megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
91.209.70.182301 Moved Permanently 162 B URL HTTP/1.1 megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
IP 91.209.70.182:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /2un2B/Pocket.Stables-GoldBerg.zip HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 28 Sep 2022 08:17:35 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 07:42:53 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ip4XnX0_v2B6Qyt-13NM5-ayrbYbEiuqJ0grQ72HoP6KmTK7dGTE9w==
Age: 2082
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4267
Expires: Wed, 28 Sep 2022 09:28:42 GMT
Date: Wed, 28 Sep 2022 08:17:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EGaZaMW7q1PwrNn4G_ZdtuBbVQW-j0gbwYWVVr5XLOykvfNTz9744A==
age: 82402
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 55fc559ae8097427d7a66ec558f569a4
e1258370408ae50c859ec874ff7c260e3c850846
1df3b994d416e1ee8ee3494fc298862c80d5b3ea01d4d41ee4e05b80c7f48918
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:17:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 23:25:47 GMT
Expires: Mon, 03 Oct 2022 23:25:46 GMT
Etag: "e1258370408ae50c859ec874ff7c260e3c850846"
Cache-Control: max-age=485890,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751b0b247b631c0e-OSL
megaup.net/themes/flow/images/main_logo_inverted.png
91.209.70.182200 OK 7.1 kB URL HTTP/2 megaup.net/themes/flow/images/main_logo_inverted.png
IP 91.209.70.182:0
File type PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d15526be10b904a6b48d1af04a10cc3
c09b6874359ac6d71db95593618a9acb55baa984
894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018
GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/loading_small.gif
91.209.70.182200 OK 184 kB URL HTTP/2 megaup.net/themes/flow/images/loading_small.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 64 x 64\012- data
Size 184 kB (184355 bytes)
Hash b0dd5b3af9c4c0644d7bddee83716209
30002468d0266b893b3559b8d0d260c6cbf0ad7c
2418224bb4d12c122ef3c54d2ee9edb5f6f28d539e91a166b0215553f8c7609d
GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
91.209.70.182200 OK 4.7 kB URL HTTP/2 megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
IP 91.209.70.182:0
Hash f99733190bc791ae1be04ab4318b5b96
b37400f133ffb42461ab08a5d7fe27234026f281
924b63b9d3d81bceb10bb03634cce2cb2168dfeca3d8ea8a4103fcff131971ef
GET /themes/flow/styles/font-icons/entypo/css/entypo.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45f5"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/custom.css
91.209.70.182200 OK 34 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/custom.css
IP 91.209.70.182:0
File type assembler source, ASCII text, with CRLF line terminators
Hash 7819bba13b25a8532e346d12b6c78a37
8bd8700a8f6740ef14f9327ce6208c4a9d2c7b61
659db71cfad768359d4103fa00ea9d6174da9e535b508f9ad80cbd0934ed61fe
GET /themes/flow/frontend_assets/css/custom.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3577"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/file-upload.css
91.209.70.182200 OK 42 kB URL HTTP/2 megaup.net/themes/flow/styles/file-upload.css
IP 91.209.70.182:0
File type assembler source, ASCII text
Hash bd73744012fa65d04ebd459a3d7f1096
28663761889a61c5c7c17a9a4ac076fef21ac799
e41ff77246576368a529f6b9dbe08b8636d77a90065dd404844b7505291bad49
GET /themes/flow/styles/file-upload.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-21ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
keydawnawe.com/gwZ1U5hjA8ii/32575
23.109.82.168200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 23.109.82.168:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 08:17:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Thu, 29-Sep-2022 08:17:35 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Thu, 29-Sep-2022 08:17:35 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
www.googletagmanager.com/gtag/js?id=UA-108868042-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (2039)
Hash cfaa4fa14b84afb2afd09c0d02de8171
32da095346e1ae7f4a03d579dcfb9b567c3da4a1
edd63145a4681fea3d96d6034fa72da72c12bc3a405e249d9326fc3b5a544ef7
GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 08:17:35 GMT
expires: Wed, 28 Sep 2022 08:17:35 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42335
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
altowriestwispy.com/tysaSHG1FMaM/18410
172.255.6.33200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 172.255.6.33:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 08:17:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Thu, 29-Sep-2022 08:17:35 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Thu, 29-Sep-2022 08:17:35 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1995
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:17:36 GMT
Last-Modified: Wed, 28 Sep 2022 07:44:21 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
megaup.net/themes/flow/js/canvas-to-blob.min.js
91.209.70.182200 OK 5.1 kB URL HTTP/2 megaup.net/themes/flow/js/canvas-to-blob.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (1032), with no line terminators
Hash 32b2d747159dee8e339f4cb60e75c8d5
9338af004ee16f7f9c094ce351422c4aaae9fdaf
60e8a8362021ac966ed230757f972e735c792d24b668bc11acb0e7d5a4c38179
GET /themes/flow/js/canvas-to-blob.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-408"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-validate.js
91.209.70.182200 OK 1.6 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-validate.js
IP 91.209.70.182:0
Hash 063000146abe0eaa25380b31ea51a3d7
53f1ad431d4f2deeb0cb20c9b4c66abb5b0b9fdb
54c4fe96e01109c03ff0bac6cc752027904b171d24306eb8c06b2d8e57c3d35f
GET /themes/flow/js/jquery.fileupload-validate.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-fea"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-ui.js
91.209.70.182200 OK 37 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-ui.js
IP 91.209.70.182:0
Hash 12ae6ae4f8d2e1cb198f18179954d2ac
17b40e8dff2cce637507b11c48fd93f14d60a25e
66bf83c5b525d360386a3664eb3c17467deef2862469c47bece7bfc9be93d968
GET /themes/flow/js/jquery.fileupload-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-61ef"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff
91.209.70.182200 OK 31 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31344, version 1.1\012- data
Hash 21f79e4c0fbe54a555170aa70bb4c8b7
9d4aaf2016cd21f16bc45089a48de84dba951fa7
2b638674bc57ad355ef2ecbd68e78ecb36bc323aaaf4ddeb9cd4f61bc5f26c42
GET /themes/flow/frontend_assets/fonts/raleway_extrabold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: font/woff
content-length: 31344
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7a70"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-1.11.0.min.js
91.209.70.182200 OK 86 kB URL HTTP/2 megaup.net/themes/flow/js/jquery-1.11.0.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (32341)
Hash f66c1a9b586a99b45f6a80658c629da4
ce5e58929a04dead8c81cb9834346a9b55c99bd1
5668b1a65b6c22fd7102cc590ee58bea400ac1f6b8e32c5e169585e724be7d67
GET /themes/flow/js/jquery-1.11.0.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1787d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
91.209.70.182200 OK 21 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 20972, version 1.0\012- data
Hash cad75e2dacc6794c4e6b14727d4a989d
694d04c8f643df4100c23efc1463ac9f4e732f60
ebccc09339b7730324221aff3d11d215de9997b47bf708ca18a3be2d8e8b9887
GET /themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: font/woff
content-length: 20972
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-51ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d630ef5b1d7afaa72254be011eda5da3
1d36045b0711cb90cf63f0cb403c6e08c24374f0
65a57ef2098917f9d92c6bb00a4d556bf3864200c070bcc295336ad7e3c781fe
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "65A57EF2098917F9D92C6BB00A4D556BF3864200C070BCC295336AD7E3C781FE"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2689
Expires: Wed, 28 Sep 2022 09:02:25 GMT
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d630ef5b1d7afaa72254be011eda5da3
1d36045b0711cb90cf63f0cb403c6e08c24374f0
65a57ef2098917f9d92c6bb00a4d556bf3864200c070bcc295336ad7e3c781fe
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "65A57EF2098917F9D92C6BB00A4D556BF3864200C070BCC295336AD7E3C781FE"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2689
Expires: Wed, 28 Sep 2022 09:02:25 GMT
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: keep-alive
altowriestwispy.com/tysaSHG1FMaM/18410
172.255.6.33200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 172.255.6.33:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 08:17:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
hatsheisaco.xyz/WkNCTUQ7ISEgezt+IGsxKC9/aHYcZnALIDcuOCYiPntwOiUjLWwuKDU2Jis2NS02Yyo/N2d/Aj0aLzV0DgY1DwUiLDMuPAMFBwUCahYEIQo8G3MIBj0gKAQsEBESCTMoDAQ+BxI6By8SGQ56BnUcCAMJHTUbczUXEwByAAdqLzMGFS0TERV1KwI1KhM5GyoIAxsSKAd1YhkFJCMqAQMYJREQKggDCBU6BBVqFAoeBT0CciEDGS0uABwcBWd/BjwGLRgWAnIyGBdvESQjMxUBECJxFAYmKBYeEXIbABQAJwooCA8uC2FoASQPBTsWGnUKDXIyLCIdFQoVL3cSMAYVHwsFfyh/cQAHAm8GJBU8CRsXH307FQAuATMWZ38GGDQtLwodLxMGL2t1GyEOEQIaC318KTEiKip+Cj0jAHQ0HikjexU9I2k
