megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
91.209.70.182301 Moved Permanently 162 B URL HTTP/1.1 megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
IP 91.209.70.182:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Sep 2022 22:36:04 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 21:43:17 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WRrgZEwCmepZghiFno4zna4cwZLuTKn9dZHtziWzmfoG7BbLzjZZjA==
Age: 3167
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8869
Expires: Sun, 04 Sep 2022 01:03:54 GMT
Date: Sat, 03 Sep 2022 22:36:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nO3xgiwQJe-8V6MrJAORjnbNJDzFjuepuI9WNWzFYDWd04ChMuEhJA==
age: 76848
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6d8d05f24a1294910628f1ad066885c1
de344b3a2085daff159b0ebc2d197517800bf3b1
e6ac903e6f22db028c79c89d5c3dae2b5487e58090fc07c755f60a68572a7b4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 22:36:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Sep 2022 00:41:15 GMT
Expires: Fri, 09 Sep 2022 00:41:14 GMT
Etag: "de344b3a2085daff159b0ebc2d197517800bf3b1"
Cache-Control: max-age=438908,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7451f654a9600b59-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 03 Sep 2022 21:38:16 GMT
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 21:45:45 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RA_PRTxIit8OcAbNXxr7b61-Atyi4pO1CQsW34rTdYJmS3IxTDL3WA==
Age: 3469
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fc12f0a98aa28ccb56e0b56d7e40ded
f7efcfb8b4f4aa40268bada3fec380820a70ee35
a34aa9b7db949a583c3f1b4d87fed415a11d119c9615b5e710c3125173f8a277
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3019
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:36:05 GMT
Last-Modified: Sat, 03 Sep 2022 21:45:46 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cc6ea3e01d1d6b8c4b28ff64d3b795a7
017457c6f5a63157102485a956c667aad36d33ef
e6fe903f67363d3e92b929e274f0de7c2f6a15b6df1806198199440ed0fe221e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:36:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
91.209.70.182200 OK 54 kB URL HTTP/2 megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
IP 91.209.70.182:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58554), with CRLF, LF line terminators
Hash fcab2d55c940cc13b14baf8f41f57f9d
e5f3cd749b9f388e85ace301099caaffefc6d9bf
ba79fcec4f6dc26cdd65590fd8e64592a519fd76ae1cbbdc90bb9b2c878fe655
GET /2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45; expires=Sun, 04-Sep-2022 22:36:05 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/custom.css
91.209.70.182200 OK 3.9 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/custom.css
IP 91.209.70.182:0
File type assembler source, ASCII text, with CRLF line terminators
Hash 9871f860b0967850340cf11ffbb760fd
d3e5e4e5da6e738b368bbf29072407dd0cf3c6b4
c4cd22d6a9880faec64091646494b86e0ad9df1b5725bf550a0846bcaeaab125
GET /themes/flow/frontend_assets/css/custom.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3577"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
altowriestwispy.com/tysaSHG1FMaM/18410
23.109.82.143200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 23.109.82.143:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:36:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 04-Sep-2022 22:36:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 04-Sep-2022 22:36:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
keydawnawe.com/gwZ1U5hjA8ii/32575
23.109.150.138200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 23.109.150.138:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:36:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 04-Sep-2022 22:36:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 04-Sep-2022 22:36:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
www.googletagmanager.com/gtag/js?id=UA-108868042-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1615)
Hash fa2aa13f860f93fbb799f019ecdd85a9
6294f3127613c9a2e22df3d87b7554b76058cf9f
609b446cfeb365231f2e0abc83e620c575564757d499d27e7447329552fd326c
GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Sep 2022 22:36:05 GMT
expires: Sat, 03 Sep 2022 22:36:05 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Sep 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41915
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
91.209.70.182200 OK 9.1 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
IP 91.209.70.182:0
Hash cfec8268d5c5b0bf0a6c53318ed7e444
c480d25fd4f4877f8d1d72fe9b58940d84aafd87
ea4c2af4f7d1aa4840c2de10aca966627f4eb79f0124c7136647f3b0873fbb6b
GET /themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-8d4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/main_logo_inverted.png
91.209.70.182200 OK 7.1 kB URL HTTP/2 megaup.net/themes/flow/images/main_logo_inverted.png
IP 91.209.70.182:0
File type PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d15526be10b904a6b48d1af04a10cc3
c09b6874359ac6d71db95593618a9acb55baa984
894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018
GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/loading_small.gif
91.209.70.182200 OK 184 kB URL HTTP/2 megaup.net/themes/flow/images/loading_small.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 64 x 64\012- data
Size 184 kB (184355 bytes)
Hash b0dd5b3af9c4c0644d7bddee83716209
30002468d0266b893b3559b8d0d260c6cbf0ad7c
2418224bb4d12c122ef3c54d2ee9edb5f6f28d539e91a166b0215553f8c7609d
GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.208.34.131101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.208.34.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ijkFU8B4JEn8gbsGLo4QVA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LaNv+UlnaK180VHRUHNhAIZIcus=
megaup.net/themes/flow/frontend_assets/css/fonts.css
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/fonts.css
IP 91.209.70.182:0
Hash 8b24e683e2c5ef5d7a2b38cd790f7f70
dece3dd7e557d946c04c701e54251b61858830e3
5a4ecd804556d94135739c7180d5fd60dde71c1cd2360504ac843c4107349227
GET /themes/flow/frontend_assets/css/fonts.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-690"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-1.11.0.min.js
91.209.70.182200 OK 67 kB URL HTTP/2 megaup.net/themes/flow/js/jquery-1.11.0.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (32341)
Hash 4fdb48582674a869d55486825f0b4379
ee1f487e5a7bc5ca0ced3e58ee53825ef7a0fd76
980e6e3f789619042c2b9457ec7d94b46c0057ab987ab933a43b7fb5123eb62c
GET /themes/flow/js/jquery-1.11.0.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1787d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css
91.209.70.182200 OK 51 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css
IP 91.209.70.182:0
File type assembler source, ASCII text, with very long lines (540), with CRLF line terminators
Hash bc0b332848a3f988d0439cca4e96125b
3926f3395e2d8d9d2fecd1fd6a776d3afd59643b
a691768dae00514353d582195190f6c5c1fd37727940c1d5fe8405f8e3e569b5
GET /themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cc1b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css
91.209.70.182200 OK 29 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css
IP 91.209.70.182:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 9b09db669344df96a023168ad31c84a4
f2b9d2487942ed7fa5bcb9ba46f02a4417433dde
80806499ee5857d4552c155b16d05931cf7af697292ce386d361f118b2737872
GET /themes/flow/frontend_assets/rs-plugin/css/settings.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-ce4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
143.204.42.171200 OK 189 kB URL HTTP/2 dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
IP 143.204.42.171:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 189 kB (188755 bytes)
Hash fd48ad0b7fd2e1175ead2406ab0f36c5
4a847cd30151d94fa8961565589b4752f4add311
7354dcc47e7836b6a14782c73ebf4709bda7814b9415c2cee4af98c09f37892b
GET /?kzmmd=761186 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 188755
date: Sat, 03 Sep 2022 22:36:05 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iWv3N5NOCQx3JyWVKWW9R0COzvzXOpTHPhYF4pt4CwYEr08kWiIK6w==
X-Firefox-Spdy: h2
altowriestwispy.com/tysaSHG1FMaM/18410
23.109.82.143200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 23.109.82.143:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:36:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
