ocsp.sectigo.com/
104.18.15.101 471 B IP 104.18.15.101:0
Hash b792399de8f3acb71b02281612e6bfcd
52d9791efec987c6186b5f408baad2a2aa5454d1
f4bf0f64844b5fc10c923c460e60f34905669c695c47a0871a10e15f19863e5d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 10 Sep 2023 20:58:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 08 Sep 2023 11:25:47 GMT
Expires: Fri, 15 Sep 2023 11:25:46 GMT
Etag: "52d9791efec987c6186b5f408baad2a2aa5454d1"
Cache-Control: max-age=398672,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 804a96e97d865691-OSL
megaup.net/themes/flow/images/main_logo_inverted.png
91.209.70.182 7.1 kB URL megaup.net/themes/flow/images/main_logo_inverted.png
IP 91.209.70.182:0
File type PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d15526be10b904a6b48d1af04a10cc3
c09b6874359ac6d71db95593618a9acb55baa984
894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018
GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/loading_small.gif
91.209.70.182 184 kB URL megaup.net/themes/flow/images/loading_small.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 64 x 64\012- data
Size 184 kB (184355 bytes)
Hash b0dd5b3af9c4c0644d7bddee83716209
30002468d0266b893b3559b8d0d260c6cbf0ad7c
2418224bb4d12c122ef3c54d2ee9edb5f6f28d539e91a166b0215553f8c7609d
GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
143.204.42.171 191 kB URL dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
IP 143.204.42.171:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 191 kB (190806 bytes)
Hash 8ceeb49f6ab8a24fa570e59f173264d1
2d927bd73f7500caa6db57a28b12b609a83cea19
43e25cef8336393afeb61a0cd87c15efdd66ee3a73a9c7d63561cfd6abfda2d9
GET /?kzmmd=761186 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 190806
date: Sun, 10 Sep 2023 20:33:33 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mQ2YZm40xPmm0MwHu5ZLIHv0pqKdGmuTRqf5Fgn997vsIMxCltNWhA==
age: 1498
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/global.js
91.209.70.182 1.6 kB URL megaup.net/themes/flow/js/global.js
IP 91.209.70.182:0
Hash b62957c3c4788544cad00a761303b836
0436c4efedfe2075b24a87ff969034b2e258e609
ef8a1ff709899584c91496da397de0b0fcab774e3b6d258ccca9997e592e84d3
GET /themes/flow/js/global.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-d59"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-ui.js
91.209.70.182 5.3 kB URL megaup.net/themes/flow/js/jquery.fileupload-ui.js
IP 91.209.70.182:0
Hash 6d74ec0b03e02825fef8093d64629489
de746f1c7aeb0927541e1d55bdea4672bb47aa73
5d4a5378ed9f8bf68dbfb6246761e6d44e2b11fa626d8b4f8d1d6a779f037cd2
GET /themes/flow/js/jquery.fileupload-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-61ef"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/load-image.min.js
91.209.70.182 1.6 kB URL megaup.net/themes/flow/js/load-image.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (2546), with no line terminators
Hash 29c8a390a6c8038b015af4fda1af1c38
516b1c42416ad647530192872785a5b3b35bd471
b49885ee9e161e5595dfe428642255234d8d557c85699bb8bba72499717498c5
