iiMXvq59%2BQTlwjP0LEj2CTIwh6FtxdAc8L8PUCW6qA1Pdt5pQi1TOOVE3oPtLsErLNyk5yxp6ecgk%2Bufuf8wpTIDUF3qGHDL3k7u4tnbO9Wzq37Ju1NKM%2BbfGJh25nPIv%2F%2F8Vr8WaujVxZsqPPXxYTYFLeez222SpXklTPsi8XScrYLGsjYvbtin0jjm46u77ojHLp6s1Xllf6qYmtJa1KcDq59jEEjdmlD3%2BaPo4rX70EMiWMK9B3F3KBdAmRbsOms5nVDCaZ9VHKkLti19Sj2XBiiGSmO3hUwP6rj2b1jv0elgpklv0FAAD%2F%2FwEAAP%2F%2FMLMnzXkEAAA%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1664654747&pid=91283&sub2=icon&auid=2713795605e63598806ca1a877e24657&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: stunningruin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Sat, 01 Oct 2022 20:05:50 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6771dac4c654bd1eb0f24a0e28c17916
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ab57c388b9a191ad382f6cc4772f3d4c
37c632b7fbe7c4019afdacc3af1d14ebc81d2edb
580db6b0d7fdf10a9b718ee65dc5b59749d358719fec8530820425c0fc4833cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "580DB6B0D7FDF10A9B718EE65DC5B59749D358719FEC8530820425C0FC4833CF"
Last-Modified: Fri, 30 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5131
Expires: Sat, 01 Oct 2022 21:31:21 GMT
Date: Sat, 01 Oct 2022 20:05:50 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Hash 70cf8250da1a25a7b445231428af7828
a849d338423d2919949340838c768bba90b9081c
b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:50 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Mon, 03 Oct 2022 20:05:50 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31900, version 1.1\012- data
Hash 1b285c8e5b7445a8e434b2cdf036bab2
c97d4772fbb5c5637d466b5f991bc7ec28830b32
09b979826f2ac158a63ba234042c66414c21282d0bb46eadc62c64a873778825
GET /themes/flow/frontend_assets/fonts/raleway_medium.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5; _ga=GA1.2.1021979043.1664654743; _gid=GA1.2.1785754545.1664654743; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:52 GMT
content-type: font/woff
content-length: 31900
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c9c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4d9e5d22c41c745e1237b6a8f58756f2
7d143c8ca3cafa318c6beb8da012d4816becf4a8
e9e6289a2e38c8b2f1826993ac36885a4c9362b66ce5b4c70a7200270793a77f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E6289A2E38C8B2F1826993AC36885A4C9362B66CE5B4C70A7200270793A77F"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1945
Expires: Sat, 01 Oct 2022 20:38:18 GMT
Date: Sat, 01 Oct 2022 20:05:53 GMT
Connection: keep-alive
agagraveleran.com/icon?ctx=Yu6EdHSZkTeH-bK2sfOUlgNOEi4IixrUoiS3Jl2kEvp2y-qDoabJ05yw_i9HrL9M_BaN-luP5RxvS9cosbgX-NsxZrszBQgbvO6I41H-vc4CK8H_Z8RKvs1BUocHWqzJyYfp-2yMNzhMqGNAMNjJ5hbivq2PBHwN3Xr5nbuJlkIrYxt7NI6m0Fqi3vQ5f1FY6Ozb9vl2pV8KwgEt4Qz6Tf-Boamd95U5TRSswcFm--_AI0YfMhkm57QVw2jPZzobB9l5cNBkvNYrBBLkcIfBR-jR_qxh_W89&z=3324885
139.45.195.6301 Moved Permanently 0 B URL HTTP/1.1 agagraveleran.com/icon?ctx=Yu6EdHSZkTeH-bK2sfOUlgNOEi4IixrUoiS3Jl2kEvp2y-qDoabJ05yw_i9HrL9M_BaN-luP5RxvS9cosbgX-NsxZrszBQgbvO6I41H-vc4CK8H_Z8RKvs1BUocHWqzJyYfp-2yMNzhMqGNAMNjJ5hbivq2PBHwN3Xr5nbuJlkIrYxt7NI6m0Fqi3vQ5f1FY6Ozb9vl2pV8KwgEt4Qz6Tf-Boamd95U5TRSswcFm--_AI0YfMhkm57QVw2jPZzobB9l5cNBkvNYrBBLkcIfBR-jR_qxh_W89&z=3324885
IP 139.45.195.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /icon?ctx=Yu6EdHSZkTeH-bK2sfOUlgNOEi4IixrUoiS3Jl2kEvp2y-qDoabJ05yw_i9HrL9M_BaN-luP5RxvS9cosbgX-NsxZrszBQgbvO6I41H-vc4CK8H_Z8RKvs1BUocHWqzJyYfp-2yMNzhMqGNAMNjJ5hbivq2PBHwN3Xr5nbuJlkIrYxt7NI6m0Fqi3vQ5f1FY6Ozb9vl2pV8KwgEt4Qz6Tf-Boamd95U5TRSswcFm--_AI0YfMhkm57QVw2jPZzobB9l5cNBkvNYrBBLkcIfBR-jR_qxh_W89&z=3324885 HTTP/1.1
Host: agagraveleran.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 01 Oct 2022 20:05:53 GMT
Content-Length: 0
Connection: keep-alive
Location: https://outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b65ba8b4c7b201d01732d77ac1e10727
767762baaba5f4a669f15024850b84ebd7889084
6d32c7731d9ef9c64ae737e67e5faef34c28dcfde6441af9f8445ac7848f3a1d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6D32C7731D9EF9C64AE737E67E5FAEF34C28DCFDE6441AF9F8445AC7848F3A1D"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6024
Expires: Sat, 01 Oct 2022 21:46:17 GMT
Date: Sat, 01 Oct 2022 20:05:53 GMT
Connection: keep-alive
outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