143.204.55.30200 OK 1.2 kB URL HTTP/2 hatsheisaco.xyz/WkNCTUQ7ISEgezt+IGsxKC9/aHYcZnALIDcuOCYiPntwOiUjLWwuKDU2Jis2NS02Yyo/N2d/Aj0aLzV0DgY1DwUiLDMuPAMFBwUCahYEIQo8G3MIBj0gKAQsEBESCTMoDAQ+BxI6By8SGQ56BnUcCAMJHTUbczUXEwByAAdqLzMGFS0TERV1KwI1KhM5GyoIAxsSKAd1YhkFJCMqAQMYJREQKggDCBU6BBVqFAoeBT0CciEDGS0uABwcBWd/BjwGLRgWAnIyGBdvESQjMxUBECJxFAYmKBYeEXIbABQAJwooCA8uC2FoASQPBTsWGnUKDXIyLCIdFQoVL3cSMAYVHwsFfyh/cQAHAm8GJBU8CRsXH307FQAuATMWZ38GGDQtLwodLxMGL2t1GyEOEQIaC318KTEiKip+Cj0jAHQ0HikjexU9I2k
IP 143.204.55.30:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash 2e1a76a92e1ecbd10701d6c314c2709e
4d66381dbf39d9169ad74bbe281b43f60d5b1c12
33a196efb9b3e11bdcef04b4845907df0b0d1268294256991fb15d2aaba44cc0
Analyzer Verdict Alert fortinet Phishing
GET /WkNCTUQ7ISEgezt+IGsxKC9/aHYcZnALIDcuOCYiPntwOiUjLWwuKDU2Jis2NS02Yyo/N2d/Aj0aLzV0DgY1DwUiLDMuPAMFBwUCahYEIQo8G3MIBj0gKAQsEBESCTMoDAQ+BxI6By8SGQ56BnUcCAMJHTUbczUXEwByAAdqLzMGFS0TERV1KwI1KhM5GyoIAxsSKAd1YhkFJCMqAQMYJREQKggDCBU6BBVqFAoeBT0CciEDGS0uABwcBWd/BjwGLRgWAnIyGBdvESQjMxUBECJxFAYmKBYeEXIbABQAJwooCA8uC2FoASQPBTsWGnUKDXIyLCIdFQoVL3cSMAYVHwsFfyh/cQAHAm8GJBU8CRsXH307FQAuATMWZ38GGDQtLwodLxMGL2t1GyEOEQIaC318KTEiKip+Cj0jAHQ0HikjexU9I2k HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Wed, 28 Sep 2022 08:17:36 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EkqAtMECO8z85ra8HAnqS6pvvtrET5l5yXkSOEWGDQMQe51mzq88BQ==
X-Firefox-Spdy: h2
keydawnawe.com/gwZ1U5hjA8ii/32575
23.109.82.168200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 23.109.82.168:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 08:17:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
hatsheisaco.xyz/RFVXRGUlNzQpWiVoNWIQNjlqYVcCcGUCASk4LS8DIG1lMwQ9O3knCSsgMyIXKzsjagshIXJ2IyAGZSwOIQE8KyczOjEGD3wXFgE0CzMBKDMVBG4wJCw2ABIfMAMVLBFyMDArExc7Y3EvEAMaESYWGhIFKyAxOywmAgMwKCF1OTEcJhEZABECIh4wMyIWFGYwLQYEABELHTYWBisSHyAnIQdkFnIxLBAOBiYdHR8sJxIfICgnF2ZuYVcGBzsWBgdmIwUtATIeJgk3OA8FEXMXFnQ9EBEZCjMvORUnVHBiAzNUMQIuHgYHZiQlICgiHAcJAgYBMwktAQFpPw4NPnApAC0OJwAXYAAXNCxiAAIzDhYQcQQSF24VKhVlFAIOAiAALS8FEWUSPBUyIAEAI3M9NwoqJWomBwdkNQ9WAycaFVAtOg
143.204.55.30200 OK 1.2 kB URL HTTP/2 hatsheisaco.xyz/RFVXRGUlNzQpWiVoNWIQNjlqYVcCcGUCASk4LS8DIG1lMwQ9O3knCSsgMyIXKzsjagshIXJ2IyAGZSwOIQE8KyczOjEGD3wXFgE0CzMBKDMVBG4wJCw2ABIfMAMVLBFyMDArExc7Y3EvEAMaESYWGhIFKyAxOywmAgMwKCF1OTEcJhEZABECIh4wMyIWFGYwLQYEABELHTYWBisSHyAnIQdkFnIxLBAOBiYdHR8sJxIfICgnF2ZuYVcGBzsWBgdmIwUtATIeJgk3OA8FEXMXFnQ9EBEZCjMvORUnVHBiAzNUMQIuHgYHZiQlICgiHAcJAgYBMwktAQFpPw4NPnApAC0OJwAXYAAXNCxiAAIzDhYQcQQSF24VKhVlFAIOAiAALS8FEWUSPBUyIAEAI3M9NwoqJWomBwdkNQ9WAycaFVAtOg
IP 143.204.55.30:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3022), with no line terminators
Hash f1dc8b055a70f816f87535843f759a08
bdb018cd32e44280d8ffe7986b1ede1fd688640e
8c528b47ac8dee651a08c1e3f37445ba1ab62f52fec4474d56fcb9471cd8f04f
Analyzer Verdict Alert fortinet Phishing
GET /RFVXRGUlNzQpWiVoNWIQNjlqYVcCcGUCASk4LS8DIG1lMwQ9O3knCSsgMyIXKzsjagshIXJ2IyAGZSwOIQE8KyczOjEGD3wXFgE0CzMBKDMVBG4wJCw2ABIfMAMVLBFyMDArExc7Y3EvEAMaESYWGhIFKyAxOywmAgMwKCF1OTEcJhEZABECIh4wMyIWFGYwLQYEABELHTYWBisSHyAnIQdkFnIxLBAOBiYdHR8sJxIfICgnF2ZuYVcGBzsWBgdmIwUtATIeJgk3OA8FEXMXFnQ9EBEZCjMvORUnVHBiAzNUMQIuHgYHZiQlICgiHAcJAgYBMwktAQFpPw4NPnApAC0OJwAXYAAXNCxiAAIzDhYQcQQSF24VKhVlFAIOAiAALS8FEWUSPBUyIAEAI3M9NwoqJWomBwdkNQ9WAycaFVAtOg HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Wed, 28 Sep 2022 08:17:36 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: y3B3Y-fUiAszMIbn_enDYEgVIDh1Bkux00SSkrX-F0yVqxtWdjiOSg==
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.189.157.130101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.157.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pDcW+c/mB52hrPnwcA8s1g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uHjRsaIGw/hoRAyJ2Klxa6otdv4=
hatsheisaco.xyz/R0RJeGImJioVXSZ5K14XNSh0XVABYXs+BiopMxMEI3x7DwM+KmcbDigxLR4QKCo9VgwiMGxKJCMgHRAsHXUmLzQ+CQsiMwEWAi4SLRUYPlMSE3wsNy1wADYjEgINPCg2DHgLOAIWLg4xPn0vHiMBBwIuEjYReCkRBBB4MSouIwM3NyAOKA87YnYLPhURcRgrWhIGGjkrDgYxLSsWHmxKJBV3fEwxEDQYOwx2FAATMw0lDyk7EgU5QSE9CSssNhEHKD00BiAfPSQWMzEXNAUsGDsMdxIFPiMLAA9NERAzIRMzKiwPIBsgAQQqDSMiMD4NFRUlQTR1MA87NWosHxkKCRYZDyt/AyI6DREWMTUmKgoRHiMGAi85RC03JhYSegUcSAgkED86ODQmcQ
143.204.55.30200 OK 1.2 kB URL HTTP/2 hatsheisaco.xyz/R0RJeGImJioVXSZ5K14XNSh0XVABYXs+BiopMxMEI3x7DwM+KmcbDigxLR4QKCo9VgwiMGxKJCMgHRAsHXUmLzQ+CQsiMwEWAi4SLRUYPlMSE3wsNy1wADYjEgINPCg2DHgLOAIWLg4xPn0vHiMBBwIuEjYReCkRBBB4MSouIwM3NyAOKA87YnYLPhURcRgrWhIGGjkrDgYxLSsWHmxKJBV3fEwxEDQYOwx2FAATMw0lDyk7EgU5QSE9CSssNhEHKD00BiAfPSQWMzEXNAUsGDsMdxIFPiMLAA9NERAzIRMzKiwPIBsgAQQqDSMiMD4NFRUlQTR1MA87NWosHxkKCRYZDyt/AyI6DREWMTUmKgoRHiMGAi85RC03JhYSegUcSAgkED86ODQmcQ
IP 143.204.55.30:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2996), with no line terminators
Hash 7d62e12e6bc4279a7d0129352d58d385
91adc6d176a8833f1c0a5748a787c6fe7787cad4
bd7d787373c864eb01e47f566f6a125b98aa2b6f6c693fb5d9148dbfa86af1ab
Analyzer Verdict Alert fortinet Phishing
GET /R0RJeGImJioVXSZ5K14XNSh0XVABYXs+BiopMxMEI3x7DwM+KmcbDigxLR4QKCo9VgwiMGxKJCMgHRAsHXUmLzQ+CQsiMwEWAi4SLRUYPlMSE3wsNy1wADYjEgINPCg2DHgLOAIWLg4xPn0vHiMBBwIuEjYReCkRBBB4MSouIwM3NyAOKA87YnYLPhURcRgrWhIGGjkrDgYxLSsWHmxKJBV3fEwxEDQYOwx2FAATMw0lDyk7EgU5QSE9CSssNhEHKD00BiAfPSQWMzEXNAUsGDsMdxIFPiMLAA9NERAzIRMzKiwPIBsgAQQqDSMiMD4NFRUlQTR1MA87NWosHxkKCRYZDyt/AyI6DREWMTUmKgoRHiMGAi85RC03JhYSegUcSAgkED86ODQmcQ HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1155
date: Wed, 28 Sep 2022 08:17:36 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: V5dfm0KUFbyRyXXfsvRzEroHiDxLFfeV9pBDw0EExuRczljjkaceDg==
X-Firefox-Spdy: h2
hatsheisaco.xyz/UmtWaHYzCTUFSTNWNE4DIAdrTUQUTmQuEj8GLAMQNlNkHxcrBXgLGj0eMg4EPQUiRhg3H3NaMDsJZRg6BDwPJTABPiw/JCE/GloeNzwTEEIILWMiMxYMYCs0ayMbARV3WRAgJGYIBikZGic4WC8KEhM6NGEmBS4kZ1kMPTcWLC89DwVbPQ48BjE0MBolGhs5JAE/O1geFAwXOhI7LhUqJAsFGQ8zNi4sGAwXHGMgPDgENSoeCwUYLTg2Ox5dQQQAJiETYVszMB0mHgwBJBk4HhtDFhwTODthKQMwARgRDxIaCD87XRsYLiYhEysIBzsdOSA0LjQQODtFPCU9EFASHgEPJjcUUmMtRwANBVsCPj1nUTowBjI/NQAmYyU3EyoXBUM8IhAyOwg8ACkxOQ9gThwhBDgYSysZDxoSBQI6ACJkJm8mHR4
143.204.55.30200 OK 1.2 kB URL HTTP/2 hatsheisaco.xyz/UmtWaHYzCTUFSTNWNE4DIAdrTUQUTmQuEj8GLAMQNlNkHxcrBXgLGj0eMg4EPQUiRhg3H3NaMDsJZRg6BDwPJTABPiw/JCE/GloeNzwTEEIILWMiMxYMYCs0ayMbARV3WRAgJGYIBikZGic4WC8KEhM6NGEmBS4kZ1kMPTcWLC89DwVbPQ48BjE0MBolGhs5JAE/O1geFAwXOhI7LhUqJAsFGQ8zNi4sGAwXHGMgPDgENSoeCwUYLTg2Ox5dQQQAJiETYVszMB0mHgwBJBk4HhtDFhwTODthKQMwARgRDxIaCD87XRsYLiYhEysIBzsdOSA0LjQQODtFPCU9EFASHgEPJjcUUmMtRwANBVsCPj1nUTowBjI/NQAmYyU3EyoXBUM8IhAyOwg8ACkxOQ9gThwhBDgYSysZDxoSBQI6ACJkJm8mHR4
IP 143.204.55.30:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3026), with no line terminators
Hash 0dc69adea53d51f57704e76c3cc07093
5e847fa5112fe6deec8cb304055fd2386abac34a
ab54dc56bf22e33d117ed9780b1bd9c3532766b693a88ff742e3d8e2d256e473
Analyzer Verdict Alert fortinet Phishing
GET /UmtWaHYzCTUFSTNWNE4DIAdrTUQUTmQuEj8GLAMQNlNkHxcrBXgLGj0eMg4EPQUiRhg3H3NaMDsJZRg6BDwPJTABPiw/JCE/GloeNzwTEEIILWMiMxYMYCs0ayMbARV3WRAgJGYIBikZGic4WC8KEhM6NGEmBS4kZ1kMPTcWLC89DwVbPQ48BjE0MBolGhs5JAE/O1geFAwXOhI7LhUqJAsFGQ8zNi4sGAwXHGMgPDgENSoeCwUYLTg2Ox5dQQQAJiETYVszMB0mHgwBJBk4HhtDFhwTODthKQMwARgRDxIaCD87XRsYLiYhEysIBzsdOSA0LjQQODtFPCU9EFASHgEPJjcUUmMtRwANBVsCPj1nUTowBjI/NQAmYyU3EyoXBUM8IhAyOwg8ACkxOQ9gThwhBDgYSysZDxoSBQI6ACJkJm8mHR4 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1182
date: Wed, 28 Sep 2022 08:17:36 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3G4g2yCJgmxuQcMr4MorfNywU4TrsUSR_NrPhPdvWJUOEoUZZjyjWg==
X-Firefox-Spdy: h2
reswsentativ.xyz/V2tDckZ4VCABexgvJxokZRwTMyoBDxQFMRI9ckslFjp2IRA7GGUGLzNWdER3ZlN1VDY+D35DYCQfIgYzJFZyVC85DSxPYCFWclx1Y0VxSmhmTTZPd3EfMxMhalplAjIjB35DcGFfcEd1Z15wRXJk
172.67.140.14204 No Content 0 B URL HTTP/2 reswsentativ.xyz/V2tDckZ4VCABexgvJxokZRwTMyoBDxQFMRI9ckslFjp2IRA7GGUGLzNWdER3ZlN1VDY+D35DYCQfIgYzJFZyVC85DSxPYCFWclx1Y0VxSmhmTTZPd3EfMxMhalplAjIjB35DcGFfcEd1Z15wRXJk
IP 172.67.140.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /V2tDckZ4VCABexgvJxokZRwTMyoBDxQFMRI9ckslFjp2IRA7GGUGLzNWdER3ZlN1VDY+D35DYCQfIgYzJFZyVC85DSxPYCFWclx1Y0VxSmhmTTZPd3EfMxMhalplAjIjB35DcGFfcEd1Z15wRXJk HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JrO4ilqT5mBujy1TI9wtAVj9QKRI2jyfd8slyeRmdTZCcJfB63q1OrW7WS9g3T5yhmg5B1EYsTIC0sBfovOVdSKtfCbIfWRo2NSIFuqnzMcsqAR3ZwsJ9NCVOxQq6ahUjXv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751b0b299951b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-process.js
91.209.70.182200 OK 1.5 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-process.js
IP 91.209.70.182:0
Hash c3036731a042617a2f79907310514f6f
5814aeaaac53f24b5c1720a5d5baf7e35ca13f8b
8a154e6e263a987bbfda884085e5c1a6b53515ce3d17ecca14d1279ac658578c
GET /themes/flow/js/jquery.fileupload-process.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
hatsheisaco.xyz/THc4R2UtFVsqWi1KWmEQPhsFYlcKUgoBASEaQiwDKE8KMAQ1GRYkCSMCXCEXIxlMaQspAx11Ix04bCsQHy9qJjMrNk4UVX0meyk3CDNPdgMqIm0hMDRHVQAOJzJoLiQeJAsgVioNfQoDDkdMEg59M3spNwk/CRI1Bg91Ai07BFYBEh0+awQCHSBPFQQuAHoNMyshCAYjfSN5LjAuL1M0LQMxcgoyCjpTAFUCJnkuMBo/eTQKKjFXDS0KDw0fIAk+YHUdBBJAPwYpJVAWMzQEQBI0Pz1+KSMPLV9+BC4yXHAtCg8NBQ50FGAWDQIzQCMAFTF9CyYdWlM0I309bxRWPw57MAkqEm0WLA8hATQ3KxteBR8/JWB2PBsVfR1AfjF5AQ0iJXp+KBlEX2EPPxhWN1gcHl01JBVBfXIgPxM