GET /themes/flow/js/load-image.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-9f2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-108868042-1
142.250.74.168200 OK 68 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP 142.250.74.168:443
Requested by https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
File type ASCII text, with very long lines (4179)
Hash 4c3777d3d4843e0f047131db74aba1db
2447eba2a64e695369eff7c64d706d9e111a0ca3
0cb4777a8a28b9198b06d1155626f801c6fdcfaf33ff9d8a278e273ccba9f836
GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 10 Sep 2023 20:58:32 GMT
expires: Sun, 10 Sep 2023 20:58:32 GMT
cache-control: private, max-age=900
last-modified: Sun, 10 Sep 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68355
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
keydawnawe.com/gwZ1U5hjA8ii/32575
142.91.159.89 26 B URL keydawnawe.com/gwZ1U5hjA8ii/32575
IP 142.91.159.89:0
File type ASCII text, with no line terminators
Hash 4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Sep 2023 20:58:32 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Mon, 11-Sep-2023 20:58:32 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjAC%2FAKJi1buM2WoQuvwDRiYJgjztjP3WeLd%2FG8SilOE7CdkFSFqXJTHk1xLkFPcNOCBw%2FdyPzuv6AZnJ%2FAs8euDU6yWhYf1z9g8zfIYn9x9pN14pZoxQfw2rbu7%2B5xuHY30KQJHEUzOIypAr00fl7rHdA%3D; expires=Mon, 11-Sep-2023 20:58:32 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
altowriestwispy.com/tysaSHG1FMaM/18410
172.255.6.217 25 B URL altowriestwispy.com/tysaSHG1FMaM/18410
IP 172.255.6.217:0
File type ASCII text, with no line terminators
Hash f7a2939527fd9e68723da600e96d76bd
a9e717b6364d2895ee0a716050db32ca0ef1bb42
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Sep 2023 20:58:32 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Mon, 11-Sep-2023 20:58:32 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjAC%2FAKJi1buM2WoQuvwDRiYJgjztjP3WeLd%2FG8SilOE7CdkFSFqXJTHk1xLkFPcNOCBw%2FdyPzuv6AZnJ%2FAs8euDU6yWhYf1z9g8zfIYn9x9pN14pZoxQfw2rbu7%2B5xuHY30KQJHEUzOIypAr00fl7rHdA%3D; expires=Mon, 11-Sep-2023 20:58:32 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
megaup.net/themes/flow/js/jquery.fileupload-resize.js
91.209.70.182 2.8 kB URL megaup.net/themes/flow/js/jquery.fileupload-resize.js
IP 91.209.70.182:0
Hash 23a8f0c0a8e9febbf563aef9fb28f2b0
a0d188d6535c31b9bce7d874e4731f3a0bd2a220
2d6f1126fbf381ae50f1264f82d5d2c55c400067557abf21387ab4c72af624cf
GET /themes/flow/js/jquery.fileupload-resize.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1f7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css
91.209.70.182 51 kB URL megaup.net/themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css
IP 91.209.70.182:0
File type assembler source, ASCII text, with very long lines (540), with CRLF line terminators
Hash 26bfa8a47d74b90e1fc4632710026e85
2993c7f968fb5e5be8d256d5c7271fe64c87326d
69c6352bd7a8de550563a81b40dab2234fa30ff0ae9e90a8b5c896dea033ca3b
GET /themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:32 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cc1b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-process.js