keydawnawe.com/gwZ1U5hjA8ii/32575
23.109.150.138200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 23.109.150.138:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:36:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ofghaidarium.xyz/TFFIWWpjbisqVxkJIyA8fD0iCh0oOy1rPA4Qeh9PfhMRDFoOCAAyTDg4LGRSfmRxaFtqISE9V39jbioeLSU9Kld+YXhuTCU/LjZXfnc+ZFpiaWZgRHx3PWRbaiU4OA1xYG4pHjg9dWhcemN6bV55Z3ttWXs
172.67.157.158204 No Content 0 B URL HTTP/2 ofghaidarium.xyz/TFFIWWpjbisqVxkJIyA8fD0iCh0oOy1rPA4Qeh9PfhMRDFoOCAAyTDg4LGRSfmRxaFtqISE9V39jbioeLSU9Kld+YXhuTCU/LjZXfnc+ZFpiaWZgRHx3PWRbaiU4OA1xYG4pHjg9dWhcemN6bV55Z3ttWXs
IP 172.67.157.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TFFIWWpjbisqVxkJIyA8fD0iCh0oOy1rPA4Qeh9PfhMRDFoOCAAyTDg4LGRSfmRxaFtqISE9V39jbioeLSU9Kld+YXhuTCU/LjZXfnc+ZFpiaWZgRHx3PWRbaiU4OA1xYG4pHjg9dWhcemN6bV55Z3ttWXs HTTP/1.1
Host: ofghaidarium.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 22:36:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FgPpWv5nCX82ttZXEk82J6DRcTCIgfz3Is6gWEAVcoKjFthXfs82uxubQh%2F7akXMO4Gdrna6co0trkL6DeEP0kMGH5SDIf62Che%2B9O4Iw18gkSr0%2Fz1oVI0lG97LYAUixX14"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7451f65b0810b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-ui.js
91.209.70.182200 OK 108 kB URL HTTP/2 megaup.net/themes/flow/js/jquery-ui.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (840)
Size 108 kB (108521 bytes)
Hash cf478df5d979bd84ca1f94405912b825
2907e40cb80b38c23a4b42286f2e4ecaf6492696
855f19f21ffa9385852d6fb1cfc409243e94c68f200f73bcd66b304a606037ad
GET /themes/flow/js/jquery-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6a684"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-validate.js
91.209.70.182200 OK 1.3 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-validate.js
IP 91.209.70.182:0
Hash 62e3977c5a457dc54676933048703cec
b85283762bb49075c46ef2277d46d3334e05553a
85f97e56f44315a3a198795d7894c0c61ed51dfd83d9784611df14233627c130
GET /themes/flow/js/jquery.fileupload-validate.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-fea"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
ofghaidarium.xyz/ZDhWT1dLBzU8ajFwGCMNVkg8HQEcbgN9MyduZwkyPggiLAIyS3A7PgAFYXlmVQBgaScNXGt+cRdMNzsiFwVnaT4KXjlycRIFZ2FkUBZkd3lUHiNyZkJMJi4wWQlwPyMQVGt+YVIKZHtjUQ5le2Zc
172.67.157.158204 No Content 0 B URL HTTP/2 ofghaidarium.xyz/ZDhWT1dLBzU8ajFwGCMNVkg8HQEcbgN9MyduZwkyPggiLAIyS3A7PgAFYXlmVQBgaScNXGt+cRdMNzsiFwVnaT4KXjlycRIFZ2FkUBZkd3lUHiNyZkJMJi4wWQlwPyMQVGt+YVIKZHtjUQ5le2Zc
IP 172.67.157.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZDhWT1dLBzU8ajFwGCMNVkg8HQEcbgN9MyduZwkyPggiLAIyS3A7PgAFYXlmVQBgaScNXGt+cRdMNzsiFwVnaT4KXjlycRIFZ2FkUBZkd3lUHiNyZkJMJi4wWQlwPyMQVGt+YVIKZHtjUQ5le2Zc HTTP/1.1
Host: ofghaidarium.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 22:36:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jhIWysLA17SzWTlMywuqCc2bCs9Fd8jc5TEVzT9Va5uCq71hcG9UaX%2BPrrUtBnqx86gxyiCmIUeH0l7CbILgm%2BOn4d2cL9NfFUX%2Fm7H%2FojHnKMsUAjCIeg%2BTKoJaVcZVGdvM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7451f65b0820b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ofghaidarium.xyz/TmxldmJhUwYFXyoBIxcAGz4gI1B3NgEdKBQNVAIYHAAzBjUgPUMCCypRXURXd11UUBInCFhFUGgfERcWOx9YR0QnAgMZX2gaWEZMdkJcWFJoGVhHRDocBBFff0oVAhYiUVRAVHxeUUJXeF9RRVQ
172.67.157.158204 No Content 0 B URL HTTP/2 ofghaidarium.xyz/TmxldmJhUwYFXyoBIxcAGz4gI1B3NgEdKBQNVAIYHAAzBjUgPUMCCypRXURXd11UUBInCFhFUGgfERcWOx9YR0QnAgMZX2gaWEZMdkJcWFJoGVhHRDocBBFff0oVAhYiUVRAVHxeUUJXeF9RRVQ
IP 172.67.157.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TmxldmJhUwYFXyoBIxcAGz4gI1B3NgEdKBQNVAIYHAAzBjUgPUMCCypRXURXd11UUBInCFhFUGgfERcWOx9YR0QnAgMZX2gaWEZMdkJcWFJoGVhHRDocBBFff0oVAhYiUVRAVHxeUUJXeF9RRVQ HTTP/1.1
Host: ofghaidarium.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 22:36:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wc8dRmNV%2BvWx8nDfaZrsx53qT5je8v4aOx4AOXYBmiCO%2BC6PBCvyWlXYS3I%2BeXR0OexvvuCwoaL2kRl0WbTe6qWun4%2Bfm2mvQUAuoDo6jz1VhHwJ8uxAGBR86ve%2BMFJG%2FTcG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7451f65b1827b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-process.js
91.209.70.182200 OK 1.5 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-process.js
IP 91.209.70.182:0
Hash c3036731a042617a2f79907310514f6f
5814aeaaac53f24b5c1720a5d5baf7e35ca13f8b
8a154e6e263a987bbfda884085e5c1a6b53515ce3d17ecca14d1279ac658578c
GET /themes/flow/js/jquery.fileupload-process.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
91.209.70.182200 OK 4.7 kB URL HTTP/2 megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
IP 91.209.70.182:0
Hash 4acf31c9b95a727c995efd072b490677
58fa5abd031d782f1c966c981ea274ed03197f8d
d9a51a8084d9ea081596ce89a2dd6125eff3b039ae78b166d99429df6bf07911
GET /themes/flow/styles/font-icons/entypo/css/entypo.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45f5"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
amwoukrks.autos/VUw0a2U0LlcGWjRxVk0QJyAJTlcTaQYtATghTgADMXQGHAQsIhoICTo5UA0XOiJARQswOBFZIxsCWVIuBgtiPSQWHUE8DhwLeAUzBg1yH1IzCmU6JwEnWihVDx91DF0WKXAIXTAgYj8nFj9cOlUcGngFMwMJdSYXHyt9JzYGdFkpAiEpVigOFxpyIUBnDlYDIxINdy1UEQpfKC8sdGw5N2V5eC4rEQhaCAkWJ0MsLzwdcS5UZQFSPhYSH1oDUQEZAQ4AZ31jDyAleFEqCTMNYFMSBA1mDSg7DmAKMzlpBikHAxYEOAs9eHJbJx4pZQcGFAlyXTwADXEzHHh8QCkJZQ1WWAo/DnJSUjAKYSM9ZjhAPRIMBn0RChQZdSocNxpQHDM7NFk9NxQtUFgOcyZHBAslcXwsAhsUQllVMCdVAg
54.230.111.48200 OK 1.2 kB URL HTTP/2 amwoukrks.autos/VUw0a2U0LlcGWjRxVk0QJyAJTlcTaQYtATghTgADMXQGHAQsIhoICTo5UA0XOiJARQswOBFZIxsCWVIuBgtiPSQWHUE8DhwLeAUzBg1yH1IzCmU6JwEnWihVDx91DF0WKXAIXTAgYj8nFj9cOlUcGngFMwMJdSYXHyt9JzYGdFkpAiEpVigOFxpyIUBnDlYDIxINdy1UEQpfKC8sdGw5N2V5eC4rEQhaCAkWJ0MsLzwdcS5UZQFSPhYSH1oDUQEZAQ4AZ31jDyAleFEqCTMNYFMSBA1mDSg7DmAKMzlpBikHAxYEOAs9eHJbJx4pZQcGFAlyXTwADXEzHHh8QCkJZQ1WWAo/DnJSUjAKYSM9ZjhAPRIMBn0RChQZdSocNxpQHDM7NFk9NxQtUFgOcyZHBAslcXwsAhsUQllVMCdVAg
IP 54.230.111.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash 3ecaa4c989fec0e9436d2b277372ad94
3c84945652f8cacdf46d9558c9aeed74e9494501
5d74f88939a0308cb4ba380f4ac621f797dc742ec0a71660381034feeae73905
GET /VUw0a2U0LlcGWjRxVk0QJyAJTlcTaQYtATghTgADMXQGHAQsIhoICTo5UA0XOiJARQswOBFZIxsCWVIuBgtiPSQWHUE8DhwLeAUzBg1yH1IzCmU6JwEnWihVDx91DF0WKXAIXTAgYj8nFj9cOlUcGngFMwMJdSYXHyt9JzYGdFkpAiEpVigOFxpyIUBnDlYDIxINdy1UEQpfKC8sdGw5N2V5eC4rEQhaCAkWJ0MsLzwdcS5UZQFSPhYSH1oDUQEZAQ4AZ31jDyAleFEqCTMNYFMSBA1mDSg7DmAKMzlpBikHAxYEOAs9eHJbJx4pZQcGFAlyXTwADXEzHHh8QCkJZQ1WWAo/DnJSUjAKYSM9ZjhAPRIMBn0RChQZdSocNxpQHDM7NFk9NxQtUFgOcyZHBAslcXwsAhsUQllVMCdVAg HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Sat, 03 Sep 2022 22:36:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9D7EfLVgL5n5xr9WgaVzSLLNpLlQ-HWjcIdA6M52FyCUTyptia4B3A==
X-Firefox-Spdy: h2
amwoukrks.autos/Q2hNQ0giCi4udyJVL2U9MQRwZnoFTX8FLC4FNyguJ1B/NCk6BmMgJCwdKSU6LAY5bSYmHGhxDgwJJg0QGlh5CQQHAwsgGncZAHJ9cDAjMz4VMD0OAxA5AAoKM01/AQI0ISQPLxIxChEneiI0IH0iKnl2BXJdaHEKFyt1cQwQBBUZHAomARUsOgscCjkAIHgpGhcbASUiLCUDAgU1JzoJOhQpGyocG10dIB8nJAMvPDoLIQIFF1sLLQw6CwgNIXovKwUndAp8FhobICk6HQIQHSAfIDoCBnE0LiEzfBEgA2Z6ATojOykJLAQCAhI+IBkbFVAaLQItPX56KSAGYAkaJQ86MgISMSIBHDcRGBIgFwwVLxwiKnRmegEyKmUiMAcjM3UzCSEHDwwSGRQsMzI
54.230.111.48200 OK 1.2 kB URL HTTP/2 amwoukrks.autos/Q2hNQ0giCi4udyJVL2U9MQRwZnoFTX8FLC4FNyguJ1B/NCk6BmMgJCwdKSU6LAY5bSYmHGhxDgwJJg0QGlh5CQQHAwsgGncZAHJ9cDAjMz4VMD0OAxA5AAoKM01/AQI0ISQPLxIxChEneiI0IH0iKnl2BXJdaHEKFyt1cQwQBBUZHAomARUsOgscCjkAIHgpGhcbASUiLCUDAgU1JzoJOhQpGyocG10dIB8nJAMvPDoLIQIFF1sLLQw6CwgNIXovKwUndAp8FhobICk6HQIQHSAfIDoCBnE0LiEzfBEgA2Z6ATojOykJLAQCAhI+IBkbFVAaLQItPX56KSAGYAkaJQ86MgISMSIBHDcRGBIgFwwVLxwiKnRmegEyKmUiMAcjM3UzCSEHDwwSGRQsMzI
IP 54.230.111.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2996), with no line terminators
Hash c8a95aeb751c3a219a3ccc5d806b24f3
9ab9210205a40c5dd41786b29bc13b82a73a7ab7
60409a06d5a4480c462c90b1dd9b79c96fd25b8bf4e2bd0d362e1f0814281009
GET /Q2hNQ0giCi4udyJVL2U9MQRwZnoFTX8FLC4FNyguJ1B/NCk6BmMgJCwdKSU6LAY5bSYmHGhxDgwJJg0QGlh5CQQHAwsgGncZAHJ9cDAjMz4VMD0OAxA5AAoKM01/AQI0ISQPLxIxChEneiI0IH0iKnl2BXJdaHEKFyt1cQwQBBUZHAomARUsOgscCjkAIHgpGhcbASUiLCUDAgU1JzoJOhQpGyocG10dIB8nJAMvPDoLIQIFF1sLLQw6CwgNIXovKwUndAp8FhobICk6HQIQHSAfIDoCBnE0LiEzfBEgA2Z6ATojOykJLAQCAhI+IBkbFVAaLQItPX56KSAGYAkaJQ86MgISMSIBHDcRGBIgFwwVLxwiKnRmegEyKmUiMAcjM3UzCSEHDwwSGRQsMzI HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1156