104.22.29.221200 OK 23 kB URL HTTP/2 outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
IP 104.22.29.221:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 7a555faea541a27da9de79a0e67abf9b
c6650bdf11a8badb1f4ea8eff3003928c5df877f
170b360c4605bbcc8939aa230ff5bb5d274bb6163e50cf47c6e00d3284e4c01e
GET /www/images/7a555faea541a27da9de79a0e67abf9b.jpeg HTTP/1.1
Host: outsimiseara.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:53 GMT
content-type: image/jpeg
content-length: 23018
cache-control: max-age=86400
cf-bgj: h2pri
etag: "5e240fa2-59ea"
expires: Sun, 02 Oct 2022 13:58:33 GMT
last-modified: Sun, 19 Jan 2020 08:13:22 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 22038
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7537d0d3bfdab4fa-OSL
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/animations/animate.min.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-bc86"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
IP 91.209.70.182:0
GET /2uokh/Phasmophobia_v0.7.0.1.part1.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5; expires=Sun, 02-Oct-2022 20:05:45 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
IP 91.209.70.182:0
GET /themes/flow/styles/font-icons/entypo/css/entypo.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45f5"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6a684"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/load-image.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/load-image.min.js
IP 91.209.70.182:0
GET /themes/flow/js/load-image.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-9f2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/animation/jquery.appear.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-5c6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cdf"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/custom/custom.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/custom/custom.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/custom/custom.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1420"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-335067496%3A1664654746783498&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrFvJSOlF3bZ1fM9eSEohMeAqfiPFGx-G6pVjVRv68mn__rV3DZGYqnhet7BMOWdlTF2DjY1g
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-335067496%3A1664654746783498&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrFvJSOlF3bZ1fM9eSEohMeAqfiPFGx-G6pVjVRv68mn__rV3DZGYqnhet7BMOWdlTF2DjY1g
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-335067496%3A1664654746783498&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrFvJSOlF3bZ1fM9eSEohMeAqfiPFGx-G6pVjVRv68mn__rV3DZGYqnhet7BMOWdlTF2DjY1g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 20:05:46 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-2EQ1VhABS5Jb3qPl_OrD9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=eL3Zc1re7cOMbkX_IRndEXJDYGH_3j5A_VhyrbRM-RMk1mrA4CANg1Jsvnwy_GLwqNe1deAn-Ms6Q1aau6mVZnxFZpU1njnXWPwn-PBYc6pnJAIVFIC9jrxSd6p8AA_f2ZkaqYOY7DlRf-bZsdKCijixgxtLqW6MK1Jsf6uGZuM; expires=Sun, 02-Apr-2023 20:05:46 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4047
last-modified: Sat, 01 Oct 2022 18:58:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2lajXJiWJVyZ3W2gBDY5l32XG3I%2FXD1WQN%2Fl5I0GS9be0F%2BTEn0t%2Fl8%2BSN3FHpJKkoOfGK25Pr7PquR3qhDYQOI9JaFeJ4drB%2F9lqdQhYEc6njiePZ6vQ%2Fs%2B3NKiLZA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7537d0a7a8e3067e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsapphires.buzz/V2dvbE4MRVdffGFUXE5idUVDTihjA1ZZfzIDQl9%2BZ15CWHZgAUJUKGFSQlR%2ENV4OW3kyVloPKHVLTV4vY1BdX39lSg5bdzVKWw0oM0oNXiwxSldfd2JVWFV4MwJbCGx7RRwbbHtFGx8vJxcHBTwyFEEOOy0dTUBsZldBWWx7AQ4APTJLCQ0iJAJDCi87FAox
107.22.28.167200 OK 0 B URL HTTP/2 tsapphires.buzz/V2dvbE4MRVdffGFUXE5idUVDTihjA1ZZfzIDQl9%2BZ15CWHZgAUJUKGFSQlR%2ENV4OW3kyVloPKHVLTV4vY1BdX39lSg5bdzVKWw0oM0oNXiwxSldfd2JVWFV4MwJbCGx7RRwbbHtFGx8vJxcHBTwyFEEOOy0dTUBsZldBWWx7AQ4APTJLCQ0iJAJDCi87FAox
IP 107.22.28.167:0
GET /V2dvbE4MRVdffGFUXE5idUVDTihjA1ZZfzIDQl9%2BZ15CWHZgAUJUKGFSQlR%2ENV4OW3kyVloPKHVLTV4vY1BdX39lSg5bdzVKWw0oM0oNXiwxSldfd2JVWFV4MwJbCGx7RRwbbHtFGx8vJxcHBTwyFEEOOy0dTUBsZldBWWx7AQ4APTJLCQ0iJAJDCi87FAox HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 6ca902c4bd237ee7c4d4b31b95f087ef=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8445-kDlZe4sBbNsKPAA/n+f3nj6lhb8"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