91.209.70.182 37 kB URL megaup.net/themes/flow/js/jquery.fileupload-process.js
IP 91.209.70.182:0
Hash 8f27159561d43ede851b9b84f63cd727
c4672cc17326d35d092741dad007ee72b2c13095
f6626568ee243b737cdfc12efc464eb97d786bdcce590a0326427e11f360293f
GET /themes/flow/js/jquery.fileupload-process.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/canvas-to-blob.min.js
91.209.70.182 37 kB URL megaup.net/themes/flow/js/canvas-to-blob.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (1032), with no line terminators
Hash f1b353d74742a0d0d8dba4a82f07c050
a1b03792ee014e57e16a27cf343aaad13af08666
233a048b5eab2ecc75e2f72bf9a65de6ac06e697746156ade5b144305d76ca3a
GET /themes/flow/js/canvas-to-blob.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-408"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
91.209.70.182 21 kB URL megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 20972, version 1.0\012- data
Hash cad75e2dacc6794c4e6b14727d4a989d
694d04c8f643df4100c23efc1463ac9f4e732f60
ebccc09339b7730324221aff3d11d215de9997b47bf708ca18a3be2d8e8b9887
GET /themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:32 GMT
content-type: font/woff
content-length: 20972
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-51ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
aticalfelixstownrus.info/cldKTUMTNSkgfBNqKGs2ADt3aHE0cngLJx86MCYlFm94OiILOWQuLx0iLisxHTk+Yy0XI29/BTwyHQcNFjohLAchGhsbJEIbARg3FwN7A3smO3MrADZjEA80HjEGNXcfFhw+ACA/JRQFGAZ/ATk8EgUcNDwFDAcxNTAtFQEqFRsJAREVKQgnIhALFDUhZnsrBRhnEAwoIxsDHHc7Ez0ALjcgOQIRNjASGwEjGQQ1ezQRGwMsIBRzABc6Zh4acx4cBBgnKw8MCBMnZj4HBxsGEwUCNB8sfRogBhwcECMRey4WI24eGnMZBgV8DRMYDAN6JmcuBxBAeiIIFCBjAgErQhASCwI+BQwhCic5ewUUJz8CK3MrBw8PAh0SCxQBIGRyOhQ3Px4UcygHDgt6SnEgPiwcJ3cvKz0vcwJzATY+NAw0HQ
108.157.214.94 1.2 kB URL aticalfelixstownrus.info/cldKTUMTNSkgfBNqKGs2ADt3aHE0cngLJx86MCYlFm94OiILOWQuLx0iLisxHTk+Yy0XI29/BTwyHQcNFjohLAchGhsbJEIbARg3FwN7A3smO3MrADZjEA80HjEGNXcfFhw+ACA/JRQFGAZ/ATk8EgUcNDwFDAcxNTAtFQEqFRsJAREVKQgnIhALFDUhZnsrBRhnEAwoIxsDHHc7Ez0ALjcgOQIRNjASGwEjGQQ1ezQRGwMsIBRzABc6Zh4acx4cBBgnKw8MCBMnZj4HBxsGEwUCNB8sfRogBhwcECMRey4WI24eGnMZBgV8DRMYDAN6JmcuBxBAeiIIFCBjAgErQhASCwI+BQwhCic5ewUUJz8CK3MrBw8PAh0SCxQBIGRyOhQ3Px4UcygHDgt6SnEgPiwcJ3cvKz0vcwJzATY+NAw0HQ
IP 108.157.214.94:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3024), with no line terminators
Hash 6fe129671204006af3bf898f72049ab0
f858d1e64009c0e7e3db2f905ef58626c97fc9fe
422acda864a43d31fb1e5781f53d9c95a701f01b50d9c0b920bde1f27f7f3fd6
GET /cldKTUMTNSkgfBNqKGs2ADt3aHE0cngLJx86MCYlFm94OiILOWQuLx0iLisxHTk+Yy0XI29/BTwyHQcNFjohLAchGhsbJEIbARg3FwN7A3smO3MrADZjEA80HjEGNXcfFhw+ACA/JRQFGAZ/ATk8EgUcNDwFDAcxNTAtFQEqFRsJAREVKQgnIhALFDUhZnsrBRhnEAwoIxsDHHc7Ez0ALjcgOQIRNjASGwEjGQQ1ezQRGwMsIBRzABc6Zh4acx4cBBgnKw8MCBMnZj4HBxsGEwUCNB8sfRogBhwcECMRey4WI24eGnMZBgV8DRMYDAN6JmcuBxBAeiIIFCBjAgErQhASCwI+BQwhCic5ewUUJz8CK3MrBw8PAh0SCxQBIGRyOhQ3Px4UcygHDgt6SnEgPiwcJ3cvKz0vcwJzATY+NAw0HQ HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Sun, 10 Sep 2023 20:58:32 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: h363aTdq_LlG7Z7_STeGZkbYGbwA7JHnUhZW_2uZz95HNQiUCIAt3w==