date: Sat, 03 Sep 2022 22:36:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 87YmTjNFSXlTC4ldR21KOpTe3pOwe-9Ea1gdm_tYfDdD6k2nZ84xTQ==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
91.209.70.182200 OK 1.8 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash bb15e4a3fef3a8c0fc17715932637a2f
24e8832e864ceae067133f71528cf2f4b5cdda13
e03d1f99e87be7df62f8f972c148ef339a4a244b844cb1ce1f417efede32fd10
GET /themes/flow/frontend_assets/js/isotope/custom-isotope.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.tmpl.min.js
91.209.70.182200 OK 1.2 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.tmpl.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (971), with no line terminators
Hash af38b696c7d413455614db431f49023a
1c9518df10df295f00169cc30d0a8df0da96a809
defba8988c9bec4be19829fd8befd434c44a1a22b4c57a497059ea105d79fb02
GET /themes/flow/js/jquery.tmpl.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3cb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 281 B IP 172.64.155.188:0
Hash 2ab69a8fc2eef3e4aa0b461523c1e23f
25497e52382d99bd97ff14b020bbc09ea3a4331f
d3179f9dd0726925a10736947e46ee9a0b4911c5df4c4a65b4b05737e18d2d41
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 22:36:06 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Fri, 02 Sep 2022 21:53:47 GMT
Expires: Fri, 09 Sep 2022 21:53:46 GMT
Etag: "25497e52382d99bd97ff14b020bbc09ea3a4331f"
Cache-Control: max-age=515259,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7451f65c6fd90b59-OSL
megaup.net/themes/flow/js/jquery.fileupload.js
91.209.70.182200 OK 14 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload.js
IP 91.209.70.182:0
Hash 5363aac8d0d88ff96f128ddbfa751398
da90e3e86509081a5ab78c7b1a297ee74bfffc47
00113bf031f482005267c648ea0ba83686f73ea7198a073948785448f637f404
GET /themes/flow/js/jquery.fileupload.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-dbd4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ca6c830f06238a1d4fe8d972b7f7438e
83f6da5a3253c8c91618db43a9af0647be357baf
e3535bc40d1ebe3dd8ed8b16d273d3b39b3bc1050da63cb20cbc9717eb4fee3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3535BC40D1EBE3DD8ED8B16D273D3B39B3BC1050DA63CB20CBC9717EB4FEE3A"
Last-Modified: Sat, 03 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10851
Expires: Sun, 04 Sep 2022 01:36:57 GMT
Date: Sat, 03 Sep 2022 22:36:06 GMT
Connection: keep-alive
platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1662244563553
104.26.3.107200 OK 26 kB URL HTTP/2 platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1662244563553
IP 104.26.3.107:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (4445), with no line terminators
Hash 0d7a08ee41a80c4901c8488cc2c97ee7
a8b3e30cf0d3e8a7617c18d85edd86cbcb493d64
369b2cc9d6c4b23a503c03f822481628b330e3180c43b5772a997a5945ce9299
GET /async.php?domainid=5593&sizeid=12&zoneid=6192&k=1662244563553 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3mvxhuE%2B9gpbkVhfNrLXv8o42u3aD4XufTqyLed%2Bs%2F8qB2dud7Xt1wDmGvPhtufpU3se1wSn3octFVvCJZNGEPuQ28qt1hWYM9ziw0CoO84WBB2372IiU%2B7AO1cOendoS7QidSEz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7451f65b9debb4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
imp9.bidgear.com/rec?t=1&z=6192&uuid=86838a6e5902471c9b1d014d2c51f3d4&p=28&g=NO&token=4a44335432&tbg=1662244566
104.26.3.107200 OK 599 B URL HTTP/2 imp9.bidgear.com/rec?t=1&z=6192&uuid=86838a6e5902471c9b1d014d2c51f3d4&p=28&g=NO&token=4a44335432&tbg=1662244566
IP 104.26.3.107:0
File type JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Hash ca49a7e783b806a4e8576ea80346203d
6fe9d083221dae98f6c76f7121c37bc884b02d82
3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28
GET /rec?t=1&z=6192&uuid=86838a6e5902471c9b1d014d2c51f3d4&p=28&g=NO&token=4a44335432&tbg=1662244566 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: image/jpeg
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H1Bnemvm0Mk5j7fVdoK%2BU10TuUdV7y2eFCrzswRsUcMxraHjXXzaMf2Z2mXRosTQfoTAUstrK5hOA8w6jfZ1GP2ccgG8Wk8AynAe%2Fdwd3lGDHe4%2FSjTgc%2BRmy8HyZB%2BfeQI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7451f65c8ef7b4f7-OSL
X-Firefox-Spdy: h2
megaup.net/imageads/019.gif
91.209.70.182200 OK 850 kB URL HTTP/2 megaup.net/imageads/019.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 850 kB (850157 bytes)
Hash 0e0a55692c2025b89cacce57763ff238
0ed0db48a99f5d1ead8793e9d9e21563ee5b4ee3
1e0cce373f323d981dc4463f1c2920962ca348667296dd94f2f9d2a91b34b988
GET /imageads/019.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: image/gif
content-length: 850157
last-modified: Thu, 02 Aug 2018 19:16:52 GMT
vary: Accept-Encoding
etag: "5b6358a4-cf8ed"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/7SUw5aTEqI1cPDj0lXVQJe3kAWABvJkoGXzlxTDFoex1JI3UvPx8dSy1xCU9dKCJeVBcsIlpUAG8tXQsMfWpNGV4icUwHVSwqUAdULWpMCAwkI0MAXSUtHFt3fGIJTAN5ZEFYAGx/e0wDeSBQB0QxaQtZSXF6Zl8FbH97TAN5Pk9MAgh1D0cBYGkLWVYsL1-IGFHsKC1kAeXwIWQBsfgkPWDspXwZJbH5/UAdnfB8cDHg
143.204.42.171200 OK 355 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/7SUw5aTEqI1cPDj0lXVQJe3kAWABvJkoGXzlxTDFoex1JI3UvPx8dSy1xCU9dKCJeVBcsIlpUAG8tXQsMfWpNGV4icUwHVSwqUAdULWpMCAwkI0MAXSUtHFt3fGIJTAN5ZEFYAGx/e0wDeSBQB0QxaQtZSXF6Zl8FbH97TAN5Pk9MAgh1D0cBYGkLWVYsL1-IGFHsKC1kAeXwIWQBsfgkPWDspXwZJbH5/UAdnfB8cDHg
IP 143.204.42.171:0
File type ASCII text, with very long lines (454), with no line terminators
Hash aa89b4b7d754ef4a62ff23bbf794db80
3d31a831f046da35f9557df2e8ed1660d1371360
4993608b7e549fab5bf6e1af15cedf8108292577263af9e31a088968125a96a5
GET /7SUw5aTEqI1cPDj0lXVQJe3kAWABvJkoGXzlxTDFoex1JI3UvPx8dSy1xCU9dKCJeVBcsIlpUAG8tXQsMfWpNGV4icUwHVSwqUAdULWpMCAwkI0MAXSUtHFt3fGIJTAN5ZEFYAGx/e0wDeSBQB0QxaQtZSXF6Zl8FbH97TAN5Pk9MAgh1D0cBYGkLWVYsL1-IGFHsKC1kAeXwIWQBsfgkPWDspXwZJbH5/UAdnfB8cDHg HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://amwoukrks.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 355
date: Sat, 03 Sep 2022 22:36:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: foD6c3IczW-8IPua42jMwBehYAEPVWHLAuASdGn6kQifdLBGaQ5hsA==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/0MmlYcGxRBjYWU0YAPE1UBV9rQVQUAysfAkJUAUIuSl4bCgoEBGtFOERPLAoID1l+HA1cDmVWCVwKZUFKUw06TVgUHSgfBw8ANx0BVRsrAh9WTy0RUV8GIhkAXgh9QioHR2hVXgJBIEFdF1oaVV4CBTEeGUpMakAUCl8HRlgXWhpVXgIbLlVfc1BuXlwbTG-pAC1cKMx9JAC9qQF0CWWlAXRdbaBYFQAw+HxQXWx5JWhxZfgVRAw
143.204.42.171200 OK 451 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/0MmlYcGxRBjYWU0YAPE1UBV9rQVQUAysfAkJUAUIuSl4bCgoEBGtFOERPLAoID1l+HA1cDmVWCVwKZUFKUw06TVgUHSgfBw8ANx0BVRsrAh9WTy0RUV8GIhkAXgh9QioHR2hVXgJBIEFdF1oaVV4CBTEeGUpMakAUCl8HRlgXWhpVXgIbLlVfc1BuXlwbTG-pAC1cKMx9JAC9qQF0CWWlAXRdbaBYFQAw+HxQXWx5JWhxZfgVRAw
IP 143.204.42.171:0
File type ASCII text, with very long lines (598), with no line terminators
Hash 66c30ecd125b7ffbadd460498b191169
be0806badf8763a516a9418550e14cc12e6e7a00
9e69364ffbb199c8db9a92cf26ab45a444052cc35768413e540eb12970d3fbf8
GET /0MmlYcGxRBjYWU0YAPE1UBV9rQVQUAysfAkJUAUIuSl4bCgoEBGtFOERPLAoID1l+HA1cDmVWCVwKZUFKUw06TVgUHSgfBw8ANx0BVRsrAh9WTy0RUV8GIhkAXgh9QioHR2hVXgJBIEFdF1oaVV4CBTEeGUpMakAUCl8HRlgXWhpVXgIbLlVfc1BuXlwbTG-pAC1cKMx9JAC9qQF0CWWlAXRdbaBYFQAw+HxQXWx5JWhxZfgVRAw HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://amwoukrks.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 451
date: Sat, 03 Sep 2022 22:36:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: z81Y1K1XgLoHzUGIm0kyu8PaMc7IaCyCKEGG8Dcc4hJSPIqlqtp1DA==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/NNm9KSGVVACQuWkIGLnVSAFt7fFQQBTknC0ZSAg8CeDc8elVTBCshQ0IVLnVVEAMrJgILSS8mBgtebCkBVFJ+bhFGACF1DFkCJy8XRR05LENDDnclCkwGJiQEE10MfUsGSnh4TU5ee21WdEp4eAlfAT8wQARfMnBTaVl+bVZ0Snh4F0BKeQlcAEF6YUAEXy-0tBl0Ab3ojBF97eFUHX3ttVwYJIzoAUAAybVdwVnxmVRAad3k
143.204.42.171200 OK 586 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/NNm9KSGVVACQuWkIGLnVSAFt7fFQQBTknC0ZSAg8CeDc8elVTBCshQ0IVLnVVEAMrJgILSS8mBgtebCkBVFJ+bhFGACF1DFkCJy8XRR05LENDDnclCkwGJiQEE10MfUsGSnh4TU5ee21WdEp4eAlfAT8wQARfMnBTaVl+bVZ0Snh4F0BKeQlcAEF6YUAEXy-0tBl0Ab3ojBF97eFUHX3ttVwYJIzoAUAAybVdwVnxmVRAad3k
IP 143.204.42.171:0
File type ASCII text, with very long lines (824), with no line terminators
Hash 6a7ee7c386e905b88b06f39487134942
c2b28bfd82a8a35d0184656c74a2c6cfbe9a5b71
56743e5afb8957e9538ff964a371e4183801c8f5d43f3ab5bbefe35d8d7c82a6