143.204.55.30200 OK 1.2 kB URL HTTP/2 hatsheisaco.xyz/THc4R2UtFVsqWi1KWmEQPhsFYlcKUgoBASEaQiwDKE8KMAQ1GRYkCSMCXCEXIxlMaQspAx11Ix04bCsQHy9qJjMrNk4UVX0meyk3CDNPdgMqIm0hMDRHVQAOJzJoLiQeJAsgVioNfQoDDkdMEg59M3spNwk/CRI1Bg91Ai07BFYBEh0+awQCHSBPFQQuAHoNMyshCAYjfSN5LjAuL1M0LQMxcgoyCjpTAFUCJnkuMBo/eTQKKjFXDS0KDw0fIAk+YHUdBBJAPwYpJVAWMzQEQBI0Pz1+KSMPLV9+BC4yXHAtCg8NBQ50FGAWDQIzQCMAFTF9CyYdWlM0I309bxRWPw57MAkqEm0WLA8hATQ3KxteBR8/JWB2PBsVfR1AfjF5AQ0iJXp+KBlEX2EPPxhWN1gcHl01JBVBfXIgPxM
IP 143.204.55.30:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash 6ab9c7ab7924bbe4891090a1e511e4cd
cac4b145c84ab42a343ff7cc581612662a70801d
cada0016ed2713b4988968f2fa7807fa6ba7828f70b26652beb5f81a22bb5ca5
Analyzer Verdict Alert fortinet Phishing
GET /THc4R2UtFVsqWi1KWmEQPhsFYlcKUgoBASEaQiwDKE8KMAQ1GRYkCSMCXCEXIxlMaQspAx11Ix04bCsQHy9qJjMrNk4UVX0meyk3CDNPdgMqIm0hMDRHVQAOJzJoLiQeJAsgVioNfQoDDkdMEg59M3spNwk/CRI1Bg91Ai07BFYBEh0+awQCHSBPFQQuAHoNMyshCAYjfSN5LjAuL1M0LQMxcgoyCjpTAFUCJnkuMBo/eTQKKjFXDS0KDw0fIAk+YHUdBBJAPwYpJVAWMzQEQBI0Pz1+KSMPLV9+BC4yXHAtCg8NBQ50FGAWDQIzQCMAFTF9CyYdWlM0I309bxRWPw57MAkqEm0WLA8hATQ3KxteBR8/JWB2PBsVfR1AfjF5AQ0iJXp+KBlEX2EPPxhWN1gcHl01JBVBfXIgPxM HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Wed, 28 Sep 2022 08:17:36 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cRjSX7eI7jHFwTX5gQ6yaYbCT3neleonCMHWwKY9lxFsUsBvfL9LSA==
X-Firefox-Spdy: h2
reswsentativ.xyz/MFIwbEwfbVMfcWYWVDgWZ2NeLSFmB2Y7O3cIdi4taTVUBRkBBxYYJVRvCFt6A2MISjxZNg1edRYhRA04RSENXWpZPFYDcRYkDV1iAHwFVWIBdEVRfRYmQA0rDWMWHDhEPg1degZmA1l/AGcDW3sD
172.67.140.14204 No Content 0 B URL HTTP/2 reswsentativ.xyz/MFIwbEwfbVMfcWYWVDgWZ2NeLSFmB2Y7O3cIdi4taTVUBRkBBxYYJVRvCFt6A2MISjxZNg1edRYhRA04RSENXWpZPFYDcRYkDV1iAHwFVWIBdEVRfRYmQA0rDWMWHDhEPg1degZmA1l/AGcDW3sD
IP 172.67.140.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MFIwbEwfbVMfcWYWVDgWZ2NeLSFmB2Y7O3cIdi4taTVUBRkBBxYYJVRvCFt6A2MISjxZNg1edRYhRA04RSENXWpZPFYDcRYkDV1iAHwFVWIBdEVRfRYmQA0rDWMWHDhEPg1degZmA1l/AGcDW3sD HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6gXB0ixLDQmsYbVB3Obw26l3ifOIv1%2FmM0TEUMHuKSV4Qenur0PC4FsSi%2FY8LsASfyimtxyiBTtT8Da%2B7nkbsmm63ezK%2FJJlJWjODfGtI2v8pkO8LuOOHJoO0iFrgaDa75qh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751b0b29995ab4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reswsentativ.xyz/QnZhREttSQI3dhRGUHYvLzwIIQ4QOTcDCXYkChYaG0VQABkUI0cwIiZLVnJ/c0JQYjsrElx1bTECADA+MUtQYiIsEA55bTRLUGp4dlhTfGVzUBR5emQCESUsf0dHND82Glx1fXRCUnF4ckNSc3J0
172.67.140.14204 No Content 0 B URL HTTP/2 reswsentativ.xyz/QnZhREttSQI3dhRGUHYvLzwIIQ4QOTcDCXYkChYaG0VQABkUI0cwIiZLVnJ/c0JQYjsrElx1bTECADA+MUtQYiIsEA55bTRLUGp4dlhTfGVzUBR5emQCESUsf0dHND82Glx1fXRCUnF4ckNSc3J0
IP 172.67.140.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QnZhREttSQI3dhRGUHYvLzwIIQ4QOTcDCXYkChYaG0VQABkUI0cwIiZLVnJ/c0JQYjsrElx1bTECADA+MUtQYiIsEA55bTRLUGp4dlhTfGVzUBR5emQCESUsf0dHND82Glx1fXRCUnF4ckNSc3J0 HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o7I%2BlsyoGcTEWQOtErLVOgRDdRj3szM9Vm3OUJoAxNNumnC0pI0Z1EZ41Sb7LbjfFYy1lSDF7ODansxv%2FGJfqRe7q5KyPpvewDTVSAjT6o%2FowNRRbSWkFWQ%2Fj0r22%2FAHzlHI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751b0b29a978b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reswsentativ.xyz/NmMzVTgZXFAmBWIlZRFtWCUDDFZCDWEdAUUAdA9/UDQCLWFjNhUhUVJeC2cND1ICc0hfBw5mChAQRzRMQxAOZwgGVBU8VlAMDmceQF4DewAYWh1kHkNeAnNMRgJUaAkQE0chVAtSBWMMBVYAZQ0FVAZs
172.67.140.14204 No Content 0 B URL HTTP/2 reswsentativ.xyz/NmMzVTgZXFAmBWIlZRFtWCUDDFZCDWEdAUUAdA9/UDQCLWFjNhUhUVJeC2cND1ICc0hfBw5mChAQRzRMQxAOZwgGVBU8VlAMDmceQF4DewAYWh1kHkNeAnNMRgJUaAkQE0chVAtSBWMMBVYAZQ0FVAZs
IP 172.67.140.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NmMzVTgZXFAmBWIlZRFtWCUDDFZCDWEdAUUAdA9/UDQCLWFjNhUhUVJeC2cND1ICc0hfBw5mChAQRzRMQxAOZwgGVBU8VlAMDmceQF4DewAYWh1kHkNeAnNMRgJUaAkQE0chVAtSBWMMBVYAZQ0FVAZs HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2B%2FSNWl%2B631GHdrS9d7JcUy%2FbPoTnb%2Fztyhfbh5AdCcoyMxmqc36QaHig4yNFl%2B%2BlBSWg0bTjd6yCf%2FszLOBZcvYdd4V5Qtgks%2BA3wJrbMR1Dh8iSzgb7%2Bh7swnvxBOza9Ke"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751b0b29b98db4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reswsentativ.xyz/ZGV6UlhLWhkhZQAjO2EOMS8+Cxk+DR5iPAgnSBhqNlc7FgFXJFwmMQBYQ2ZhXFNOdCgNAUdjYEIWDjMsERZHY34NCxw9ZUITR2N2VEtLfGtCEEdjfhAVGzVlVUMKJiwIWEtkblBWT2FoUVZNams
172.67.140.14204 No Content 0 B URL HTTP/2 reswsentativ.xyz/ZGV6UlhLWhkhZQAjO2EOMS8+Cxk+DR5iPAgnSBhqNlc7FgFXJFwmMQBYQ2ZhXFNOdCgNAUdjYEIWDjMsERZHY34NCxw9ZUITR2N2VEtLfGtCEEdjfhAVGzVlVUMKJiwIWEtkblBWT2FoUVZNams
IP 172.67.140.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZGV6UlhLWhkhZQAjO2EOMS8+Cxk+DR5iPAgnSBhqNlc7FgFXJFwmMQBYQ2ZhXFNOdCgNAUdjYEIWDjMsERZHY34NCxw9ZUITR2N2VEtLfGtCEEdjfhAVGzVlVUMKJiwIWEtkblBWT2FoUVZNams HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2BSDV8Dokw%2BiRCMErLq7Wp6sMJLNR6p64OEvBAczG%2F%2Fu1wNJloiC3PL7%2FVVNcCvG0QTs%2FPHndNDsS%2Fin3uMNRONVCHJBHb%2BUzNYISHegESJEk%2F%2Fg6%2ByYESgyXCt%2BtXNsiGdQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751b0b29b991b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d630ef5b1d7afaa72254be011eda5da3
1d36045b0711cb90cf63f0cb403c6e08c24374f0
65a57ef2098917f9d92c6bb00a4d556bf3864200c070bcc295336ad7e3c781fe
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "65A57EF2098917F9D92C6BB00A4D556BF3864200C070BCC295336AD7E3C781FE"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2689
Expires: Wed, 28 Sep 2022 09:02:25 GMT
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: keep-alive
megaup.net/imageads/017.gif
91.209.70.182200 OK 201 kB URL HTTP/2 megaup.net/imageads/017.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 201 kB (201359 bytes)
Hash deba3956e47484e8ba669125b2a814d9
2c86aab5ecf6c37457dd9f99861e55b3a57ecd52
d6c5fd53b238600374fe816597570a25ce2aef3aeb902e459e140293be16ddcd
GET /imageads/017.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: image/gif
content-length: 201359
last-modified: Sun, 14 Mar 2021 22:43:04 GMT
vary: Accept-Encoding
etag: "604e9178-3128f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
91.209.70.182200 OK 4.4 kB URL HTTP/2 megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (1288)
Hash a515d80349a4f163e4d21ccc86203b63
ab506ac95f701eb18aa870b07723ac513c306af3
d28dd072d41a2d20b4521ac81d0d322a09395fa005971f94d76ea8693fde3cf6
GET /themes/flow/js/zeroClipboard/ZeroClipboard.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3bd2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 281 B IP 104.18.32.68:0
Hash 76d1f6267026a53ba2e40c12aff0c2c8
9909ca4abe48a9eeca2da7e5cd7db89a05c76fb0
915114bd4ebe358031f5f2aef414fea695d66012a6069d339e6997cb2263d38b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:17:36 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:53:49 GMT
Expires: Tue, 04 Oct 2022 09:53:48 GMT
Etag: "9909ca4abe48a9eeca2da7e5cd7db89a05c76fb0"
Cache-Control: max-age=523571,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751b0b2b2a1e1c0e-OSL
platform.bidgear.com/media/img/b15.png
104.26.3.107200 OK 649 B URL HTTP/2 platform.bidgear.com/media/img/b15.png
IP 104.26.3.107:0
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash d832fb80c97ff291b952757bb98240d2
63732e61a0784ed68fde494f83e4686a5c4bf7fa
7b35c11af8accdb40a14303dd3ae2762a97d2527933c56b6c9be6da2d0d11943
GET /media/img/b15.png HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: image/png
content-length: 649
last-modified: Mon, 25 Jul 2022 09:43:33 GMT
etag: "62de65c5-289"
expires: Sun, 23 Oct 2022 09:44:55 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 426743
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hBVEiMHXY1qkNWHUw%2B2AazzQOpBHUtm%2Fb1o9FHszLT5PlTryeFs9gOZxzIqVrC8EQnJLobXBwWFxfxql6Li9pgtY63UJaJAgmXJvvDq5IDwPVeVwKKoeSvCd2XYmmUwWXS8wSonw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b0b2b7bf0b505-OSL
X-Firefox-Spdy: h2
a.exdynsrv.com/ad-provider.js
205.185.216.10200 OK 24 kB URL HTTP/1.1 a.exdynsrv.com/ad-provider.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 81ef2e5397caa335947731e7e737f5c3
6a05a4b2d22c13ad2692170510bc8685b16002bf
cec22380c4f1438b29077d202d0396a6ad32b41761ed51d968f1bfbdf2423378
GET /ad-provider.js HTTP/1.1
Host: a.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 23727
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"d944899a6eb421496e94cbddc42"
X-HW: 1664353056.dop208.sk1.t,1664353056.cds209.sk1.shn,1664353056.dop208.sk1.t,1664353056.cds246.sk1.c
Access-Control-Allow-Origin: *, *
platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664353053932
104.26.3.107200 OK 2.7 kB URL HTTP/2 platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664353053932
IP 104.26.3.107:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (4445), with no line terminators
Hash 0629d2e1f3439237510676ead3c3ab3a
523f3c44df94d25b6598ff0ea4e1a988d8ec9e0a
cbad36c96c13177aac9d28f3d0a1114c0e350005b6db4b70d10cb58b54dc1ac4