X-Firefox-Spdy: h2
aticalfelixstownrus.info/QmlxU0ojCxI+dSNUE3U/MAVMdngETEMVLi8ECzgsJlFDJCs7B18wJi0cFTU4LQcFfSQnHVRhDDg7CzcADwMoOB0BDSQQHgwMPQJyDQ0gGT0DHhU7EhYZFQQOISI6FRwAJQYWPyYCIGMsFh0gEi12OyEGIhEMFjc8GgUSIx8KOCQGMy48FRIHEyMdHjgGHjs7GzgFFQsSMio7YhAWICdnJBRYOzsbKw4hBDMqJzgVfyMjGRl9Jig/IwhwHjARJ3s5FBIHFg05BTkDKCghEisNOQcnCy8UBiUNCiY7b3AvMzsEcg0mJAsAAycRKAMvQjctJh45EhA3LB9+OQE8IhkfCwVBBy4aL0YSLSZaM2AtAStDGgwnPyM1BBQgBwsfdwAzAnIGK0IKECc7IxcvJTBXOTktBwFuKyUeGWUtBhsCGTggXTg
108.157.214.94 1.2 kB URL aticalfelixstownrus.info/QmlxU0ojCxI+dSNUE3U/MAVMdngETEMVLi8ECzgsJlFDJCs7B18wJi0cFTU4LQcFfSQnHVRhDDg7CzcADwMoOB0BDSQQHgwMPQJyDQ0gGT0DHhU7EhYZFQQOISI6FRwAJQYWPyYCIGMsFh0gEi12OyEGIhEMFjc8GgUSIx8KOCQGMy48FRIHEyMdHjgGHjs7GzgFFQsSMio7YhAWICdnJBRYOzsbKw4hBDMqJzgVfyMjGRl9Jig/IwhwHjARJ3s5FBIHFg05BTkDKCghEisNOQcnCy8UBiUNCiY7b3AvMzsEcg0mJAsAAycRKAMvQjctJh45EhA3LB9+OQE8IhkfCwVBBy4aL0YSLSZaM2AtAStDGgwnPyM1BBQgBwsfdwAzAnIGK0IKECc7IxcvJTBXOTktBwFuKyUeGWUtBhsCGTggXTg
IP 108.157.214.94:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash 238f5823c4629db022c17cca50397090
099430c445440b5e3f005b4aac809b54128aa1ea
86520efe4aa6a9f948d6f19e6c70d1802b2ff40d7692586c8a0c3a863d0f8cad
GET /QmlxU0ojCxI+dSNUE3U/MAVMdngETEMVLi8ECzgsJlFDJCs7B18wJi0cFTU4LQcFfSQnHVRhDDg7CzcADwMoOB0BDSQQHgwMPQJyDQ0gGT0DHhU7EhYZFQQOISI6FRwAJQYWPyYCIGMsFh0gEi12OyEGIhEMFjc8GgUSIx8KOCQGMy48FRIHEyMdHjgGHjs7GzgFFQsSMio7YhAWICdnJBRYOzsbKw4hBDMqJzgVfyMjGRl9Jig/IwhwHjARJ3s5FBIHFg05BTkDKCghEisNOQcnCy8UBiUNCiY7b3AvMzsEcg0mJAsAAycRKAMvQjctJh45EhA3LB9+OQE8IhkfCwVBBy4aL0YSLSZaM2AtAStDGgwnPyM1BBQgBwsfdwAzAnIGK0IKECc7IxcvJTBXOTktBwFuKyUeGWUtBhsCGTggXTg HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1177
date: Sun, 10 Sep 2023 20:58:32 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: eyL7p_K-6RiZpasRw549pYMMlv78eT6zLeg8i8-YCXGgyTvSskZsXg==
X-Firefox-Spdy: h2
megaup.net/imageads/007.png
91.209.70.182 165 kB URL megaup.net/imageads/007.png
IP 91.209.70.182:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 165 kB (165193 bytes)
Hash 9e452dc2054f294d67b691d6241b981b
c17b12b7eeb6a0bbcff9a87ff8a9f5bf17e59712
908e0140df8eb676084e7ea34af8bf9d2a92ff7c543bc808593246db2a0e8ee1
GET /imageads/007.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:32 GMT
content-type: image/png
content-length: 165193
last-modified: Sat, 15 Apr 2023 07:22:56 GMT
vary: Accept-Encoding
etag: "643a50d0-28549"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
91.209.70.182 9.1 kB URL megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (28941)
Hash ba847811448ef90d98d272aeccef2a95
5814e91bb6276f4de8b7951c965f2f190a03978d
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
GET /themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
91.209.70.182 5.2 kB URL megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
IP 91.209.70.182:0
Hash 615432b34216ce48aa41b027c9b08f6a
b7b6647aa22a1786013d97ea2c321d0d32d7abe8
f5af895f7beb65666327d0629ed30cebe00dddebabbe9d25be29106234e827a5