GET /NNm9KSGVVACQuWkIGLnVSAFt7fFQQBTknC0ZSAg8CeDc8elVTBCshQ0IVLnVVEAMrJgILSS8mBgtebCkBVFJ+bhFGACF1DFkCJy8XRR05LENDDnclCkwGJiQEE10MfUsGSnh4TU5ee21WdEp4eAlfAT8wQARfMnBTaVl+bVZ0Snh4F0BKeQlcAEF6YUAEXy-0tBl0Ab3ojBF97eFUHX3ttVwYJIzoAUAAybVdwVnxmVRAad3k HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://amwoukrks.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 586
date: Sat, 03 Sep 2022 22:36:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zHWzW0ERroP5SR24qe2HcpScAhdwP4DwdKDyErEL9874r2x3JQOrpw==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/OakNXY04JLDkFcR4qM153XnpvVXpMKSQMIBp+JwIiLgQYGRo9Jyc5aB45M15+TC82DSlXZTINLVdycQIqCH5jRTsLfjoMNAMvOwJrWAViTX5PcWdLNltyclAMT3FnDycENi9GfFo7b1URXHdyUAxPcWcROE9wFlp4RHN+RnxaJDIAJQVmZSV8WnJnU39acn-JRfgwqJQYoBTtyUQhTdXlTaB9+Zg
143.204.42.171200 OK 190 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/OakNXY04JLDkFcR4qM153XnpvVXpMKSQMIBp+JwIiLgQYGRo9Jyc5aB45M15+TC82DSlXZTINLVdycQIqCH5jRTsLfjoMNAMvOwJrWAViTX5PcWdLNltyclAMT3FnDycENi9GfFo7b1URXHdyUAxPcWcROE9wFlp4RHN+RnxaJDIAJQVmZSV8WnJnU39acn-JRfgwqJQYoBTtyUQhTdXlTaB9+Zg
IP 143.204.42.171:0
File type ASCII text, with no line terminators
Hash 393ed1fc6c815c5b4e2cd973a399fb9b
913f32090c9beadbffcb6ac963ffd5f3631c2b08
4dd676a9f2ea6e62ddd75ab7ae31bb08ffe1692ca96277ca355a25213e317e91
GET /OakNXY04JLDkFcR4qM153XnpvVXpMKSQMIBp+JwIiLgQYGRo9Jyc5aB45M15+TC82DSlXZTINLVdycQIqCH5jRTsLfjoMNAMvOwJrWAViTX5PcWdLNltyclAMT3FnDycENi9GfFo7b1URXHdyUAxPcWcROE9wFlp4RHN+RnxaJDIAJQVmZSV8WnJnU39acn-JRfgwqJQYoBTtyUQhTdXlTaB9+Zg HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://amwoukrks.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 190
date: Sat, 03 Sep 2022 22:36:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: C7x9Id9hPJ0MiVvfyz_dmLi7WMl9NBVF-zhk6Ngxa3Il44z-KsAjEg==
X-Firefox-Spdy: h2
syndication.exdynsrv.com/v1/api.php
95.211.229.248200 OK 722 B URL HTTP/1.1 syndication.exdynsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (970), with no line terminators
Hash 41b55b58e85b24912637453fcb012d09
fa95de069671486e5fcd92f9687518d15a8c96b4
83fbad71fdb5ca7555bd69115c49445d7d282dbeb2ce317a720cdfcb73209186
POST /v1/api.php HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 308
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:36:06 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
dmmzkfd82wayn.cloudfront.net/WMmszMHNRBF1WTEYCVw1EBFoCCEUUAUBfHUJWY1g2Yh5waCRDXhVECVZWAxYfUwVUDVVXBVANQhQKV1JOBk1HQBxZVlpfHl8MQUMBQQ8VRRIPBlxKGl4HUhVBdF4dAFYAWxtIQgNOAHJWAFtfWR1HExYCQ0pTBW9FBk4AclYAW0FGVgEqCgZdAkIWAkNVDl-BbHBdZdQJDA1sDAUMDTgEAFVsZVlYcSk4BdkoERQMWBg9a
143.204.42.171200 OK 595 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/WMmszMHNRBF1WTEYCVw1EBFoCCEUUAUBfHUJWY1g2Yh5waCRDXhVECVZWAxYfUwVUDVVXBVANQhQKV1JOBk1HQBxZVlpfHl8MQUMBQQ8VRRIPBlxKGl4HUhVBdF4dAFYAWxtIQgNOAHJWAFtfWR1HExYCQ0pTBW9FBk4AclYAW0FGVgEqCgZdAkIWAkNVDl-BbHBdZdQJDA1sDAUMDTgEAFVsZVlYcSk4BdkoERQMWBg9a
IP 143.204.42.171:0
File type ASCII text, with very long lines (826), with no line terminators
Hash 0676f5cac64b8e5f5c2afed11d443c32
01c715f6710b5400775cb8cb7db7aeb3b8576e94
db07ea6571baab5a7b339bad2f31d5413d857afe219d2c080504545f709f3428
GET /WMmszMHNRBF1WTEYCVw1EBFoCCEUUAUBfHUJWY1g2Yh5waCRDXhVECVZWAxYfUwVUDVVXBVANQhQKV1JOBk1HQBxZVlpfHl8MQUMBQQ8VRRIPBlxKGl4HUhVBdF4dAFYAWxtIQgNOAHJWAFtfWR1HExYCQ0pTBW9FBk4AclYAW0FGVgEqCgZdAkIWAkNVDl-BbHBdZdQJDA1sDAUMDTgEAFVsZVlYcSk4BdkoERQMWBg9a HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://amwoukrks.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 595
date: Sat, 03 Sep 2022 22:36:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: deb8HpDiOFxdJ-gpNTEHNa1JuEJ9ZyLz7eav8mVBu8YIlPYRvXj5oQ==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
91.209.70.182200 OK 951 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
IP 91.209.70.182:0
File type PNG image data, 114 x 114, 8-bit colormap, non-interlaced\012- data
Hash 76852bc6b2c028db97322a74e85bd020
ed52fb4de0d51f93277bbaae42fa80ba5f92c31e
8a5ef2ef8440c17db1b1b539065ba4a887e07a2c508b79c2d1659512e9016884
GET /themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: image/png
content-length: 951
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-3b7"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/file-upload.css
91.209.70.182200 OK 2.5 kB URL HTTP/2 megaup.net/themes/flow/styles/file-upload.css
IP 91.209.70.182:0
File type assembler source, ASCII text
Hash 0091e364e7d3e043611f500ee128f25f
ac2ef0a0661976d777f0ebbbcc469ce7009531cb
357a6e55d69cc8a2ce77133f6370af21cc8d547b298387b895dd5a8dcf49f8fc
GET /themes/flow/styles/file-upload.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-21ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
ad.a-ads.com/1811811?size=300x250
213.239.205.245200 OK 626 kB URL HTTP/2 ad.a-ads.com/1811811?size=300x250
IP 213.239.205.245:0
ASN #24940 Hetzner Online GmbH
Size 626 kB (626058 bytes)
Hash 445de1bd36830497564325647fb5a132
a26908a933b4c8388cf76ad29b585f02d6c93b1e
74d226918d9899b17da6aa3c0424f646c16276711a1036b997691fab57d0d157
GET /1811811?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megaup.net/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a3a96c8b66c9fca1fc8f3c35afdd2605
a51e774cd8a298541806756fcf7d9995e378bf63
85abeb3438d14f003f10b69b39c5e0e5cbf2c9de5364c71bb13d9ae5d1a26b25
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:36:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
amwoukrks.autos/utx?cb=ViX3dSxkm1KN&top=megaup.net&tid=761186
54.230.111.48204 No Content 0 B URL HTTP/2 amwoukrks.autos/utx?cb=ViX3dSxkm1KN&top=megaup.net&tid=761186
IP 54.230.111.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=ViX3dSxkm1KN&top=megaup.net&tid=761186 HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 22:36:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 03 Sep 2022 22:37:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Lete5ubjoSwRdPEtsEDpagqtzxARVOz4UigLtSJq4917R-PfRY39fw==
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sat, 03 Sep 2022 20:41:12 GMT
expires: Sat, 03 Sep 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 6894
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a3a96c8b66c9fca1fc8f3c35afdd2605
a51e774cd8a298541806756fcf7d9995e378bf63
85abeb3438d14f003f10b69b39c5e0e5cbf2c9de5364c71bb13d9ae5d1a26b25
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:36:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
amwoukrks.autos/utx?cb=GcfrDTiVUlGB&top=megaup.net&tid=825911
54.230.111.48204 No Content 0 B URL HTTP/2 amwoukrks.autos/utx?cb=GcfrDTiVUlGB&top=megaup.net&tid=825911
IP 54.230.111.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=GcfrDTiVUlGB&top=megaup.net&tid=825911 HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 22:36:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 03 Sep 2022 22:37:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: v9jymkzftX0GmzKLyONIsdWGG2OTkbIHQehXaPjwSzSVf7DYa58dig==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 399 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 0de6b0871ef909561727a089a2e1fa23
9ae8f6898bd18feaad1a87dc5227c031ebad3ca4
f6c5999197cdfd97c73df744a315cfe9c430c64ece05fe354988f36d81d5af96
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 22:36:06 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1375218202%3A1662244566875881&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmWGl63CbqOht4RKnpTIUaLP6aMu4Bvny_p4vKPSEOnR0ncWBHZ4_8eYUwblugx8_T-wwAJHeg
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-K7LSZGNPp9ceOCFxey3sTQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 399
server: GSE
set-cookie: __Host-GAPS=1:GsVgzkCbFBwnaNERwCMWjFBJaNWPig:yfGPRnhy8T84_qqH;Path=/;Expires=Mon, 02-Sep-2024 22:36:06 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/
143.204.42.171200 OK 73 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/
IP 143.204.42.171:0
File type ASCII text, with no line terminators
Hash de37377b72195a4f064edf7ec8a76676
ed544d5b6a37acad78498099407c648a93316ddb
b3209cc0b1d1b71e85af4e843afe00a3079f3286d52b3fb47e72c6c5c48b8399
GET / HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 73
date: Sat, 03 Sep 2022 22:36:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4cQXWIUw4jHf735WLlezpAD6I07W5PxH8ii5Bz8adSsdA28UlCiHOw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 51df98c169fb7de773301d014bcea4b8