GET /async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664353053932 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mfSrU1nLcsUVxzbU5akZii8DFf7L6G9JGd%2Fy8mj5HxTM5KHU0OC5H3m8YTHagmIBvEMdA6wgba092CzKZPwrcP42yNALBCM%2BxeDdCnMK0JNOf%2B6%2Fym6H8c2VhQ1hUgiSVU%2BaH24N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751b0b2a8abdb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/dS2hkeTkoBwofBj8BAEQOfVlVQQ9tAhcWVztVBht6egovSn45JTVMUCROEANddlhCFVglD1lfXCULWUgfKgwGRA1tHBQWUnYcABNVJwcDC1A6ThEYBCYHHhBVJwlBS39+RlRcC3tAHEgIblsmXAt7BA0XTDNNVklBc147Tw1uWyZcC3saElwKClFSVwliTV-ZJXi4LDxYceS5WSQh7WFVJCG5aVB9QOQ0CFkFuWiJAD2VYQgwEeg
143.204.42.171200 OK 600 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/dS2hkeTkoBwofBj8BAEQOfVlVQQ9tAhcWVztVBht6egovSn45JTVMUCROEANddlhCFVglD1lfXCULWUgfKgwGRA1tHBQWUnYcABNVJwcDC1A6ThEYBCYHHhBVJwlBS39+RlRcC3tAHEgIblsmXAt7BA0XTDNNVklBc147Tw1uWyZcC3saElwKClFSVwliTV-ZJXi4LDxYceS5WSQh7WFVJCG5aVB9QOQ0CFkFuWiJAD2VYQgwEeg
IP 143.204.42.171:0
File type ASCII text, with very long lines (834), with no line terminators
Hash 289a74dfbbe4db342b8cc7898719b291
7aae68a0cac37af3af756d2494e4714ff708b0e1
566370853e853c0d7a9491624becd1f04cda1333569a1e379ce390b61a19a5aa
GET /dS2hkeTkoBwofBj8BAEQOfVlVQQ9tAhcWVztVBht6egovSn45JTVMUCROEANddlhCFVglD1lfXCULWUgfKgwGRA1tHBQWUnYcABNVJwcDC1A6ThEYBCYHHhBVJwlBS39+RlRcC3tAHEgIblsmXAt7BA0XTDNNVklBc147Tw1uWyZcC3saElwKClFSVwliTV-ZJXi4LDxYceS5WSQh7WFVJCG5aVB9QOQ0CFkFuWiJAD2VYQgwEeg HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatsheisaco.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 600
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HQDtTxwh3GeGh6T7uGMXV6lbQ4050MRcFiMaXKbYcTY29SGdYtGmLw==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/QOTluSXRaVgAvS01QCnRDDw1ffUUfUx0mGkkEPiARS3g3fzEMfB0tUk1DCnREH1UPJxMEHwsnFwQISCgQWwRabwBJVgV0AF1TAiUbXksHOFJMWFMkG0NQAiUVHAsofFoJHFx5XEEIX2xHexxceRhQVxsxUQsJFnFCZg9abEd7HFx5Bk8cXQhNDxdeYFELCQ-ksF1JWS3syCwlfeUQICV9sRglfBzsRX1YWbEZ/AFhnRB9MU3g
143.204.42.171200 OK 590 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/QOTluSXRaVgAvS01QCnRDDw1ffUUfUx0mGkkEPiARS3g3fzEMfB0tUk1DCnREH1UPJxMEHwsnFwQISCgQWwRabwBJVgV0AF1TAiUbXksHOFJMWFMkG0NQAiUVHAsofFoJHFx5XEEIX2xHexxceRhQVxsxUQsJFnFCZg9abEd7HFx5Bk8cXQhNDxdeYFELCQ-ksF1JWS3syCwlfeUQICV9sRglfBzsRX1YWbEZ/AFhnRB9MU3g
IP 143.204.42.171:0
File type ASCII text, with very long lines (828), with no line terminators
Hash 6df704c3d1ca76918d3863e0f00a25b1
2ff3ef2a6364bedd9b6660604de991f966bcc37b
cc3969fe97f34d317645cdbda395e10729383cb5aaf2658a2dedef4e33a2bd25
GET /QOTluSXRaVgAvS01QCnRDDw1ffUUfUx0mGkkEPiARS3g3fzEMfB0tUk1DCnREH1UPJxMEHwsnFwQISCgQWwRabwBJVgV0AF1TAiUbXksHOFJMWFMkG0NQAiUVHAsofFoJHFx5XEEIX2xHexxceRhQVxsxUQsJFnFCZg9abEd7HFx5Bk8cXQhNDxdeYFELCQ-ksF1JWS3syCwlfeUQICV9sRglfBzsRX1YWbEZ/AFhnRB9MU3g HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatsheisaco.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 590
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5BmDPsQpPgZ138vA2pQZzlF0-SJUsH3l-2IBIQ6Uew_xSgx85daqLg==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/ib3pLVWYMFSUzWRsTL2heWEx4ZF5JEDg6CB9HMic/HR4cPAoHLn0YXyERB3MSFR52ZUADGyUyW0kfJTZbXlwqMQRSTm0hFgARdiECBRYnOgEdEzpzEw5HJjocBhYnNENdPH57VkpIe30eXktuZiRKSHs5DwEPM3BUXwJzYzlZTm5mJEpIeycQSkkKbFBBSm-JwVF8dLjYNAF95E1RfS3tlV19LbmdWCRM5MAAAAm5nIFZMZWVAGkd6
143.204.42.171200 OK 458 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/ib3pLVWYMFSUzWRsTL2heWEx4ZF5JEDg6CB9HMic/HR4cPAoHLn0YXyERB3MSFR52ZUADGyUyW0kfJTZbXlwqMQRSTm0hFgARdiECBRYnOgEdEzpzEw5HJjocBhYnNENdPH57VkpIe30eXktuZiRKSHs5DwEPM3BUXwJzYzlZTm5mJEpIeycQSkkKbFBBSm-JwVF8dLjYNAF95E1RfS3tlV19LbmdWCRM5MAAAAm5nIFZMZWVAGkd6
IP 143.204.42.171:0
File type ASCII text, with very long lines (600), with no line terminators
Hash 8dc5d0da4dbb6c788df50d8e83fc1b2a
5cf4795a6f126b4b110e4deccda5835cd64e95cf
f715c6bb983b0b941974697d6ff2c6d4a677f81147de349e8a1698814057ffa7
GET /ib3pLVWYMFSUzWRsTL2heWEx4ZF5JEDg6CB9HMic/HR4cPAoHLn0YXyERB3MSFR52ZUADGyUyW0kfJTZbXlwqMQRSTm0hFgARdiECBRYnOgEdEzpzEw5HJjocBhYnNENdPH57VkpIe30eXktuZiRKSHs5DwEPM3BUXwJzYzlZTm5mJEpIeycQSkkKbFBBSm-JwVF8dLjYNAF95E1RfS3tlV19LbmdWCRM5MAAAAm5nIFZMZWVAGkd6 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatsheisaco.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 458
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: z19s7Bbka2eT5GdmMBu7H3x-FVcR91NGsD42qbx8JJVM2MVgauIM7A==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/ddThNZ1oWVyMBZQFRKVpjQQF1UW5TUj4INAUFDDJqH1sZERgvSy9ffAFCKVpqU1QsCT1IHigJOUgJawY+FwV5QS8UBSAIIBxUIQZ/R354SWpQCn1PIkQJaFQYUAp9CzMbTTVCaEVAdVEFQwxoVBhQCn0VLFALDF5sWwhkQmhFXygEMRodfyFoRQl9V2tFCW-hVahNRPwI8GkBoVRxMDmNXfAAFfA
143.204.42.171200 OK 189 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/ddThNZ1oWVyMBZQFRKVpjQQF1UW5TUj4INAUFDDJqH1sZERgvSy9ffAFCKVpqU1QsCT1IHigJOUgJawY+FwV5QS8UBSAIIBxUIQZ/R354SWpQCn1PIkQJaFQYUAp9CzMbTTVCaEVAdVEFQwxoVBhQCn0VLFALDF5sWwhkQmhFXygEMRodfyFoRQl9V2tFCW-hVahNRPwI8GkBoVRxMDmNXfAAFfA
IP 143.204.42.171:0
File type ASCII text, with no line terminators
Hash 95119e666cef8bd85a300452ece4d327
b27650d3c46562d15bbfa014cc1c5b8f0ed02b5b
fa19f95350e6683e73ca1873b476a4395f4f54e486202b3657c2981b3984006f
GET /ddThNZ1oWVyMBZQFRKVpjQQF1UW5TUj4INAUFDDJqH1sZERgvSy9ffAFCKVpqU1QsCT1IHigJOUgJawY+FwV5QS8UBSAIIBxUIQZ/R354SWpQCn1PIkQJaFQYUAp9CzMbTTVCaEVAdVEFQwxoVBhQCn0VLFALDF5sWwhkQmhFXygEMRodfyFoRQl9V2tFCW-hVahNRPwI8GkBoVRxMDmNXfAAFfA HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatsheisaco.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: n6R7moLlfr0hXBh-mGHsSYSELfILACG3JVcNe6t0UNVcSVb1F_ThyA==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 173fcd5342ac62d5ae47a58bd4efec45
43e7bee3ae2630f431eb71277b0cda738068e2b6
e61014e02aa1c046c3a0f552e0fd2aade3d31714a63cfcd8d08eda3fb40c59cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imp9.bidgear.com/rec?t=1&z=6192&uuid=2e270521d70f4c92b45778b0eb59673f&p=28&g=NO&token=4a44335432&tbg=1664353056
104.26.3.107200 OK 599 B URL HTTP/2 imp9.bidgear.com/rec?t=1&z=6192&uuid=2e270521d70f4c92b45778b0eb59673f&p=28&g=NO&token=4a44335432&tbg=1664353056
IP 104.26.3.107:0
File type JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Hash ca49a7e783b806a4e8576ea80346203d
6fe9d083221dae98f6c76f7121c37bc884b02d82
3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28
GET /rec?t=1&z=6192&uuid=2e270521d70f4c92b45778b0eb59673f&p=28&g=NO&token=4a44335432&tbg=1664353056 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: image/jpeg
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3rYTrujVGfTnfi19N8ANEJTy1JcifNjnawJS7J5pSXGKu%2FDrJ6BdrUSIFkEG%2FPAS7axr2P2knJjWrsyMi2Cp3KePHu%2BwfY%2B3nYMc%2BXmFpfk%2BDsxn0SsuvkXtdIDmgfYcRes%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751b0b2b7bfeb505-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd9c95c1c24789f4041887b11468ab7e
bf202eeda47e79ac15d77325a02a1206bec63dcb
86f005e634685a4eb89dd87735b4cc0d91163be2912c470a529f0eb223531dbf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2923
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:17:36 GMT
Last-Modified: Wed, 28 Sep 2022 07:28:53 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 28 Sep 2022 06:41:09 GMT
expires: Wed, 28 Sep 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 5787
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 173fcd5342ac62d5ae47a58bd4efec45
43e7bee3ae2630f431eb71277b0cda738068e2b6
e61014e02aa1c046c3a0f552e0fd2aade3d31714a63cfcd8d08eda3fb40c59cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3254
Expires: Wed, 28 Sep 2022 09:11:50 GMT
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: keep-alive
hatsheisaco.xyz/utx?cb=EQYWmcAq24NI&top=megaup.net&tid=761186
143.204.55.30204 No Content 0 B URL HTTP/2 hatsheisaco.xyz/utx?cb=EQYWmcAq24NI&top=megaup.net&tid=761186
IP 143.204.55.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=EQYWmcAq24NI&top=megaup.net&tid=761186 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 28 Sep 2022 08:17:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 28 Sep 2022 08:18:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: O3xEBOwePg1YSE9_famGHFWx5LwMJT95KRaqq-d_X8Ai5xQT0hsrRw==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3254
Expires: Wed, 28 Sep 2022 09:11:50 GMT
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3254
Expires: Wed, 28 Sep 2022 09:11:50 GMT
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3254
Expires: Wed, 28 Sep 2022 09:11:50 GMT
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3254
Expires: Wed, 28 Sep 2022 09:11:50 GMT
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 0d71bf7ad699d538301b4e90d9e91db6
6a0524c2f370c6812e8f382a17a88d287dba638b
e087e36a14423e3cce2ab3687f0b3e40aee6baad609c83c1eefca48a3c3d4757
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 28 Sep 2022 08:17:36 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S755440684%3A1664353056748861&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoykml_93am0Zmku_NWbzFOrfFXGojn27lVTms8Am-dTRY76O2F8xKgiLCJWwnGHwuKoyv7Hw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-lNJOxMu15DmCNcbRcnYJmg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:ieMPUuM9zDSC3Yj-6Z-ZJ5bc26EOvQ:3oGdpT69h_TDkxgB;Path=/;Expires=Fri, 27-Sep-2024 08:17:36 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 389 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 81347f414c60a7f2e36483978e174cd6
1f22549ca521e5276ee906e5bea76f15238f0f58
dbed4be1dadbe8a5fc86b3bdd3820419ee503657ff48674c0166a780ff90b399