GET /themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-8d4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
empafnyfiexpectt.info/RGp0bG9rVRcfUhc9HB09AwYDOyksWSwkBxUyGhQ1IgYANgsCK1IYBiBXTFtZd1tMSh8tDkleVmIZAA0bMRlJXUktBBIDUmIcSV1BdERCXEF3TAFRXmIeBA0IeVtSHBswBkldWX1eR1tWcVtGW110
188.114.96.1 0 B URL empafnyfiexpectt.info/RGp0bG9rVRcfUhc9HB09AwYDOyksWSwkBxUyGhQ1IgYANgsCK1IYBiBXTFtZd1tMSh8tDkleVmIZAA0bMRlJXUktBBIDUmIcSV1BdERCXEF3TAFRXmIeBA0IeVtSHBswBkldWX1eR1tWcVtGW110
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /RGp0bG9rVRcfUhc9HB09AwYDOyksWSwkBxUyGhQ1IgYANgsCK1IYBiBXTFtZd1tMSh8tDkleVmIZAA0bMRlJXUktBBIDUmIcSV1BdERCXEF3TAFRXmIeBA0IeVtSHBswBkldWX1eR1tWcVtGW110 HTTP/1.1
Host: empafnyfiexpectt.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sun, 10 Sep 2023 20:58:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ksJ5lBp7j8Lm5DGz4Dy7lr3ZX54vwtUa2pxLfxn1PJTyvMc%2F2g%2BgXQPovs8WV%2Bj7xEahwxSXoixutL8SP8SOZvreqjU61NuoPZsR1fkf1rdLu5yVBVS6XxjumoQFjaf8y4ZCuzgPzuc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804a96f339e25696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
91.209.70.182 1.9 kB URL megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash 1ebf524053e3259b38cd33a44bff9685
4b073458bfd8526583eaca302f5d21bd1d8b31f5
10815e9b5addf60315886f7216b0530fd58fa8580ca6a81687f14ffee517c619
GET /themes/flow/frontend_assets/js/nav/jquery.nav.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1547"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
91.209.70.182 2.0 kB URL megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash 17ab9c0627529d1e053dfc75ab26a6cc
f98cc6e4fa314b65f9a242b004e7a4736cd061c7
31ca2164134c089fcedd15176160feea7b4369b404e9c8fd7b410292b9233550
GET /themes/flow/frontend_assets/css/isotope/isotope-style.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:32 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-af3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
91.209.70.182 30 kB URL megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (23470)
Hash 04426bc66c09c8881b5b329310e903e9
ff7f2f64ed5938023a91050e27f22f77becba78c
ebf4e570b96d611fa540bb8745ba518a1005d50c4589a2c2cf3a60a97151a184
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14cc1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
91.209.70.182 650 B URL megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash 76cff321a3da409f04f1b9d25319ab78
f9de6b54f2eeeb85ea43693bee32dc930a252649
9930043ffb4753c135a12f6be97e24ef56fdfd5aaf1af6a204d99937a7ba8ef2
GET /themes/flow/frontend_assets/js/isotope/custom-isotope.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/colors/flow.css
91.209.70.182 607 B URL megaup.net/themes/flow/frontend_assets/css/colors/flow.css
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash b0043a6c7a7969f6d9d76e9684005150
38c6010b1a1110baf5efb78b05d4b99784aa2836
91e4749e45a517ca4168cf9573eef0ee72fa93a9b7b96892844e9935afc832af
GET /themes/flow/frontend_assets/css/colors/flow.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-a83"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/sw.js