9bdf9bdb9b5eee378e9ac4ec68ca07c665ae4819
c8336f3a2e16c9390b610c612ce9be7c19286f04a6328a29200cbf65db5801c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:36:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 5f57ff77dfe2cae0d1f24a80f5b3e629
063ef957d9ec38d754a8c56ce2f6a0333b2da0b0
f1e112bfbf59326bfc8be17bc7a1de934fdda76ee19f331ec500364bf593ab15
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 22:36:06 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1560926738%3A1662244566926887&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmXwa4gQstFZwpXFqMKxhV2T_gTPdtDE_y6hN84KzChgh0x3x72wMN8YdJ63szmbDrHrYrPi0A
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-taWKQ5IvjtG4auRTRqn4_g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:8ABKFHwbMn0TznReBc-RazGCXJbgPQ:FDe2GmXj0dhCExiV;Path=/;Expires=Mon, 02-Sep-2024 22:36:06 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
amwoukrks.autos/utx?cb=keClJL97khMQ&top=megaup.net&tid=876318
54.230.111.48204 No Content 0 B URL HTTP/2 amwoukrks.autos/utx?cb=keClJL97khMQ&top=megaup.net&tid=876318
IP 54.230.111.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=keClJL97khMQ&top=megaup.net&tid=876318 HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 22:36:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 03 Sep 2022 22:37:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xGfL7wxZnKipKVeLnaST0j06Y9Fs_C1Mjf5RjocBeNQpHcj98O7nNA==
X-Firefox-Spdy: h2
amwoukrks.autos/utx?cb=E1z6uoBUexHB&top=megaup.net&tid=764141
54.230.111.48204 No Content 0 B URL HTTP/2 amwoukrks.autos/utx?cb=E1z6uoBUexHB&top=megaup.net&tid=764141
IP 54.230.111.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=E1z6uoBUexHB&top=megaup.net&tid=764141 HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 22:36:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 03 Sep 2022 22:37:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rY7rFLS58oUjnXgMoCqyH-XWlRTj77ZYK_aQot590ohRvA8j8iFzhA==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3f40932022c00daae8bb8e8d21e65641
bcac67288cb0c77ea071070ed836a650be4a7752
0c6eccb2f2a91f6b4269eaa57efa9f929358dfa51a27e6cc38379e807d2120d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3510
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:36:06 GMT
Last-Modified: Sat, 03 Sep 2022 21:37:38 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash f35ef5eea84ffb5288d3e149350e6e0a
8951c215c9258ffaec25534b1a49e2b0f8743e50
bc08ef3fd1f09d9762e4528370eae2f9380a46f22aadf0bd6459b659d3f6fa2f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2819
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:36:06 GMT
Last-Modified: Sat, 03 Sep 2022 21:49:07 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 312
syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PW0oEQQy8iheYppJOZzr77beC4gF6emb9chFcYYU6vL2zspgikEoqL4XqhJiQH6Qesh/gDEmBZJqkGJ+eX2jCj+29fX+m03ZmlnAFPQJWGdmqOs3cpDqLCE3Dy2y0WmeBgVKYiQEt2ewaJQDCCr69Pu4uA8oMXLSMhn0tBUobBJdrM46LNdvEo1qsfcm19jao93WZW9+F/+/EDQmiuk//S4wHLKspJ7kT4zBwL7evn1Mn7/Ibyn2AsJe2dnO0eixrn2Mt0VuHj2uw5G35BWi2uXhVAQAA
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PW0oEQQy8iheYppJOZzr77beC4gF6emb9chFcYYU6vL2zspgikEoqL4XqhJiQH6Qesh/gDEmBZJqkGJ+eX2jCj+29fX+m03ZmlnAFPQJWGdmqOs3cpDqLCE3Dy2y0WmeBgVKYiQEt2ewaJQDCCr69Pu4uA8oMXLSMhn0tBUobBJdrM46LNdvEo1qsfcm19jao93WZW9+F/+/EDQmiuk//S4wHLKspJ7kT4zBwL7evn1Mn7/Ibyn2AsJe2dnO0eixrn2Mt0VuHj2uw5G35BWi2uXhVAQAA
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01PW0oEQQy8iheYppJOZzr77beC4gF6emb9chFcYYU6vL2zspgikEoqL4XqhJiQH6Qesh/gDEmBZJqkGJ+eX2jCj+29fX+m03ZmlnAFPQJWGdmqOs3cpDqLCE3Dy2y0WmeBgVKYiQEt2ewaJQDCCr69Pu4uA8oMXLSMhn0tBUobBJdrM46LNdvEo1qsfcm19jao93WZW9+F/+/EDQmiuk//S4wHLKspJ7kT4zBwL7evn1Mn7/Ibyn2AsJe2dnO0eixrn2Mt0VuHj2uw5G35BWi2uXhVAQAA HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:36:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
yresumeform.autos/utx?tid=832633&top=megaup.net&cb=DqoKa9OzVkiv
54.230.111.51204 No Content 0 B URL HTTP/2 yresumeform.autos/utx?tid=832633&top=megaup.net&cb=DqoKa9OzVkiv
IP 54.230.111.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=832633&top=megaup.net&cb=DqoKa9OzVkiv HTTP/1.1
Host: yresumeform.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 22:36:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 03 Sep 2022 22:37:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yBHtB11gkWrPPkKMNqi8vGiA4zcbYdt5_BEJlzSLbGdjJtNK63SCOw==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
91.209.70.182200 OK 14 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
IP 91.209.70.182:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f3a6904c5a27c32b9a9d94329d181ea3
646cb1eeafddc64aa186887ac2b58cba8a79c364
dba3669da7edbd548b50f2ab18a69c4686551b3713463c28080b649ccfab75be
GET /themes/flow/frontend_assets/images/icons/favicon/favicon.ico HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: image/x-icon
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-47e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 22:36:07 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10721591
X-HW: 1662244567.dop223.sk1.t,1662244567.cds228.sk1.shn,1662244567.cds228.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/39/1393/805208/1028974/1028974_logo.png
205.185.208.20200 OK 16 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/39/1393/805208/1028974/1028974_logo.png
IP 205.185.208.20:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 2aaacb14c0816c811151f7e5ad369e9f
2b51b630dcbbdcd9cb0e9c298a5d4323de0f19f5
c6f084bf2cbf871312c3c508455dfeff2bb11dc8909d98ab1a43897b16bedf4e
GET /a7/creatives/39/1393/805208/1028974/1028974_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 22:36:07 GMT
Connection: Keep-Alive
ETag: "1649873991"
Content-Length: 15603
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2022 18:19:51 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10552566
X-HW: 1662244567.dop221.sk1.t,1662244567.cds202.sk1.shn,1662244567.dop221.sk1.t,1662244567.cds227.sk1.c
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4edbd5483da4bb32e98d558800aa559e
178a7815b74b6ff96bfa074134fb8261c8becd3b
9b141df8837bcb77bcaac0a9699e5bb30c77f3ef77a06947ccbc1a59c72c7d5d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B141DF8837BCB77BCAAC0A9699E5BB30C77F3EF77A06947CCBC1A59C72C7D5D"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=385
Expires: Sat, 03 Sep 2022 22:42:32 GMT
Date: Sat, 03 Sep 2022 22:36:07 GMT
Connection: keep-alive
hw-cdn2.ang-content.com/a7/creatives/39/1393/805208/1028974/1028974_video.mp4
205.185.208.20206 Partial Content 513 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/39/1393/805208/1028974/1028974_video.mp4
IP 205.185.208.20:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 513 kB (513036 bytes)
Hash b8e13fc38d24155acfee347096dd0337
8b197d6a698841b21d30425c79c640912c31c55f
968c1265d8caffcb43ce690d7964e6f8c2f9fd2df304b53b43d4b76cf33834de
GET /a7/creatives/39/1393/805208/1028974/1028974_video.mp4 HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Date: Sat, 03 Sep 2022 22:36:07 GMT
Connection: Keep-Alive
ETag: "1649875693"
Content-Length: 513036
Content-Range: bytes 0-513035/513036
Content-Type: video/mp4
Last-Modified: Wed, 13 Apr 2022 18:48:13 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10471743
X-HW: 1662244567.dop221.sk1.t,1662244567.cds202.sk1.shn,1662244567.dop221.sk1.t,1662244567.cds222.sk1.c
Access-Control-Allow-Origin: *
amwoukrks.autos/multi?cs=M09LRVIFfXxxZgZ%2BeHJgBHx5dmE&abt=0&red=1&sm=76&k=download%20file%20crusader%20kings%20royal%20edition&v=1.0.59.0&sts=0&prn=0&emb=0&tid=876318&fs=1&mbkb=136.986301369863&ref=https%3A%2F%2Fmegaup.net%2F2sv4D%2FCrusader.Kings.III.Royal.Edition.v1.6.1.2.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_5iQk=1662244564209&crc=1
54.230.111.48200 OK 1.6 kB URL HTTP/2 amwoukrks.autos/multi?cs=M09LRVIFfXxxZgZ%2BeHJgBHx5dmE&abt=0&red=1&sm=76&k=download%20file%20crusader%20kings%20royal%20edition&v=1.0.59.0&sts=0&prn=0&emb=0&tid=876318&fs=1&mbkb=136.986301369863&ref=https%3A%2F%2Fmegaup.net%2F2sv4D%2FCrusader.Kings.III.Royal.Edition.v1.6.1.2.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_5iQk=1662244564209&crc=1
IP 54.230.111.48:0
File type ASCII text, with very long lines (3230), with no line terminators
Hash dd6adfd846b9547ea610862321ee68c1
7f686be68096b08e23984fba79070beb1bbff6b7