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 28 Sep 2022 08:17:36 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S184708438%3A1664353056765093&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoljHl43EiYmu3smyyTQ0QXH1qGTgEPbF1qv6YTL_eVLx6JDQt2glHaBAFhMVA_xB8-usjb4A
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-oGJsR22uVDS3P8Lf_xV74Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:N84r0nK6WnQh7rf7e4XTQVSMz_CoRg:nK_YLmMh41lO1zTv;Path=/;Expires=Fri, 27-Sep-2024 08:17:36 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hatsheisaco.xyz/utx?cb=xZ2ftKlz6gFl&top=megaup.net&tid=876318
143.204.55.30204 No Content 0 B URL HTTP/2 hatsheisaco.xyz/utx?cb=xZ2ftKlz6gFl&top=megaup.net&tid=876318
IP 143.204.55.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=xZ2ftKlz6gFl&top=megaup.net&tid=876318 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 28 Sep 2022 08:17:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 28 Sep 2022 08:18:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kNrGrVbjGsmBP__DBkP0PZNoAtzkgnSJ9NJzAb23ylynk677DgdflQ==
X-Firefox-Spdy: h2
hatsheisaco.xyz/utx?cb=hO0YQf1xwYkQ&top=megaup.net&tid=764141
143.204.55.30204 No Content 0 B URL HTTP/2 hatsheisaco.xyz/utx?cb=hO0YQf1xwYkQ&top=megaup.net&tid=764141
IP 143.204.55.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=hO0YQf1xwYkQ&top=megaup.net&tid=764141 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 28 Sep 2022 08:17:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 28 Sep 2022 08:18:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: We4lyTcAJLGcNxLZcdxzRmHtnvB5VMncDZNl43uEhdMBxZVHteTGbQ==
X-Firefox-Spdy: h2
hatsheisaco.xyz/utx?cb=Mv9K1qnEGp09&top=megaup.net&tid=825911
143.204.55.30204 No Content 0 B URL HTTP/2 hatsheisaco.xyz/utx?cb=Mv9K1qnEGp09&top=megaup.net&tid=825911
IP 143.204.55.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Mv9K1qnEGp09&top=megaup.net&tid=825911 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 28 Sep 2022 08:17:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 28 Sep 2022 08:18:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Zsv_TnScUGjMh3nipk7-AmLIWEkcvUbEmYK_ioGAyQ8KAX2usTTMgg==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/
143.204.42.171200 OK 73 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/
IP 143.204.42.171:0
File type ASCII text, with no line terminators
Hash de37377b72195a4f064edf7ec8a76676
ed544d5b6a37acad78498099407c648a93316ddb
b3209cc0b1d1b71e85af4e843afe00a3079f3286d52b3fb47e72c6c5c48b8399
GET / HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 73
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AMGVTuVFI41L4LsNuSu-IMemmBy2YzGGFeeBN9liQF-tzD9jHfTTfg==
X-Firefox-Spdy: h2
syndication.exdynsrv.com/v1/api.php
95.211.229.246200 OK 2.4 kB URL HTTP/1.1 syndication.exdynsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5242), with no line terminators
Hash 2ed1dcd97c43406fc4e7a60c76f32049
8a6f9db91c22df7cc785d59452a84b01dc08bef6
4a5741cbe07486050222280045e89e360016cb095f90a2fdc3b64adec813881a
POST /v1/api.php HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 290
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 08:17:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263340320c48866.981825853325912135%22%3B%7D; expires=Fri, 27-Sep-2024 08:17:36 GMT; Max-Age=63072000; path=/; domain=exdynsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd9c95c1c24789f4041887b11468ab7e
bf202eeda47e79ac15d77325a02a1206bec63dcb
86f005e634685a4eb89dd87735b4cc0d91163be2912c470a529f0eb223531dbf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2923
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:17:36 GMT
Last-Modified: Wed, 28 Sep 2022 07:28:53 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3254
Expires: Wed, 28 Sep 2022 09:11:50 GMT
Date: Wed, 28 Sep 2022 08:17:36 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash be52dbe2d47697a7f007d69c486b77b4
fe445ea87749e97423e7865bc559ad78f672a62d
65d16df2b3095c658d2bdf39b06d57486967bba7b43c43108e5025d7af5b7ab6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
91.209.70.182200 OK 236 kB URL HTTP/2 megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
IP 91.209.70.182:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58554), with CRLF, LF line terminators
Size 236 kB (235840 bytes)
Hash e0d40ea9ea2c07a09c546763b6af8459
e362042402110b5cbe4b9afb6dbe1eda2848da58
bb71e923fb9bf9883003658d80ce4608354b9daf085a7a7ddf4a05e1ec750b21
GET /2un2B/Pocket.Stables-GoldBerg.zip HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OW0oEQQy8ihfYIUlX+rHffisoHmD6MX65CCoo1OHtmcXFFAl5VCoxMTtJOVm+E5w1nUNk0aXIAlvUwYfHJ0L5Nl7Xr/flMj7prpDIWIogswRkiwQiNEe6Kt2KlclIHlxiylRnoEyYB2DPFhFRjczCl+f7w3XChDPuJ2mZmLl873tiKHXEWJuLbrmjDk891R5787X0nfj/RbliEZND9q/BoAgG40lvBThNeIzXj59LI2/067P0QyFQAZlybc2jQmve6sDYLFRL1hSj9LaNln8B5OUE/lQBAAA=
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OW0oEQQy8ihfYIUlX+rHffisoHmD6MX65CCoo1OHtmcXFFAl5VCoxMTtJOVm+E5w1nUNk0aXIAlvUwYfHJ0L5Nl7Xr/flMj7prpDIWIogswRkiwQiNEe6Kt2KlclIHlxiylRnoEyYB2DPFhFRjczCl+f7w3XChDPuJ2mZmLl873tiKHXEWJuLbrmjDk891R5787X0nfj/RbliEZND9q/BoAgG40lvBThNeIzXj59LI2/067P0QyFQAZlybc2jQmve6sDYLFRL1hSj9LaNln8B5OUE/lQBAAA=
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01OW0oEQQy8ihfYIUlX+rHffisoHmD6MX65CCoo1OHtmcXFFAl5VCoxMTtJOVm+E5w1nUNk0aXIAlvUwYfHJ0L5Nl7Xr/flMj7prpDIWIogswRkiwQiNEe6Kt2KlclIHlxiylRnoEyYB2DPFhFRjczCl+f7w3XChDPuJ2mZmLl873tiKHXEWJuLbrmjDk891R5787X0nfj/RbliEZND9q/BoAgG40lvBThNeIzXj59LI2/067P0QyFQAZlybc2jQmve6sDYLFRL1hSj9LaNln8B5OUE/lQBAAA= HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263340320c48866.981825853325912135%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 08:17:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263340320c48866.981825853325912135%22%3B%7D; expires=Fri, 27 Sep 2024 08:17:36 GMT; path=; domain=.exdynsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263340320c48866.981825853325912135%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22511.0199%22%7D; expires=Fri, 27 Sep 2024 08:17:36 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
accounts.google.com/v3/signin/identifier?dsh=S184708438%3A1664353056765093&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoljHl43EiYmu3smyyTQ0QXH1qGTgEPbF1qv6YTL_eVLx6JDQt2glHaBAFhMVA_xB8-usjb4A
216.58.207.237403 Forbidden 806 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S184708438%3A1664353056765093&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoljHl43EiYmu3smyyTQ0QXH1qGTgEPbF1qv6YTL_eVLx6JDQt2glHaBAFhMVA_xB8-usjb4A
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash c92cca5763f9e64055a2864c038a756e
35dfca430acc5fc69166df34190634aa4f548e88
dcde4e58a23c06ec69a1f8ca1ffe0abefb0802619c1341bcfce507d5cea75653
GET /v3/signin/identifier?dsh=S184708438%3A1664353056765093&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoljHl43EiYmu3smyyTQ0QXH1qGTgEPbF1qv6YTL_eVLx6JDQt2glHaBAFhMVA_xB8-usjb4A HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 28 Sep 2022 08:17:36 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-deYFxDmHkkLGNkfZkkZmJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=KwhLc2ud1Sqne3OBeAeDP9Tl2Mp8Poz4OTxUkZbDpHWm9be4ox040FRFCBB4YwdbZquZROGdMnbgplqqznybbMdedQihzAwmwUjEb7W3xhtLFzpMLisagNoU279hwhXiHvwZzRnM3DwD2KNA4tBF6FGfaOsKddziYWcEd8G6CrU; expires=Thu, 30-Mar-2023 08:17:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/551406/afd0544e028fe06635d1d3c51cd1eef2a7c975a8.jpg
185.76.9.19200 OK 19 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/551406/afd0544e028fe06635d1d3c51cd1eef2a7c975a8.jpg
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 2f1ee77f4701e8d6b0258466d99fc010
afd0544e028fe06635d1d3c51cd1eef2a7c975a8
8d0328ae01c3531184b0a2376386caa4c9275747e5037d85be6ff0e06ffeda43
GET /library/551406/afd0544e028fe06635d1d3c51cd1eef2a7c975a8.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:37 GMT
content-type: image/jpeg
content-length: 18807
last-modified: Wed, 26 May 2021 05:14:02 GMT
etag: "60add91a-4977"
expires: Sat, 29 Jul 2023 23:25:57 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1690680215
server: CDN77-Turbo
x-77-nzt: AblMCQ13RcL/CntPAA
x-77-nzt-ray: cb6h3hm7WDU
x-cache: HIT
x-age: 5208842
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 12 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
Hash 01c7576980e68147c406dd7fc0c5a490
eb58826c0bd1be3da821386861db7926dc534fdf
fcceb1b3127a38e03fb1031f4c2a462a1ceda99ef964e8a0c513899e82a4a66a
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: UJhtdSmLxhZjn/qrZ0f+HPPevoS63erY5ElISgmZTXMHnXqhlbFK6ku7L2f/OW7McVldb3HjwgZ8o+V6OoSPXw==
date: Wed, 28 Sep 2022 08:17:36 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31568, version 1.1\012- data
Hash e0c4ac0e73196bd0469c5c33304b7773
bb071565f82907d117b0732dca8013409162c67d
ff3bf3a4a1bf2b922157b18d0e8cddd95f2fc2dfe09c30a3ce67bc11a84c67af
GET /themes/flow/frontend_assets/fonts/raleway_bold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:37 GMT
content-type: font/woff
content-length: 31568
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7b50"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