91.209.70.182 40 kB IP 91.209.70.182:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9ee51131e416458b88d6da4e6e6959ca
a558b24bcf81763754e35a5fa5e46c6d6ad5f8d4
db3608f955dd3404bc375f0a0a7a5c8e23515e7ad1a0b9078c246e92e4050734
GET /sw.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 20 Dec 2022 16:15:31 GMT
vary: Accept-Encoding
etag: W/"63a1dfa3-1927c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/retina/retina.js
91.209.70.182 34 kB URL megaup.net/themes/flow/frontend_assets/js/retina/retina.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (1249)
Hash d3e2d6e7887add1872c197bab95a16b7
fe996175492409ca9e5b4f42911c5a69e8b2698c
4b75d94f66a12f86bb0c238861680cc589c4463ba29be6889ed6dbeb5594aa19
GET /themes/flow/frontend_assets/js/retina/retina.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-52e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/custom/custom.js
91.209.70.182 2.0 kB URL megaup.net/themes/flow/frontend_assets/js/custom/custom.js
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash 2d40e9899d9667475ee4a7d5d9731311
6e3b230480bc36ce2e9b0622a48af5924535a72b
a72e6ce7c10983fcd6773f0db77f049b7a85039d3e7212a12ad56fbb8d70a6e6
GET /themes/flow/frontend_assets/js/custom/custom.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1420"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
91.209.70.182 1.5 kB URL megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (2241), with CRLF line terminators
Hash 1e4ba2a9c6f022f7c920cd2e76d95bd4
f15cbf023a4a1e1c810eff679cc9b35b81a6f2c2
afff7cdd8f6f0ca43b26573840f5ec5d3302dc1fc2b2209a1163e3978c9d012c
GET /themes/flow/frontend_assets/js/nav/jquery.scrollTo.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-981"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-Z9TE2LW16Q&l=dataLayer&cx=c
142.250.74.168 81 kB URL www.googletagmanager.com/gtag/js?id=G-Z9TE2LW16Q&l=dataLayer&cx=c
IP 142.250.74.168:0
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
File type ASCII text, with very long lines (5857)
Hash 48d40988c629057f932cff26e09be78f
5e4df07274b8131d5956c909e6ea878b6e2690af
230c181f68eb015fac89edaa4f71723c8006e4bb73a42f7994044a993dcbcda6
GET /gtag/js?id=G-Z9TE2LW16Q&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 10 Sep 2023 20:58:33 GMT
expires: Sun, 10 Sep 2023 20:58:33 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80679
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
megaup.net/themes/flow/frontend_assets/css/responsive.css
91.209.70.182 1.9 kB URL megaup.net/themes/flow/frontend_assets/css/responsive.css
IP 91.209.70.182:0
File type assembler source, ASCII text
Hash 7f090c009c854fda38795874dd7cfcf3
ee03cd497eb3b1349a1ddd3fd26ad6ca50f4f238
244c04a213bdb0e13f0d9fa71af6760886ad9d533f80c1f60e21f632096f5e33
GET /themes/flow/frontend_assets/css/responsive.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-e56"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
platform.bidgear.com/ads.php?domainid=5593&sizeid=12&zoneid=6192
172.67.74.36 717 B URL platform.bidgear.com/ads.php?domainid=5593&sizeid=12&zoneid=6192