IP 91.209.70.182:0
GET /themes/flow/js/zeroClipboard/ZeroClipboard.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3bd2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/images/icons/favicon/favicon.ico HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: image/x-icon
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-47e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-61ef"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.221.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: rMN8IlrdIg97Emv+mZXOvH/oQIrB6yiKCOGkoJSHK0/1OI9ZtaCxxR30a3XEbwXFEjAYwmwnKR51ienZaiyoeQ==
date: Sat, 01 Oct 2022 20:05:46 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/sticky/jquery.sticky.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1099"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-1.11.0.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-1.11.0.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery-1.11.0.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1787d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4047
last-modified: Sat, 01 Oct 2022 18:58:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sO0RhHsjzK5uV7wvJOAQD9%2FIZG02t%2FAGrVtW9kDInPaYme%2FBcNwil7p8s2iR%2B5uHZaZISif9vBDrlBAGa6jF%2BAw0aLM3%2F%2FbTmvoU9t4BMNipBJ%2FD8ArMGfBMD18dxV1i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7537d0a788b5067e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4047
last-modified: Sat, 01 Oct 2022 18:58:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPOrEHQeLiqWNNdBazPpTOi%2B5xiUS7%2Fe13xTI0LcdJ4UvGpbwmF%2BI1N0GZIwo2Na8G1C949ScO6pMb%2F7UEoEk6yUtn4QvxJ9LHoGmdYpOX9x2zX4BRprmnk9l97I1HV0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7537d0a7a8e9067e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/custom.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/custom.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/custom.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3577"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/responsive.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/responsive.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/responsive.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-e56"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.tmpl.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.tmpl.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.tmpl.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3cb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3ead"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-59d6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-validate.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-validate.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-validate.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-fea"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/global.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/global.js
IP 91.209.70.182:0
GET /themes/flow/js/global.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-d59"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-303b2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.iframe-transport.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.iframe-transport.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.iframe-transport.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2427"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/nav/jquery.nav.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1547"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
societingna.info/VUFjSkcuYxA9GCAzD2h9dykXPjcme0xlKjAmAj83ey8GPmgmNk0gNHdtQTkqM2NZe2t3NQItGDwlQXBlbXJRfHRmY09oNCAjPCMjZ2NZaCFhJVp%2FdjAlTnl3ZXhOfn9iJ05yIWN0TnJ2N3gCfXAwcFYpIXc8
44.195.137.121200 OK 0 B URL HTTP/2 societingna.info/VUFjSkcuYxA9GCAzD2h9dykXPjcme0xlKjAmAj83ey8GPmgmNk0gNHdtQTkqM2NZe2t3NQItGDwlQXBlbXJRfHRmY09oNCAjPCMjZ2NZaCFhJVp%2FdjAlTnl3ZXhOfn9iJ05yIWN0TnJ2N3gCfXAwcFYpIXc8
IP 44.195.137.121:0
Analyzer Verdict Alert fortinet Malware
GET /VUFjSkcuYxA9GCAzD2h9dykXPjcme0xlKjAmAj83ey8GPmgmNk0gNHdtQTkqM2NZe2t3NQItGDwlQXBlbXJRfHRmY09oNCAjPCMjZ2NZaCFhJVp%2FdjAlTnl3ZXhOfn9iJ05yIWN0TnJ2N3gCfXAwcFYpIXc8 HTTP/1.1