hatsheisaco.xyz/floater?cs=OGtPRTEAXHdwBAtSfHEGCVN9dgU&abt=0&red=1&sm=83&k=download%20file%20pocket%20stables%20goldberg&v=0.8.9.1&sts=0&prn=0&emb=0&tid=825911&u=94209342636032&agec=1664353056&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=128.86597938144328&ref=https%3A%2F%2Fmegaup.net%2F2un2B%2FPocket.Stables-GoldBerg.zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_KE6f=1664353054630&crc=1
143.204.55.30200 OK 5.5 kB URL HTTP/2 hatsheisaco.xyz/floater?cs=OGtPRTEAXHdwBAtSfHEGCVN9dgU&abt=0&red=1&sm=83&k=download%20file%20pocket%20stables%20goldberg&v=0.8.9.1&sts=0&prn=0&emb=0&tid=825911&u=94209342636032&agec=1664353056&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=128.86597938144328&ref=https%3A%2F%2Fmegaup.net%2F2un2B%2FPocket.Stables-GoldBerg.zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_KE6f=1664353054630&crc=1
IP 143.204.55.30:0
File type ASCII text, with very long lines (8687), with no line terminators
Hash 1b0f8743a4d62141c9ccef96d6689984
a31fe04d13f510c4d37b5bfe5ce9bf4d20a002ac
839d2a879b469628abad904208c2d54e2e9cf51a7df331912351314518d0a378
GET /floater?cs=OGtPRTEAXHdwBAtSfHEGCVN9dgU&abt=0&red=1&sm=83&k=download%20file%20pocket%20stables%20goldberg&v=0.8.9.1&sts=0&prn=0&emb=0&tid=825911&u=94209342636032&agec=1664353056&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=128.86597938144328&ref=https%3A%2F%2Fmegaup.net%2F2un2B%2FPocket.Stables-GoldBerg.zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_KE6f=1664353054630&crc=1 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 5538
date: Wed, 28 Sep 2022 08:17:37 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=b5ea1779-feb9-4479-aeaa-d98aed0223b5
csu=94209342636032
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: JuH655wrh-6c_pXLv0gqwYV5NRaoNFyv_W84Lk3lEmpW-J3W7l0KoA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12422
Expires: Wed, 28 Sep 2022 11:44:39 GMT
Date: Wed, 28 Sep 2022 08:17:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12422
Expires: Wed, 28 Sep 2022 11:44:39 GMT
Date: Wed, 28 Sep 2022 08:17:37 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.199.35200 OK 103 kB IP 172.64.199.35:0
Size 103 kB (102903 bytes)
Hash c7e6561fe621c48a16046f33a7dc8119
4fe6e4c43bec577c2b1bcb220a2ef2a61e8550fa
6bd4b892404ca79160cb776aa70ad0305373c2c22225b5a638c1f1cec849dce2
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 333
last-modified: Wed, 28 Sep 2022 08:12:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XItia5geJ1z9LllpoogH9GLI8jeE6QEncciROcNzEQVyfjgAsXJz5zB9fVUGPfKTgglZ54EA9e0sBb45zxEuVA0bnYkuDcoW6oGLBfjJlYfsM%2F9JshE6YILQns0PBoAw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b0b2cbcf972f4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12422
Expires: Wed, 28 Sep 2022 11:44:39 GMT
Date: Wed, 28 Sep 2022 08:17:37 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.199.35200 OK 108 kB IP 172.64.199.35:0
Size 108 kB (107777 bytes)
Hash 1196a97f7cf328f6a8cd3cd6ae73b197
953351a2ac4d62ed75fcbe1f088ab54632046125
b08922b8d3b17e0346ae64a72f92fd24b9614d9f978b21446c4f27df6d4dd64a
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 333
last-modified: Wed, 28 Sep 2022 08:12:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2BnSlhohC%2FFxbIh6QCBg%2BBcragVUyP7LNSzMwMnR0ackt%2Fcf%2Fd%2FftpGOkjDMnZ1e02K4fqWwy%2Flu8GPV5%2BQ2Q1p22mOtEQKHF7tMEByWOV5hyYj0PPVxfCY6J0jpvYMY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b0b2cdd1d72f4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 112 kB IP 172.64.199.35:0
Size 112 kB (111714 bytes)
Hash 46cb101d90258ec53977578d05cc3491
50279d0f8e1a05f5645fd13684a3694a42702fe2
c44ed4c706d8d87aa827f49c77d0fd78bfb62f32f94ec28cac320d1117dc30c9
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 333
last-modified: Wed, 28 Sep 2022 08:12:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qk68aHV7CMN30Rx1Z2E6DMoUqo9I2ZCH4c5RyQ%2FLJM6cI30Mzkufe9uTI%2FZExDl5VIbJIiglJK71KDdpi5HnnG6wwhQCf6EHhp%2FT0guuj5QTAf1zB1T9v89%2BTNtLAKUO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b0b2cdd2172f4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6139c878a7d2bd32c61fc8287996eb5b
9c4692ea64832895fbd107d91f879728b6a440c7
3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: af82c8d6-950c-4933-87e3-7bbb15cb1ac8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3HOaoAMFoPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-77e0ecc522de575e40f429b3;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: rD5LsVDLQkaomG1nCGZGihbdlWKMCjUYNC2kRyAjJesJEOEBSj8Q3A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:47:03 GMT
age: 37834
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c4a66beda24621e812a929933c52025d
e951f6b11e473b68d2fdd95b822cef120d37b1eb
28efb1495fdb363cea9ccc6c38f84b2731dbd44dd4dbbe42996fa6fab74e1ce6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6721
x-amzn-requestid: ea4416a4-ffbe-4006-bb09-aa0a70763ab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3xTGNOoAMFXeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cd4-6634cd372bd677227f755769;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TlEcmqE03c_aVOwGbXRCTsU5MOTiUF4C93U3zcIVqzg6NCGJJGup7A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:09:10 GMT
age: 36507
etag: "e951f6b11e473b68d2fdd95b822cef120d37b1eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae0951d3-44e9-49d3-9232-f4151ef59735.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae0951d3-44e9-49d3-9232-f4151ef59735.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b255b252ceed088d6f505e7e9acfcb55
a6b1c3e0d506ac1c66405e061e9910fafb176a7d
b796a98834c7ecf220d13bfba61e81a9b90d472d2aa725ff66888cbddad731e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae0951d3-44e9-49d3-9232-f4151ef59735.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6157
x-amzn-requestid: a51846e4-4e25-455f-885b-acf2567f2e1c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDlObH7XIAMFw6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63314f28-4e6a68a74edb1ad850e17dac;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 07:05:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2g98EnyiFhkZTsqis2_ASfjM-YTJmcUJ-Mwcl1dWlruzrWDuojPA0w==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 07:24:38 GMT
age: 3179
etag: "a6b1c3e0d506ac1c66405e061e9910fafb176a7d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: l9IinQYCcQV_iymSArIEnOWgbmLlmVqz94402zcsmga5Bp3Sty7QRg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:49 GMT
age: 38208
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hypermusk.com/dsp-stats/impression/1795175?var=825911&ua=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&pl=h1_ZXGbciu3FDnHKrzzqcFJvk5YBHEqks8klk5cgJTbNFK9PO_pkrQZ8f-bms4x7tDzXvqWB84NDNx6-hya77zMS8CTVjL2KQfc2_nQ0UtTT1KVddsTgcj1_U1WH0zWHuHAEf3ehjulApjvFBThwx5-Fjs5mY2ITPQymS7f7Bj34fhTfiB2zUZlcdLV12ZMUp6S71KUp4KUCVXmlF_qD7pL-7Ke_TXyW90rvzJZMSncP_arBLGMnKBk-usa1NfYVc5kvzgfO1Lw0JxyBWJppafG3dqK3pG_vXtcc8BEzzAEOtSZBbAUAL9_ASUeP7nn8gz-jp5-ZJRz35vnM5dpssaNGk9QCFniyuJ5LlQPZQNk9SbdRPi6fq120KkG6W6NcDirp0GEJ0dgonZlxBt78hb7HUb5iZT-aGaM-k6yWdMDHbs5gif80t7-wZJfUz95FBXySfe3olyS1lHwTWeijU5pcX5YVUiYg6PqALaIqKQAFwwAOwoTBJrNQg9N8tCzN9wPtnywV4GMa8qvPfsaFII8qTi5NZOxnQucBu4ayvLeexUf920mAiZ5d8olclxltS6J0DBdEITjgrrUoH_p2jE-1XtdanUAruq_IYx_bPKu7NjpgVkfmh4m6tFR5_rO8gVW5gFVeIO_PvXrnzXAG9FSvQ189AwdbAF-5gYxHM3cRSQAJ2MpeTMpR9suju7sF43KuVB5U8JbRelhdiPNVql9j4ioio2MDsXNRbEfy8LVyYlWlopAbbi0ur6T640qdbPLWuybNJegMVRUkTKa-0TF1Z0TyVBDcT-WYtiKjaO4un8ZuSF58lkqHu9DAvWgh2HaSMCtw7bDIt26iBj555YLd1yKR0CUO_RTRTgrMMhr_ZzEsVu3osr7IyEQKzYi8dkHoynXJKm58KnClTNa3OGz9W-ul4uC4NT22gZCLZQQYHe8UzRxoVT2htQ82sYvW0oNAFlzlmP_7Y9tEbl-0sbZtwAZHlalHYGN4hy-dpEVQbXZ0KDLyh1XOSRlA26MfL5DpifiVBqiY&rd=vl5AKvc-Fe-dqRDRx7xpFkluFroRjzTrUb3bfAymSOti2TwEPwCRl6fGrBssjG2Ea35SlUdrXcrBVz86SI1hLrI5V4dGGo_Jw8kp9DH07snq8eVDWoqzDgDPCDWyighNhVAii_Dv2h8NWOiFlgKhTck=
62.122.171.12302 Found 108 B URL HTTP/2 hypermusk.com/dsp-stats/impression/1795175?var=825911&ua=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&pl=h1_ZXGbciu3FDnHKrzzqcFJvk5YBHEqks8klk5cgJTbNFK9PO_pkrQZ8f-bms4x7tDzXvqWB84NDNx6-hya77zMS8CTVjL2KQfc2_nQ0UtTT1KVddsTgcj1_U1WH0zWHuHAEf3ehjulApjvFBThwx5-Fjs5mY2ITPQymS7f7Bj34fhTfiB2zUZlcdLV12ZMUp6S71KUp4KUCVXmlF_qD7pL-7Ke_TXyW90rvzJZMSncP_arBLGMnKBk-usa1NfYVc5kvzgfO1Lw0JxyBWJppafG3dqK3pG_vXtcc8BEzzAEOtSZBbAUAL9_ASUeP7nn8gz-jp5-ZJRz35vnM5dpssaNGk9QCFniyuJ5LlQPZQNk9SbdRPi6fq120KkG6W6NcDirp0GEJ0dgonZlxBt78hb7HUb5iZT-aGaM-k6yWdMDHbs5gif80t7-wZJfUz95FBXySfe3olyS1lHwTWeijU5pcX5YVUiYg6PqALaIqKQAFwwAOwoTBJrNQg9N8tCzN9wPtnywV4GMa8qvPfsaFII8qTi5NZOxnQucBu4ayvLeexUf920mAiZ5d8olclxltS6J0DBdEITjgrrUoH_p2jE-1XtdanUAruq_IYx_bPKu7NjpgVkfmh4m6tFR5_rO8gVW5gFVeIO_PvXrnzXAG9FSvQ189AwdbAF-5gYxHM3cRSQAJ2MpeTMpR9suju7sF43KuVB5U8JbRelhdiPNVql9j4ioio2MDsXNRbEfy8LVyYlWlopAbbi0ur6T640qdbPLWuybNJegMVRUkTKa-0TF1Z0TyVBDcT-WYtiKjaO4un8ZuSF58lkqHu9DAvWgh2HaSMCtw7bDIt26iBj555YLd1yKR0CUO_RTRTgrMMhr_ZzEsVu3osr7IyEQKzYi8dkHoynXJKm58KnClTNa3OGz9W-ul4uC4NT22gZCLZQQYHe8UzRxoVT2htQ82sYvW0oNAFlzlmP_7Y9tEbl-0sbZtwAZHlalHYGN4hy-dpEVQbXZ0KDLyh1XOSRlA26MfL5DpifiVBqiY&rd=vl5AKvc-Fe-dqRDRx7xpFkluFroRjzTrUb3bfAymSOti2TwEPwCRl6fGrBssjG2Ea35SlUdrXcrBVz86SI1hLrI5V4dGGo_Jw8kp9DH07snq8eVDWoqzDgDPCDWyighNhVAii_Dv2h8NWOiFlgKhTck=