d6c9446e05a489bec630ee4e70e6d7e1217606dfef2b9d20bb09418f281f2fe8
GET /multi?cs=M09LRVIFfXxxZgZ%2BeHJgBHx5dmE&abt=0&red=1&sm=76&k=download%20file%20crusader%20kings%20royal%20edition&v=1.0.59.0&sts=0&prn=0&emb=0&tid=876318&fs=1&mbkb=136.986301369863&ref=https%3A%2F%2Fmegaup.net%2F2sv4D%2FCrusader.Kings.III.Royal.Edition.v1.6.1.2.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_5iQk=1662244564209&crc=1 HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1558
date: Sat, 03 Sep 2022 22:36:07 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=2d6166b6-cb93-4ca8-9c83-e687898b7e4d
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WkLIlp72_kQpArdoM0VIbbtrtCZqlV2RDqsQGSAJzPr4hkOpTfqu1Q==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9509
Expires: Sun, 04 Sep 2022 01:14:36 GMT
Date: Sat, 03 Sep 2022 22:36:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9509
Expires: Sun, 04 Sep 2022 01:14:36 GMT
Date: Sat, 03 Sep 2022 22:36:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9509
Expires: Sun, 04 Sep 2022 01:14:36 GMT
Date: Sat, 03 Sep 2022 22:36:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c475e9b-fa82-4942-8a4a-d6d3f5061558.webp
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c475e9b-fa82-4942-8a4a-d6d3f5061558.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8cdd0826b7d8be62cc2ed532e04e137b
383a0661fa09d9b48745b507389d0505303b6182
f2d04cf1ee9b5a885c246060c1036b21af4ecd3e51e5d05a529dbe0d63f7c2ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c475e9b-fa82-4942-8a4a-d6d3f5061558.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10713
x-amzn-requestid: d546a12c-c549-4ad3-80ad-6bad452927d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5winGzHIAMFTPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7aa-2060c6611eb4abb777cc17a8;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FRD_E3IP_SmjPQuoVEijMnLszBb5bhc_1PxJXOlmdyufLKzx33joTw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
age: 2880
etag: "383a0661fa09d9b48745b507389d0505303b6182"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25364423-42e8-41d8-af39-740ce9796e2f.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25364423-42e8-41d8-af39-740ce9796e2f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acac2bb5e293a186468a570578cb95d7
2884e46ae1e15d29f26abc040dd43d173a9b04c8
e336b7fbac184be0ed78002ad60fc3fea1c4064c1c0a48fdfed5ad011308c0e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25364423-42e8-41d8-af39-740ce9796e2f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3964
x-amzn-requestid: 50691b02-9efe-4615-b4ff-a6ea75af162c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwIHrlIAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-694671fc5371369d3901c55b;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: mgPk7HRZxd9mH9tSdWw3Sp60k4YkZ-WQs5zhoLOKAW2Fa7wIMIwvGA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
etag: "2884e46ae1e15d29f26abc040dd43d173a9b04c8"
content-type: image/jpeg
age: 2880
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48ddd9c9-1923-443a-8dbf-f936630b1f9b.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48ddd9c9-1923-443a-8dbf-f936630b1f9b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7602d55b1969744668194d6433ad2490
c9e50dd6d25825a3fff305261dc8f85a7113150a
9ab721edb038aad74dabe751f7790fe21915884893ea9f471e407ae526495701
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48ddd9c9-1923-443a-8dbf-f936630b1f9b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4615
x-amzn-requestid: a28cc354-9caf-45e8-805e-a9d076f4c55d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wxXFsZIAMFbVQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c808-118caff17f74408d6ba251b9;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -lSmGdhagYg_JEI3Q5xybMrcddHCBhA_yGmuvYWQcoUqJdM3jJ_mrA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
age: 2880
etag: "c9e50dd6d25825a3fff305261dc8f85a7113150a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87cad5e1-a1b5-47c6-9dc3-339735fecc60.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87cad5e1-a1b5-47c6-9dc3-339735fecc60.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 963f97e0ee4ae7015a7d9c6920aeb064
87d4277c53e3320b8f0f9e564c112ade8e6fa8d9
ee1a5565dec52bb123104a4a4f9edf764e2ad7929869299a14307f6e00a50fee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87cad5e1-a1b5-47c6-9dc3-339735fecc60.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6129
x-amzn-requestid: 93447f39-3086-4613-8d08-5c766fb52a16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5xR7GuyoAMF0DA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c8d8-7f2c8d6d0edee0d05a3f8a72;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:36:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 91ogcZ8rC1iagqvUg46tAUFai_xVKGWTDlT74jsc4ENaOoefz8tQ1A==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
age: 2880
etag: "87d4277c53e3320b8f0f9e564c112ade8e6fa8d9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb4b1d74f1443bc3328301ab3ae6464
2768253dacaaad6cb498c6b2eb7694208b0ce0a6
07dcc95dab7757402998a5a61b540c965ce95c8bd51a814a09438981693b563a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8688
x-amzn-requestid: e408351e-ba6c-4e55-815d-449af808282f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5yMEFBLoAMFtqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313ca4d-13831d8572a3b3cf54a0e747;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:42:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GFM9jerDkTPdhlUTm99E7Lpksw2ZGnV81bNVaZLvWSAiRNDNtkZi4g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
etag: "2768253dacaaad6cb498c6b2eb7694208b0ce0a6"
content-type: image/jpeg
age: 2880
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bab7d82-0a83-46ba-924e-b2c243917612.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bab7d82-0a83-46ba-924e-b2c243917612.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1fc7703787379eb11904c4401cf312cc
96fdf64be0c9fdf0863b0f6daff8ea8ec123ee88
60277b56243f960c5c8cd4114075ae15e4b03b610093095b8bcc2890cffaca72
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bab7d82-0a83-46ba-924e-b2c243917612.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8454
x-amzn-requestid: 6c8ece2f-7281-482d-9089-bca75c0e336d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5yMGEnGIAMFp1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313ca4d-3e8167960ddf23782816e488;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:42:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: aLlHMCR_I2UMrp-NcFroljqK6lI1AIpAtJxPIc7c6iL7uSU8KW8Q2Q==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
etag: "96fdf64be0c9fdf0863b0f6daff8ea8ec123ee88"
content-type: image/jpeg
age: 2880
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tebilaterde.xyz/
44.195.137.121200 OK 0 B IP 44.195.137.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tebilaterde.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Content-Length: 388
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31568, version 1.1\012- data
Hash e0c4ac0e73196bd0469c5c33304b7773
bb071565f82907d117b0732dca8013409162c67d
ff3bf3a4a1bf2b922157b18d0e8cddd95f2fc2dfe09c30a3ce67bc11a84c67af
GET /themes/flow/frontend_assets/fonts/raleway_bold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45; _ga=GA1.2.1856383209.1662244564; _gid=GA1.2.1640555260.1662244564; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:07 GMT
content-type: font/woff
content-length: 31568
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7b50"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.dataTables.min.js
91.209.70.182200 OK 24 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.dataTables.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (768)
Hash e1adfebdeda4ab4e6c6ae11fe918ba44
6324aa5b421f728b243e18006cca0d29c94e6cca
4b3f9fe73f0c2dd4c8ff8a35d0da6f27afd63d12ed5b8216a3a040f4bd9ebf74
GET /themes/flow/js/jquery.dataTables.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-10fe4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
tebilaterde.xyz/
44.195.137.121200 OK 0 B IP 44.195.137.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tebilaterde.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://megaup.net
Content-Length: 347
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