Host: societingna.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: f5bc39f9c5381e97e49e44b52b94defa=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e0fa-48FobtmNixefKQZLNcllsvqcpGg"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 20:05:46 GMT
content-type: text/plain
set-cookie: csu=177853429192852@1@1664654746; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MD9YP0zVxFt7QeaKf6tgolR9iHtWqNxlTbpcGeeAz6V3xxyed3TWxwer%2BwsEbtaU06BX6N3TGITizM3rZaR0McAoT5vmj8%2BubY%2FatkilRgladt4iUzvv7pfc7o090x%2B%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537d0a7a8f1067e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/file-upload.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/styles/file-upload.css
IP 91.209.70.182:0
GET /themes/flow/styles/file-upload.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-21ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-267437022%3A1664654746726729&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWp1lvwivQwkYiYKP3Ueb7ozQHa0c0UFnfr7ifjqlpuopTVdLjVL3KxEbrMWUgMP9CKoKY6N5w
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-267437022%3A1664654746726729&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWp1lvwivQwkYiYKP3Ueb7ozQHa0c0UFnfr7ifjqlpuopTVdLjVL3KxEbrMWUgMP9CKoKY6N5w
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-267437022%3A1664654746726729&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWp1lvwivQwkYiYKP3Ueb7ozQHa0c0UFnfr7ifjqlpuopTVdLjVL3KxEbrMWUgMP9CKoKY6N5w HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 20:05:46 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-_e5y11unlKgnhOe_oF64nQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=vbbkwgKp1V9mJSANUvdOQZH-G797etRYtK0PYzDNgpxS6T04XLjpa48prR9SvcEJEIYpOwgYvZ5H7daAR8Fbsy8Fs77RoTdQLWV_N8Kcx-w7Hj-cR3EvTpg8gyClbDbDa01urp15q9UQ51k4XhfegfM9TOuFBh7N7OXlsU7exxw; expires=Sun, 02-Apr-2023 20:05:46 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/retina/retina.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/retina/retina.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/retina/retina.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-52e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/nav/jquery.scrollTo.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-981"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/css/settings.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-ce4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14cc1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/All-stylesheets.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-153"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/colors/flow.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/colors/flow.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/colors/flow.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-a83"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-process.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-process.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-process.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/gauge.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/gauge.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/gauge.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45b8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/loading_small.gif
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/images/loading_small.gif
IP 91.209.70.182:0
GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/canvas-to-blob.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/canvas-to-blob.min.js
IP 91.209.70.182:0
GET /themes/flow/js/canvas-to-blob.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-408"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-dbd4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-resize.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-resize.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-resize.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1f7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/custom-isotope.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2uokh/Phasmophobia_v0.7.0.1.part1.rar
Connection: keep-alive
Cookie: filehosting=jk3gmlhcuubrgrp1sab2fmd5h5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 20:05:45 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2