IP 62.122.171.12:0
File type HTML document, ASCII text
Hash 022a95cacd9f3720430e1eb4fe87c905
d83c5db5fc6dbdc5893f3f500476188192467a45
6a5340804ff6302bc8a5761fbefccbc3624b9e6307a4d80a95c8a9b9eee68a4e
GET /dsp-stats/impression/1795175?var=825911&ua=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&pl=h1_ZXGbciu3FDnHKrzzqcFJvk5YBHEqks8klk5cgJTbNFK9PO_pkrQZ8f-bms4x7tDzXvqWB84NDNx6-hya77zMS8CTVjL2KQfc2_nQ0UtTT1KVddsTgcj1_U1WH0zWHuHAEf3ehjulApjvFBThwx5-Fjs5mY2ITPQymS7f7Bj34fhTfiB2zUZlcdLV12ZMUp6S71KUp4KUCVXmlF_qD7pL-7Ke_TXyW90rvzJZMSncP_arBLGMnKBk-usa1NfYVc5kvzgfO1Lw0JxyBWJppafG3dqK3pG_vXtcc8BEzzAEOtSZBbAUAL9_ASUeP7nn8gz-jp5-ZJRz35vnM5dpssaNGk9QCFniyuJ5LlQPZQNk9SbdRPi6fq120KkG6W6NcDirp0GEJ0dgonZlxBt78hb7HUb5iZT-aGaM-k6yWdMDHbs5gif80t7-wZJfUz95FBXySfe3olyS1lHwTWeijU5pcX5YVUiYg6PqALaIqKQAFwwAOwoTBJrNQg9N8tCzN9wPtnywV4GMa8qvPfsaFII8qTi5NZOxnQucBu4ayvLeexUf920mAiZ5d8olclxltS6J0DBdEITjgrrUoH_p2jE-1XtdanUAruq_IYx_bPKu7NjpgVkfmh4m6tFR5_rO8gVW5gFVeIO_PvXrnzXAG9FSvQ189AwdbAF-5gYxHM3cRSQAJ2MpeTMpR9suju7sF43KuVB5U8JbRelhdiPNVql9j4ioio2MDsXNRbEfy8LVyYlWlopAbbi0ur6T640qdbPLWuybNJegMVRUkTKa-0TF1Z0TyVBDcT-WYtiKjaO4un8ZuSF58lkqHu9DAvWgh2HaSMCtw7bDIt26iBj555YLd1yKR0CUO_RTRTgrMMhr_ZzEsVu3osr7IyEQKzYi8dkHoynXJKm58KnClTNa3OGz9W-ul4uC4NT22gZCLZQQYHe8UzRxoVT2htQ82sYvW0oNAFlzlmP_7Y9tEbl-0sbZtwAZHlalHYGN4hy-dpEVQbXZ0KDLyh1XOSRlA26MfL5DpifiVBqiY&rd=vl5AKvc-Fe-dqRDRx7xpFkluFroRjzTrUb3bfAymSOti2TwEPwCRl6fGrBssjG2Ea35SlUdrXcrBVz86SI1hLrI5V4dGGo_Jw8kp9DH07snq8eVDWoqzDgDPCDWyighNhVAii_Dv2h8NWOiFlgKhTck= HTTP/1.1
Host: hypermusk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 28 Sep 2022 08:17:39 GMT
content-type: text/html; charset=utf-8
content-length: 108
location: https://cdn.pncloudfl.com/pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg
x-route-id: stats.push-notifications.dsp-impression
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
hypermusk.com/dsp-stats/impression/1795175?var=825911&ua=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&pl=h1_ZXGbciu3FDnHKrzzqcFJvk5YBHEqks8klk5cgJTbNFK9PO_pkrQZ8f-bms4x7tDzXvqWB84NDNx6-hya77zMS8CTVjL2KQfc2_nQ0UtTT1KVddsTgcj1_U1WH0zWHuHAEf3ehjulApjvFBThwx5-Fjs5mY2ITPQymS7f7Bj34fhTfiB2zUZlcdLV12ZMUp6S71KUp4KUCVXmlF_qD7pL-7Ke_TXyW90rvzJZMSncP_arBLGMnKBk-usa1NfYVc5kvzgfO1Lw0JxyBWJppafG3dqK3pG_vXtcc8BEzzAEOtSZBbAUAL9_ASUeP7nn8gz-jp5-ZJRz35vnM5dpssaNGk9QCFniyuJ5LlQPZQNk9SbdRPi6fq120KkG6W6NcDirp0GEJ0dgonZlxBt78hb7HUb5iZT-aGaM-k6yWdMDHbs5gif80t7-wZJfUz95FBXySfe3olyS1lHwTWeijU5pcX5YVUiYg6PqALaIqKQAFwwAOwoTBJrNQg9N8tCzN9wPtnywV4GMa8qvPfsaFII8qTi5NZOxnQucBu4ayvLeexUf920mAiZ5d8olclxltS6J0DBdEITjgrrUoH_p2jE-1XtdanUAruq_IYx_bPKu7NjpgVkfmh4m6tFR5_rO8gVW5gFVeIO_PvXrnzXAG9FSvQ189AwdbAF-5gYxHM3cRSQAJ2MpeTMpR9suju7sF43KuVB5U8JbRelhdiPNVql9j4ioio2MDsXNRbEfy8LVyYlWlopAbbi0ur6T640qdbPLWuybNJegMVRUkTKa-0TF1Z0TyVBDcT-WYtiKjaO4un8ZuSF58lkqHu9DAvWgh2HaSMCtw7bDIt26iBj555YLd1yKR0CUO_RTRTgrMMhr_ZzEsVu3osr7IyEQKzYi8dkHoynXJKm58KnClTNa3OGz9W-ul4uC4NT22gZCLZQQYHe8UzRxoVT2htQ82sYvW0oNAFlzlmP_7Y9tEbl-0sbZtwAZHlalHYGN4hy-dpEVQbXZ0KDLyh1XOSRlA26MfL5DpifiVBqiY&rd=vl5AKvc-Fe-dqRDRx7xpFkluFroRjzTrUb3bfAymSOti2TwEPwCRl6fGrBssjG2Ea35SlUdrXcrBVz86SI1hLrI5V4dGGo_Jw8kp9DH07snq8eVDWoqzDgDPCDWyighNhVAii_Dv2h8NWOiFlgKhTck=
62.122.171.12302 Found 108 B URL HTTP/2 hypermusk.com/dsp-stats/impression/1795175?var=825911&ua=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&pl=h1_ZXGbciu3FDnHKrzzqcFJvk5YBHEqks8klk5cgJTbNFK9PO_pkrQZ8f-bms4x7tDzXvqWB84NDNx6-hya77zMS8CTVjL2KQfc2_nQ0UtTT1KVddsTgcj1_U1WH0zWHuHAEf3ehjulApjvFBThwx5-Fjs5mY2ITPQymS7f7Bj34fhTfiB2zUZlcdLV12ZMUp6S71KUp4KUCVXmlF_qD7pL-7Ke_TXyW90rvzJZMSncP_arBLGMnKBk-usa1NfYVc5kvzgfO1Lw0JxyBWJppafG3dqK3pG_vXtcc8BEzzAEOtSZBbAUAL9_ASUeP7nn8gz-jp5-ZJRz35vnM5dpssaNGk9QCFniyuJ5LlQPZQNk9SbdRPi6fq120KkG6W6NcDirp0GEJ0dgonZlxBt78hb7HUb5iZT-aGaM-k6yWdMDHbs5gif80t7-wZJfUz95FBXySfe3olyS1lHwTWeijU5pcX5YVUiYg6PqALaIqKQAFwwAOwoTBJrNQg9N8tCzN9wPtnywV4GMa8qvPfsaFII8qTi5NZOxnQucBu4ayvLeexUf920mAiZ5d8olclxltS6J0DBdEITjgrrUoH_p2jE-1XtdanUAruq_IYx_bPKu7NjpgVkfmh4m6tFR5_rO8gVW5gFVeIO_PvXrnzXAG9FSvQ189AwdbAF-5gYxHM3cRSQAJ2MpeTMpR9suju7sF43KuVB5U8JbRelhdiPNVql9j4ioio2MDsXNRbEfy8LVyYlWlopAbbi0ur6T640qdbPLWuybNJegMVRUkTKa-0TF1Z0TyVBDcT-WYtiKjaO4un8ZuSF58lkqHu9DAvWgh2HaSMCtw7bDIt26iBj555YLd1yKR0CUO_RTRTgrMMhr_ZzEsVu3osr7IyEQKzYi8dkHoynXJKm58KnClTNa3OGz9W-ul4uC4NT22gZCLZQQYHe8UzRxoVT2htQ82sYvW0oNAFlzlmP_7Y9tEbl-0sbZtwAZHlalHYGN4hy-dpEVQbXZ0KDLyh1XOSRlA26MfL5DpifiVBqiY&rd=vl5AKvc-Fe-dqRDRx7xpFkluFroRjzTrUb3bfAymSOti2TwEPwCRl6fGrBssjG2Ea35SlUdrXcrBVz86SI1hLrI5V4dGGo_Jw8kp9DH07snq8eVDWoqzDgDPCDWyighNhVAii_Dv2h8NWOiFlgKhTck=
IP 62.122.171.12:0
File type HTML document, ASCII text
Hash 022a95cacd9f3720430e1eb4fe87c905
d83c5db5fc6dbdc5893f3f500476188192467a45
6a5340804ff6302bc8a5761fbefccbc3624b9e6307a4d80a95c8a9b9eee68a4e
GET /dsp-stats/impression/1795175?var=825911&ua=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&pl=h1_ZXGbciu3FDnHKrzzqcFJvk5YBHEqks8klk5cgJTbNFK9PO_pkrQZ8f-bms4x7tDzXvqWB84NDNx6-hya77zMS8CTVjL2KQfc2_nQ0UtTT1KVddsTgcj1_U1WH0zWHuHAEf3ehjulApjvFBThwx5-Fjs5mY2ITPQymS7f7Bj34fhTfiB2zUZlcdLV12ZMUp6S71KUp4KUCVXmlF_qD7pL-7Ke_TXyW90rvzJZMSncP_arBLGMnKBk-usa1NfYVc5kvzgfO1Lw0JxyBWJppafG3dqK3pG_vXtcc8BEzzAEOtSZBbAUAL9_ASUeP7nn8gz-jp5-ZJRz35vnM5dpssaNGk9QCFniyuJ5LlQPZQNk9SbdRPi6fq120KkG6W6NcDirp0GEJ0dgonZlxBt78hb7HUb5iZT-aGaM-k6yWdMDHbs5gif80t7-wZJfUz95FBXySfe3olyS1lHwTWeijU5pcX5YVUiYg6PqALaIqKQAFwwAOwoTBJrNQg9N8tCzN9wPtnywV4GMa8qvPfsaFII8qTi5NZOxnQucBu4ayvLeexUf920mAiZ5d8olclxltS6J0DBdEITjgrrUoH_p2jE-1XtdanUAruq_IYx_bPKu7NjpgVkfmh4m6tFR5_rO8gVW5gFVeIO_PvXrnzXAG9FSvQ189AwdbAF-5gYxHM3cRSQAJ2MpeTMpR9suju7sF43KuVB5U8JbRelhdiPNVql9j4ioio2MDsXNRbEfy8LVyYlWlopAbbi0ur6T640qdbPLWuybNJegMVRUkTKa-0TF1Z0TyVBDcT-WYtiKjaO4un8ZuSF58lkqHu9DAvWgh2HaSMCtw7bDIt26iBj555YLd1yKR0CUO_RTRTgrMMhr_ZzEsVu3osr7IyEQKzYi8dkHoynXJKm58KnClTNa3OGz9W-ul4uC4NT22gZCLZQQYHe8UzRxoVT2htQ82sYvW0oNAFlzlmP_7Y9tEbl-0sbZtwAZHlalHYGN4hy-dpEVQbXZ0KDLyh1XOSRlA26MfL5DpifiVBqiY&rd=vl5AKvc-Fe-dqRDRx7xpFkluFroRjzTrUb3bfAymSOti2TwEPwCRl6fGrBssjG2Ea35SlUdrXcrBVz86SI1hLrI5V4dGGo_Jw8kp9DH07snq8eVDWoqzDgDPCDWyighNhVAii_Dv2h8NWOiFlgKhTck= HTTP/1.1
Host: hypermusk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 28 Sep 2022 08:17:39 GMT
content-type: text/html; charset=utf-8
content-length: 108
location: https://cdn.pncloudfl.com/pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg
x-route-id: stats.push-notifications.dsp-impression
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg
172.67.25.161200 OK 3.3 kB URL HTTP/2 cdn.pncloudfl.com/pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg
IP 172.67.25.161:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 08cbcae432e7e9ae625966004a149b37
039d163adb8f2e85c67bbb5ee60a6a87af85cde5
4ca10713b3a32298e406f966879a8fd59c198479cae2bd4008fa58c33092d39a
GET /pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:39 GMT
content-type: image/webp
content-length: 3310
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5912
content-disposition: inline; filename="3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.webp"
etag: 0a9c3bcc55125dbc4b43809747567310
expires: Thu, 29 Sep 2022 22:04:09 GMT
last-modified: Fri, 14 Jan 2022 13:46:01 GMT
vary: Accept
x-openstack-request-id: tx88da71cc9b214abfb87c3-0061e18331
x-proxy-cache: HIT
x-timestamp: 1642167960.59843
x-trans-id: tx88da71cc9b214abfb87c3-0061e18331
cf-cache-status: HIT
age: 36810
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 751b0b403b960b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31900, version 1.1\012- data
Hash 1b285c8e5b7445a8e434b2cdf036bab2
c97d4772fbb5c5637d466b5f991bc7ec28830b32
09b979826f2ac158a63ba234042c66414c21282d0bb46eadc62c64a873778825
GET /themes/flow/frontend_assets/fonts/raleway_medium.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:42 GMT
content-type: font/woff
content-length: 31900
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c9c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dc067c1aaba7eba7c32f4141cd6976e2
5559e9678695e42300ce8322c6034fc1d5a318f1
12328a79b8a321bbf0182d27ebe91a595ed1930e46898d9599a3ee1c0f8b91b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12328A79B8A321BBF0182D27EBE91A595ED1930E46898D9599A3EE1C0F8B91B2"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3369
Expires: Wed, 28 Sep 2022 09:13:52 GMT
Date: Wed, 28 Sep 2022 08:17:43 GMT
Connection: keep-alive
agagraveleran.com/icon?ctx=Iure7DEwqMsXReJ9LbgqV4DU65mVm3BRo3Tc7j7Jif-a9Ig30RHFssQ4GfWGkdHiSodH6EcfSQzXHi3Z_ZjlLh1PykaJWiGDYjmgVndZ277mUgPVCx6HHeJzVCzYdy6BsM4R_UGvNqy0_sFC6DE7ty8GTBeyR6cfageIgLWNG9G2a22SyXrguMXIvuHso5-Qc33y2d4En33lno09vaGUzvzqZOCrtR18apZ94d7tZmvtDs4O-I2nhJ5S_yT0JysJ&z=3324887
139.45.195.6301 Moved Permanently 0 B URL HTTP/1.1 agagraveleran.com/icon?ctx=Iure7DEwqMsXReJ9LbgqV4DU65mVm3BRo3Tc7j7Jif-a9Ig30RHFssQ4GfWGkdHiSodH6EcfSQzXHi3Z_ZjlLh1PykaJWiGDYjmgVndZ277mUgPVCx6HHeJzVCzYdy6BsM4R_UGvNqy0_sFC6DE7ty8GTBeyR6cfageIgLWNG9G2a22SyXrguMXIvuHso5-Qc33y2d4En33lno09vaGUzvzqZOCrtR18apZ94d7tZmvtDs4O-I2nhJ5S_yT0JysJ&z=3324887