tebilaterde.xyz/
44.195.137.121200 OK 0 B IP 44.195.137.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tebilaterde.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Content-Length: 392
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
tebilaterde.xyz/
44.195.137.121200 OK 0 B IP 44.195.137.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tebilaterde.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://megaup.net
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5c8bffff0c37505055cddb0213018eea
871cd50b1c8b8893f9e465a2b04f9093ced725b9
3c662d36a41d08b1c5078eee8e6a58703705a94c1d29698c8c7273be08a8f32e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3C662D36A41D08B1C5078EEE8E6A58703705A94C1D29698C8C7273BE08A8F32E"
Last-Modified: Sat, 03 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7729
Expires: Sun, 04 Sep 2022 00:44:58 GMT
Date: Sat, 03 Sep 2022 22:36:09 GMT
Connection: keep-alive
xml.serve-servee.com/thumbnail?i=ncYTPsXR2q0_0&imgt=icon
172.67.217.88302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=ncYTPsXR2q0_0&imgt=icon
IP 172.67.217.88:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=ncYTPsXR2q0_0&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 03 Sep 2022 22:36:09 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/250x250_hqCCg8Cm.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wWod2RBIqyPQpzydBSNGKka37rPgCqSHLWNPG5luORuas7L3K9%2FNEOpt4fK8Pqcrs%2BVmoG5A5OlGgLfKb8gwtqu%2FjVIeieeO1fvFQnffUJKSDhCwmzKhEip8fdDxNv6OFyBRCK91xA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7451f670df41b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5c8bffff0c37505055cddb0213018eea
871cd50b1c8b8893f9e465a2b04f9093ced725b9
3c662d36a41d08b1c5078eee8e6a58703705a94c1d29698c8c7273be08a8f32e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3C662D36A41D08B1C5078EEE8E6A58703705A94C1D29698C8C7273BE08A8F32E"
Last-Modified: Sat, 03 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7729
Expires: Sun, 04 Sep 2022 00:44:58 GMT
Date: Sat, 03 Sep 2022 22:36:09 GMT
Connection: keep-alive
static.serve-servee.com/n337/ad/250x250_hqCCg8Cm.png
172.67.217.88200 OK 89 kB URL HTTP/2 static.serve-servee.com/n337/ad/250x250_hqCCg8Cm.png
IP 172.67.217.88:0
File type PNG image data, 250 x 250, 8-bit/color RGB, non-interlaced\012- data
Hash 0994ec31361ea569c5549063145bfdd2
9b270e9f7a346a0f0f60a978e154f49740350270
e4dbff1cf1f9750d68296737897eba9bd59ebdcb292015e87c3be61b5c242422
GET /n337/ad/250x250_hqCCg8Cm.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 22:36:09 GMT
content-type: image/png
content-length: 88957
last-modified: Thu, 08 Apr 2021 13:54:09 GMT
accept-ranges: bytes
etag: "606f0b01-15b7d"
cache-control: max-age=86400
x-hw: 1662244569.cds251.sk1.h2,1662244569.cds203.sk1.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ki75HsvnS2%2FCq%2B6eYADeia5VLpa5QSzCT6MVJS34kaonqfmcAOn5wagvJUQZktA2q%2FvDMIvGiQMhKadKg6pyxGl1Z77DIccninDXK5TJQTPfWqIPkaZg%2FOfs%2FsVcHrqJ%2BTrPd77kthiwlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7451f671a806b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31900, version 1.1\012- data
Hash 1b285c8e5b7445a8e434b2cdf036bab2
c97d4772fbb5c5637d466b5f991bc7ec28830b32
09b979826f2ac158a63ba234042c66414c21282d0bb46eadc62c64a873778825
GET /themes/flow/frontend_assets/fonts/raleway_medium.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45; _ga=GA1.2.1856383209.1662244564; _gid=GA1.2.1640555260.1662244564; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:12 GMT
content-type: font/woff
content-length: 31900
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c9c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 688457c8896bdc053ebd59c2b6babea0
5596713cff607c15b13efe976587d7ed0777b03b
f9a5580fbd11d7571c9d3c02ee40b1ac7881f3334f3edf600fafdc48e249c2c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F9A5580FBD11D7571C9D3C02EE40B1AC7881F3334F3EDF600FAFDC48E249C2C2"
Last-Modified: Thu, 01 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6284
Expires: Sun, 04 Sep 2022 00:20:57 GMT
Date: Sat, 03 Sep 2022 22:36:13 GMT
Connection: keep-alive
megaup.net/themes/flow/js/jquery.fileupload-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-61ef"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/animation/jquery.appear.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-5c6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
freychang.fun/asd100.bin
104.21.45.207200 OK 0 B IP 104.21.45.207:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: freychang.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 7088
last-modified: Sat, 03 Sep 2022 20:37:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qY%2F5FmR8tqMS6Jorh%2FCusEV7yESQEO%2FIujcgWGkEppIxKrmdkgtaG6pAQO6hxKd8qdUMIvwz46bsWn5gDqkRnT47Q5yOZPO5uI7B335rY1OiHefFZwytQ4wQbLjYps71"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7451f65ececefab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 7/+xuEI9cJmH2IL3px4qqhlqGIJ4L4rwfUB1x7BTH/TVkYUkElQk4f2vBcCtFhmWhy1nrae8jc5d7EBK+XN2tQ==
date: Sat, 03 Sep 2022 22:36:06 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/retina/retina.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/retina/retina.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/retina/retina.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-52e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14cc1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-303b2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3ead"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
freychang.fun/asd100.bin
104.21.45.207200 OK 0 B IP 104.21.45.207:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: freychang.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 7088
last-modified: Sat, 03 Sep 2022 20:37:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BnpC0c%2FqfSufUSzvgZeUOO0a8KsrjIehMCrN5cn%2B5ieVsVgueLMH1rzADlIQZYRYfso2aJ07TWe%2F%2FW8zOGooCuUa9TtCyGhW7Tqa5L%2F4p0s%2FJgZNV5MldUoD8eU0AYqM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7451f65eded5fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/canvas-to-blob.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/canvas-to-blob.min.js
IP 91.209.70.182:0
GET /themes/flow/js/canvas-to-blob.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-408"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cdf"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
tebilaterde.xyz/Qm04MjUZTwABB3ReCxAZYE8UEFN2CQEHBCcJFQEFclQVBg11CxUKU3RYFQoEIFRZBQInXA1RU2BBGgFQcF4PUwMhQA9TAHdADANUcEBZVgF0QAABBXdaXgBWIFheVxduT0tFF25PTFdXKwFZRlAwCV0cTTsXGh4Xc10WBxduC1leRidBXlNZMQgUVFQuHl1v
44.195.137.121200 OK 0 B URL HTTP/2 tebilaterde.xyz/Qm04MjUZTwABB3ReCxAZYE8UEFN2CQEHBCcJFQEFclQVBg11CxUKU3RYFQoEIFRZBQInXA1RU2BBGgFQcF4PUwMhQA9TAHdADANUcEBZVgF0QAABBXdaXgBWIFheVxduT0tFF25PTFdXKwFZRlAwCV0cTTsXGh4Xc10WBxduC1leRidBXlNZMQgUVFQuHl1v
IP 44.195.137.121:0
GET /Qm04MjUZTwABB3ReCxAZYE8UEFN2CQEHBCcJFQEFclQVBg11CxUKU3RYFQoEIFRZBQInXA1RU2BBGgFQcF4PUwMhQA9TAHdADANUcEBZVgF0QAABBXdaXgBWIFheVxduT0tFF25PTFdXKwFZRlAwCV0cTTsXGh4Xc10WBxduC1leRidBXlNZMQgUVFQuHl1v HTTP/1.1
Host: tebilaterde.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: fa599f0ceacca0c2249bb9597a18fa06=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8445-kzqWV0iBB+0gjMj9h7wY9wFqeNk"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTM5MyIsInNpZCI6IjEwMDEyNDU2IiwibmlkcyI6IjU5MTUxIiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDI4OTc0Iiwic3YiOiI1NjQ5IiwicmVmX2RtbiI6Im1lZ2F1cC5uZXQiLCJleHRfY2lkIjoiIiwidHNuYW1lIjoiTUIiLCJjcmMiOiIxIiwiY24iOiIzMDBYMjUwX1BDX05US19QUVRfU0ZXIiwibmlkIjoiNTkxNTEiLCJleHRfcHViIjoiIiwiY3JwIjoiMTAwIiwidGlkIjoiMSIsIml0IjoiMDNcL1NlcFwvMjAyMjoyMjozNjowNyArMDAwMCIsImNjIjoiMyIsInNuY2lkIjoiOTUyOTkiLCJjaWQiOiIzNDMwMiIsImV4dF91aWQiOiIiLCJjcCI6IjM1LjIyIiwic25jY2lkIjoiMTg3OTMzOSIsImlpZCI6Ijk5YTlmODA5YmExZDE1Yzk1ZTgwNTg2NzE3YTg0NzBiIiwiZXh0X2lpZCI6IiJ9?unique_view=1
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTM5MyIsInNpZCI6IjEwMDEyNDU2IiwibmlkcyI6IjU5MTUxIiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDI4OTc0Iiwic3YiOiI1NjQ5IiwicmVmX2RtbiI6Im1lZ2F1cC5uZXQiLCJleHRfY2lkIjoiIiwidHNuYW1lIjoiTUIiLCJjcmMiOiIxIiwiY24iOiIzMDBYMjUwX1BDX05US19QUVRfU0ZXIiwibmlkIjoiNTkxNTEiLCJleHRfcHViIjoiIiwiY3JwIjoiMTAwIiwidGlkIjoiMSIsIml0IjoiMDNcL1NlcFwvMjAyMjoyMjozNjowNyArMDAwMCIsImNjIjoiMyIsInNuY2lkIjoiOTUyOTkiLCJjaWQiOiIzNDMwMiIsImV4dF91aWQiOiIiLCJjcCI6IjM1LjIyIiwic25jY2lkIjoiMTg3OTMzOSIsImlpZCI6Ijk5YTlmODA5YmExZDE1Yzk1ZTgwNTg2NzE3YTg0NzBiIiwiZXh0X2lpZCI6IiJ9?unique_view=1