IP 172.67.74.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1330), with no line terminators
Hash 8e5953f5e79f282d1a5e8f2a8aa86973
38dcfc04740bebd58cee0d6da78e9d2c544df20c
da1daef9cc7d7dd9dc582bc9bb48701a0f984b851bf43ff8637d809c8fe779e7
GET /ads.php?domainid=5593&sizeid=12&zoneid=6192 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 10 Sep 2023 20:58:32 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K8pUZ9FxuWXo6KNAoC7dVhGkAfOqhT8X6%2BmC09MKiSK9x%2F%2F%2FJ5q1%2FoFJa%2B%2Ft1%2B2YG0m%2BAhKS23eps3yTWdtgCyZrd%2FcE%2Bz1epCNXz7yB%2FCk6VMC3jXTbdsuOJW%2FdVOJ%2BXmWC1dwd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804a96edbd6856ae-OSL
content-encoding: br
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/1SnBCZW0pHywDUj4ZJlhUfkl6U1lsGjEKAzpNITUPDyUEMR4/GTYkOXI1BUMZMBR/VUsmESwCUGwVLAZQe1YjAQ93RGQQDHcdLR8EJhwjQF8MRWxVSHhAah1ce1VxJ0h4QC4MAz8IZ1ddMkh0Olt+VXEnSHhAMBNIeTFzVVRkQGtAX3oXJwYGJVVwI196QX-JVXHpBZ1ddLBkwAAslCGdXK3tBc0tdbAV/VA
143.204.42.171 203 B URL dmmzkfd82wayn.cloudfront.net/1SnBCZW0pHywDUj4ZJlhUfkl6U1lsGjEKAzpNITUPDyUEMR4/GTYkOXI1BUMZMBR/VUsmESwCUGwVLAZQe1YjAQ93RGQQDHcdLR8EJhwjQF8MRWxVSHhAah1ce1VxJ0h4QC4MAz8IZ1ddMkh0Olt+VXEnSHhAMBNIeTFzVVRkQGtAX3oXJwYGJVVwI196QX-JVXHpBZ1ddLBkwAAslCGdXK3tBc0tdbAV/VA
IP 143.204.42.171:0
File type ASCII text, with no line terminators
Hash ffefadda7fe18403903e4dd1c00ab481
5acb073420bebd41433c5ae8af0856ebda4bd0f1
fb09526af11e87fe61e971fcacd0f3cafa51b96292b8bb2301f25f5a26d85803
GET /1SnBCZW0pHywDUj4ZJlhUfkl6U1lsGjEKAzpNITUPDyUEMR4/GTYkOXI1BUMZMBR/VUsmESwCUGwVLAZQe1YjAQ93RGQQDHcdLR8EJhwjQF8MRWxVSHhAah1ce1VxJ0h4QC4MAz8IZ1ddMkh0Olt+VXEnSHhAMBNIeTFzVVRkQGtAX3oXJwYGJVVwI196QX-JVXHpBZ1ddLBkwAAslCGdXK3tBc0tdbAV/VA HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aticalfelixstownrus.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 203
date: Sun, 10 Sep 2023 20:58:33 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uAkJXF4aHfuse3gcEoe6mv-4B2ogO05h3LNbStfzBwXmLSFYGH4ZwQ==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/zRzdJMjYkWCdUCTNeLQ8OdQJwAwdhXTpdWDcKKFVBLwEudkQ0fTtQAg4RPUhSegdvXlcpUHQUUylUdAMQJlMrDwJhQzldXXpCJ1ZTIV4nV1JhQigPWyhNIF5aJhJ7dANpB2wABm9PeAMTdHVsAAYrXidHTmIFeUoOcWh/BhN0dWwABjVBbAF3dgdwHAZuEn-sCUSJUIl0TdXF7Agd3B3gCB2IFeVRfNVIvXU5iBQ8DB3YZeRRDegY
143.204.42.171 376 B URL dmmzkfd82wayn.cloudfront.net/zRzdJMjYkWCdUCTNeLQ8OdQJwAwdhXTpdWDcKKFVBLwEudkQ0fTtQAg4RPUhSegdvXlcpUHQUUylUdAMQJlMrDwJhQzldXXpCJ1ZTIV4nV1JhQigPWyhNIF5aJhJ7dANpB2wABm9PeAMTdHVsAAYrXidHTmIFeUoOcWh/BhN0dWwABjVBbAF3dgdwHAZuEn-sCUSJUIl0TdXF7Agd3B3gCB2IFeVRfNVIvXU5iBQ8DB3YZeRRDegY
IP 143.204.42.171:0
File type ASCII text, with very long lines (490), with no line terminators
Hash c1d49e41fd784aae771a043c51dfad32
cac445981968a86af1766f78b45bcd46aae890c8
f098854a595582f24bb236364d899bd81e58e183e083e4981c7993c8c8f910cf
GET /zRzdJMjYkWCdUCTNeLQ8OdQJwAwdhXTpdWDcKKFVBLwEudkQ0fTtQAg4RPUhSegdvXlcpUHQUUylUdAMQJlMrDwJhQzldXXpCJ1ZTIV4nV1JhQigPWyhNIF5aJhJ7dANpB2wABm9PeAMTdHVsAAYrXidHTmIFeUoOcWh/BhN0dWwABjVBbAF3dgdwHAZuEn-sCUSJUIl0TdXF7Agd3B3gCB2IFeVRfNVIvXU5iBQ8DB3YZeRRDegY HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aticalfelixstownrus.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 376