IP 139.45.195.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /icon?ctx=Iure7DEwqMsXReJ9LbgqV4DU65mVm3BRo3Tc7j7Jif-a9Ig30RHFssQ4GfWGkdHiSodH6EcfSQzXHi3Z_ZjlLh1PykaJWiGDYjmgVndZ277mUgPVCx6HHeJzVCzYdy6BsM4R_UGvNqy0_sFC6DE7ty8GTBeyR6cfageIgLWNG9G2a22SyXrguMXIvuHso5-Qc33y2d4En33lno09vaGUzvzqZOCrtR18apZ94d7tZmvtDs4O-I2nhJ5S_yT0JysJ&z=3324887 HTTP/1.1
Host: agagraveleran.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 28 Sep 2022 08:17:43 GMT
Content-Length: 0
Connection: keep-alive
Location: https://outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6eafbe8ef8a5663320194d6c4e176d01
06a01d938c3a7ad3843e9f6e649f17a344ec0fdc
c5262a6c5620d1c43aacfc9c6f8aa945efb2f90eeaee6e91e55387ace48fa7c6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C5262A6C5620D1C43AACFC9C6F8AA945EFB2F90EEAEE6E91E55387ACE48FA7C6"
Last-Modified: Mon, 26 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3556
Expires: Wed, 28 Sep 2022 09:16:59 GMT
Date: Wed, 28 Sep 2022 08:17:43 GMT
Connection: keep-alive
outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
172.67.12.156200 OK 23 kB URL HTTP/2 outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
IP 172.67.12.156:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 7a555faea541a27da9de79a0e67abf9b
c6650bdf11a8badb1f4ea8eff3003928c5df877f
170b360c4605bbcc8939aa230ff5bb5d274bb6163e50cf47c6e00d3284e4c01e
GET /www/images/7a555faea541a27da9de79a0e67abf9b.jpeg HTTP/1.1
Host: outsimiseara.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:43 GMT
content-type: image/jpeg
content-length: 23018
cache-control: max-age=86400
cf-bgj: h2pri
etag: "5e240fa2-59ea"
expires: Wed, 28 Sep 2022 10:07:10 GMT
last-modified: Sun, 19 Jan 2020 08:13:22 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 79833
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b0b5969b9b51d-OSL
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cdf"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/colors/flow.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/colors/flow.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/colors/flow.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-a83"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/responsive.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/responsive.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/responsive.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-e56"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6a684"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.dataTables.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.dataTables.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.dataTables.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-10fe4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/custom/custom.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/custom/custom.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/custom/custom.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1420"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
IP 91.209.70.182:0
GET /themes/flow/js/clipboardjs/clipboard.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2296"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/sw.js?dXZlV28uVF1kXUNFVnVDV1RJdQlBElxiXhASSGRfRU9IY1dCEEhvCUNDSG9eF08EYFgQR1A0CVdaR2FfRUUBbgtBW1w0CkBbUTVeQ1sHYlxFW11kV0ZEBmUKRxNcNU1ZVBYgTVlUFjgMHBMRPgESGAR5BhsQCnVDV09LZU1ZEAQ7HBBaAzYDBhM4
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/sw.js?dXZlV28uVF1kXUNFVnVDV1RJdQlBElxiXhASSGRfRU9IY1dCEEhvCUNDSG9eF08EYFgQR1A0CVdaR2FfRUUBbgtBW1w0CkBbUTVeQ1sHYlxFW11kV0ZEBmUKRxNcNU1ZVBYgTVlUFjgMHBMRPgESGAR5BhsQCnVDV09LZU1ZEAQ7HBBaAzYDBhM4
IP 91.209.70.182:0
GET /sw.js?dXZlV28uVF1kXUNFVnVDV1RJdQlBElxiXhASSGRfRU9IY1dCEEhvCUNDSG9eF08EYFgQR1A0CVdaR2FfRUUBbgtBW1w0CkBbUTVeQ1sHYlxFW11kV0ZEBmUKRxNcNU1ZVBYgTVlUFjgMHBMRPgESGAR5BhsQCnVDV09LZU1ZEAQ7HBBaAzYDBhM4 HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:52 GMT
vary: Accept-Encoding
etag: W/"60758f38-12fe6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: text/plain
set-cookie: csu=405276199407350@1@1664353056; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6VvcIsr6t3Nkug2ZUX%2F6an%2Flq3UyqfvRU%2FbYeDc1mgb6tb8dop1rrsGcaGBcWq2nDV5DXZ%2F3%2BEYN8gbBOEFM54NOofiH0GoeYBFPLCGPRyFv%2FphOCrRydhb9ixxg5f5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751b0b2ced2d72f4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/All-stylesheets.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-153"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 333
last-modified: Wed, 28 Sep 2022 08:12:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0omdjziYyXaF9GdlHRvplz4nliaiofEHel%2BDHy4gRgfO2PWK9wglG%2FsEPl7ZVPjrWGwDMVF3v1zYyNVGAHEk2nrYp9RUQVxNcRAk2IjwW03J%2BCHf5oSKIEojtbj7UDzy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b0b2ccd1172f4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.tmpl.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.tmpl.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.tmpl.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3cb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-resize.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-resize.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-resize.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1f7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/sticky/jquery.sticky.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1099"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-8d4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.iframe-transport.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.iframe-transport.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.iframe-transport.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2427"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-dbd4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/global.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/global.js
IP 91.209.70.182:0
GET /themes/flow/js/global.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-d59"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/images/icons/favicon/favicon.ico HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:36 GMT
content-type: image/x-icon
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-47e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/sw.js
91.209.70.182200 OK 0 B IP 91.209.70.182:0
GET /sw.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:52 GMT
vary: Accept-Encoding
etag: W/"60758f38-12fe6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/retina/retina.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/retina/retina.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/retina/retina.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-52e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/gauge.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/gauge.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/gauge.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45b8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S755440684%3A1664353056748861&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoykml_93am0Zmku_NWbzFOrfFXGojn27lVTms8Am-dTRY76O2F8xKgiLCJWwnGHwuKoyv7Hw
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S755440684%3A1664353056748861&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoykml_93am0Zmku_NWbzFOrfFXGojn27lVTms8Am-dTRY76O2F8xKgiLCJWwnGHwuKoyv7Hw
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S755440684%3A1664353056748861&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoykml_93am0Zmku_NWbzFOrfFXGojn27lVTms8Am-dTRY76O2F8xKgiLCJWwnGHwuKoyv7Hw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 28 Sep 2022 08:17:36 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-hU9iRRMX7rPpiplbE8Lbhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=meNWdjL_esuM1YOHfym8RXEqEVkHtJ3VAIPzTER49uekYd5kCz1_GH3wzUyjihBwZPQtK28BsvDPdpDhn-Do0J33M7lTDi8aLH7HrnU00YJN447pUWn3jkP2bQ_xV_cmj8lBIqbMMLGx11_SM2SMk37Njx6ov_5V978k3HSQvWI; expires=Thu, 30-Mar-2023 08:17:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
143.204.42.171200 OK 0 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
IP 143.204.42.171:0
GET /?kzmmd=761186 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 188771
date: Wed, 28 Sep 2022 08:17:36 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xo1pTdTWNzIqiTq6B4NYUpWgsg0F-8_ghOobUPrUKi75zsfQd9kg5Q==
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/load-image.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/load-image.min.js
IP 91.209.70.182:0
GET /themes/flow/js/load-image.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-9f2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/nav/jquery.nav.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1547"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3ead"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/custom-isotope.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2un2B/Pocket.Stables-GoldBerg.zip
Connection: keep-alive
Cookie: cf_clearance=.WVFMvFpLibAcnBIhc5LoaNzdDgIkfHeaFSSeKDT6mw-1664347159-0-150; filehosting=fr5nr3q4t0bvorg5jnu91elni5; _ga=GA1.2.1462319565.1664347160; _gid=GA1.2.190544916.1664347160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:17:35 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2