IP 66.254.114.171:0
GET /track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTM5MyIsInNpZCI6IjEwMDEyNDU2IiwibmlkcyI6IjU5MTUxIiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDI4OTc0Iiwic3YiOiI1NjQ5IiwicmVmX2RtbiI6Im1lZ2F1cC5uZXQiLCJleHRfY2lkIjoiIiwidHNuYW1lIjoiTUIiLCJjcmMiOiIxIiwiY24iOiIzMDBYMjUwX1BDX05US19QUVRfU0ZXIiwibmlkIjoiNTkxNTEiLCJleHRfcHViIjoiIiwiY3JwIjoiMTAwIiwidGlkIjoiMSIsIml0IjoiMDNcL1NlcFwvMjAyMjoyMjozNjowNyArMDAwMCIsImNjIjoiMyIsInNuY2lkIjoiOTUyOTkiLCJjaWQiOiIzNDMwMiIsImV4dF91aWQiOiIiLCJjcCI6IjM1LjIyIiwic25jY2lkIjoiMTg3OTMzOSIsImlpZCI6Ijk5YTlmODA5YmExZDE1Yzk1ZTgwNTg2NzE3YTg0NzBiIiwiZXh0X2lpZCI6IiJ9?unique_view=1 HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/get/10012456?time=1614803572912&apb=ooddNHdLHTPHNVS4ASOpprpmtrdTbbZNLTK6V1Esqp6pXVTTOpmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6XjSnOneau62m7bXSi23XPeauvXbSzPWl0rv9.czijBuZznSuldK6V0rpXSuldK4Ps
Cookie: adtool_guid=Ch5KHmMT1tcwdXb2wLzqAg==; RNLBSERVERID=ded7078
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 22:36:07 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
x-request-id: 6313D6D7-42FE72AB01BB7A93-17138345
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
IP 91.209.70.182:0
GET /themes/flow/js/zeroClipboard/ZeroClipboard.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3bd2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/sticky/jquery.sticky.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1099"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-resize.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-resize.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-resize.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1f7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/sw.js?cFVab00rd2Jcf0ZmaU1hUnd2TStEMWNafBUxd1x9QGx3W3VHM3dXK0Zgd1d8Emw7WHoVZG8MK1J5eFwoQmZtDnsTeG0OeEV4bl4sQng7C3lGeGJcfUViPF0uEmA8Cm9cdykYb1x3LgovGTk7GygCMT9BNQkveENvQWV0Wm9cMzsDPhV5PA4hAzB2CSwcJj8y
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/sw.js?cFVab00rd2Jcf0ZmaU1hUnd2TStEMWNafBUxd1x9QGx3W3VHM3dXK0Zgd1d8Emw7WHoVZG8MK1J5eFwoQmZtDnsTeG0OeEV4bl4sQng7C3lGeGJcfUViPF0uEmA8Cm9cdykYb1x3LgovGTk7GygCMT9BNQkveENvQWV0Wm9cMzsDPhV5PA4hAzB2CSwcJj8y
IP 91.209.70.182:0
GET /sw.js?cFVab00rd2Jcf0ZmaU1hUnd2TStEMWNafBUxd1x9QGx3W3VHM3dXK0Zgd1d8Emw7WHoVZG8MK1J5eFwoQmZtDnsTeG0OeEV4bl4sQng7C3lGeGJcfUViPF0uEmA8Cm9cdykYb1x3LgovGTk7GygCMT9BNQkveENvQWV0Wm9cMzsDPhV5PA4hAzB2CSwcJj8y HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45; _ga=GA1.2.1856383209.1662244564; _gid=GA1.2.1640555260.1662244564; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:52 GMT
vary: Accept-Encoding
etag: W/"60758f38-12fe6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/sw.js
91.209.70.182200 OK 0 B IP 91.209.70.182:0
GET /sw.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:52 GMT
vary: Accept-Encoding
etag: W/"60758f38-12fe6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/gauge.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/gauge.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/gauge.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45b8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/nav/jquery.scrollTo.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-981"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/nav/jquery.nav.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1547"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
IP 91.209.70.182:0
GET /themes/flow/js/clipboardjs/clipboard.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2296"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/colors/flow.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/colors/flow.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/colors/flow.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-a83"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
freychang.fun/asd100.bin
104.21.45.207200 OK 0 B IP 104.21.45.207:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: freychang.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 7088
last-modified: Sat, 03 Sep 2022 20:37:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ef10m7xj0G53m0u5wurJ8xu6C0HmKcuZaG3XPbIbA32BiluT1cwvEHrfRGtFT8kJU051QU1ktyZ1NKjrxNUk3BztY%2FSXFmu%2FhEms7MoylTf2Y68YsLkL%2FalyIRAEzk6L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7451f65eded4fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/load-image.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/load-image.min.js
IP 91.209.70.182:0
GET /themes/flow/js/load-image.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-9f2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
freychang.fun/
104.21.45.207200 OK 0 B IP 104.21.45.207:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: freychang.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: text/plain
set-cookie: csu=1702271311915068@1@1662244566; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=np%2FWgSQXmhMSE%2Flrz1tzeZIJxcGPNli%2BvCh%2B406nPvczjmS2FqXtuuizVpjvPXPbDMKE02PTNEQ7wZWxPK0yPRzQfzVh5D%2FaBuaqf5VUoLLhgamQ1aRgIUOmha1nybgX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7451f65eeee0fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/animations/animate.min.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-bc86"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/global.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/global.js
IP 91.209.70.182:0
GET /themes/flow/js/global.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-d59"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/custom/custom.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/custom/custom.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/custom/custom.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1420"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
societingna.info/MURQRUtKZiMyFEQ2PGdxEywkMTtCfn9qJlQjMTA7Hyo1MWRCM34vOBNocjYmV2ZqdGcTMDEiFFggcn9pCXdic3gCZnxnOEQmDywvA2ZqZy0FIGlwelQgfXZ7AX19cXMGIn19LQdxfX16U30xcnxUdWUmLRM5
44.195.137.121200 OK 0 B URL HTTP/2 societingna.info/MURQRUtKZiMyFEQ2PGdxEywkMTtCfn9qJlQjMTA7Hyo1MWRCM34vOBNocjYmV2ZqdGcTMDEiFFggcn9pCXdic3gCZnxnOEQmDywvA2ZqZy0FIGlwelQgfXZ7AX19cXMGIn19LQdxfX16U30xcnxUdWUmLRM5
IP 44.195.137.121:0
Analyzer Verdict Alert fortinet Malware
GET /MURQRUtKZiMyFEQ2PGdxEywkMTtCfn9qJlQjMTA7Hyo1MWRCM34vOBNocjYmV2ZqdGcTMDEiFFggcn9pCXdic3gCZnxnOEQmDywvA2ZqZy0FIGlwelQgfXZ7AX19cXMGIn19LQdxfX16U30xcnxUdWUmLRM5 HTTP/1.1
Host: societingna.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: a5cf80cee21f4907b92d70958f6ea971=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e0f9-qAqttN3V8o7ToWpOb+cOktRCfOw"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-59d6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/responsive.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/responsive.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/responsive.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-e56"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.iframe-transport.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.iframe-transport.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.iframe-transport.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2sv4D/Crusader.Kings.III.Royal.Edition.v1.6.1.2.rar
Connection: keep-alive
Cookie: filehosting=ruvbnt9vvvkkfsa97qb9dd5i45
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:36:05 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2427"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
freychang.fun/asd100.bin
104.21.45.207200 OK 0 B IP 104.21.45.207:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: freychang.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Sep 2022 22:36:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 7088
last-modified: Sat, 03 Sep 2022 20:37:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=anYDGPxi3upj12kGdwq9B5gLViz%2Bb7ESLbcAZNFWaU3BrAznnF%2F8Er%2FJ4gQ3tNphAjOpiHewga3XW6Lx%2FWVWMHFmoFNaPF9DQ%2F91Yk3JXs5VUGDMW2gHIdDTgLi8Dv2q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7451f65efee3fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2