date: Sun, 10 Sep 2023 20:58:33 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ry0Hnj_0KAyNNkT_NMsq-jd83M_1CqbtGbz8MGDeqIlO3q7fovdVtg==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/NeWJNdmkaDSMQVg0LKUteT1N8Tl9fCD4ZBwlfLx4mAVsCRhoYFjQ5LzNEOQwNRFJrGggXBXBQDBcBcEdPGAYvS11fFj0ZAkQLIQ4IDwMmEwsORDgXVBQNNx8FFQNoRC9MTH1TW0lKNUdYXFEPU1tJDiQYHAFHf0YRQVQSQF1cUQ9TW0kQO1NaOFN9T0dJS2-hEWR4HLh0GXFALRFlIUn1HWUhHf0YPEBAoEAYBR38wWEhTY0ZPDF98
143.204.42.171 608 B URL dmmzkfd82wayn.cloudfront.net/NeWJNdmkaDSMQVg0LKUteT1N8Tl9fCD4ZBwlfLx4mAVsCRhoYFjQ5LzNEOQwNRFJrGggXBXBQDBcBcEdPGAYvS11fFj0ZAkQLIQ4IDwMmEwsORDgXVBQNNx8FFQNoRC9MTH1TW0lKNUdYXFEPU1tJDiQYHAFHf0YRQVQSQF1cUQ9TW0kQO1NaOFN9T0dJS2-hEWR4HLh0GXFALRFlIUn1HWUhHf0YPEBAoEAYBR38wWEhTY0ZPDF98
IP 143.204.42.171:0
File type ASCII text, with very long lines (862), with no line terminators
Hash e2bdda05374fff5d3ef92650f4eed5a7
c336cb9d7759d412ffd1010ed20f7c8257bfdcb5
e1ac2b2e53fa976e81f72cb0dbb0a1c5b189635ee533f45cef93dda2048d9801
GET /NeWJNdmkaDSMQVg0LKUteT1N8Tl9fCD4ZBwlfLx4mAVsCRhoYFjQ5LzNEOQwNRFJrGggXBXBQDBcBcEdPGAYvS11fFj0ZAkQLIQ4IDwMmEwsORDgXVBQNNx8FFQNoRC9MTH1TW0lKNUdYXFEPU1tJDiQYHAFHf0YRQVQSQF1cUQ9TW0kQO1NaOFN9T0dJS2-hEWR4HLh0GXFALRFlIUn1HWUhHf0YPEBAoEAYBR38wWEhTY0ZPDF98 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aticalfelixstownrus.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 608
date: Sun, 10 Sep 2023 20:58:33 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7K_BgAvluMv_2ZLVnyN_xmfxUcBKCpGhopzwAb5VcH8vBnZ2kTrzfQ==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/NaTNmZHEKXAgCTh1aAllGXwdXUEBPWRULHxkOLiEnKmEQDD4xfyQVQyxhAUIFE1dbVFcFUggDTE9WCAdMWBUHABNUB0AQAQZYWw0dEVIQBRoMURFCBAgOCwsLAF8KBVRbdVNKQUwBVkwJWAJDVzNMAVYIGAdGHkFDWUteUi5fB0NXM0wBVhYHTAAnVUFQHV-ZNVFsDAQESAlxDVjdbA1dUQVgDV0FDWVUPFhQPXB5BQy8CV1VfWRUTWUA
143.204.42.171 626 B URL dmmzkfd82wayn.cloudfront.net/NaTNmZHEKXAgCTh1aAllGXwdXUEBPWRULHxkOLiEnKmEQDD4xfyQVQyxhAUIFE1dbVFcFUggDTE9WCAdMWBUHABNUB0AQAQZYWw0dEVIQBRoMURFCBAgOCwsLAF8KBVRbdVNKQUwBVkwJWAJDVzNMAVYIGAdGHkFDWUteUi5fB0NXM0wBVhYHTAAnVUFQHV-ZNVFsDAQESAlxDVjdbA1dUQVgDV0FDWVUPFhQPXB5BQy8CV1VfWRUTWUA
IP 143.204.42.171:0
File type ASCII text, with very long lines (860), with no line terminators
Hash b47fac4720c111a21efb0932679d2330
2114c28f5e7a350cfde831bcb8090f7be4b6a95b
384091bb9a4eb719c200bfefa22f12364ff136191c38894b9d642b312e7f7bf2
GET /NaTNmZHEKXAgCTh1aAllGXwdXUEBPWRULHxkOLiEnKmEQDD4xfyQVQyxhAUIFE1dbVFcFUggDTE9WCAdMWBUHABNUB0AQAQZYWw0dEVIQBRoMURFCBAgOCwsLAF8KBVRbdVNKQUwBVkwJWAJDVzNMAVYIGAdGHkFDWUteUi5fB0NXM0wBVhYHTAAnVUFQHV-ZNVFsDAQESAlxDVjdbA1dUQVgDV0FDWVUPFhQPXB5BQy8CV1VfWRUTWUA HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aticalfelixstownrus.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 626
date: Sun, 10 Sep 2023 20:58:33 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: giDSzcozk2Q7qJ2p4QQEWukIqXgH2hwnpZDY59BRbuYDq9Bz9_En2Q==
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 6e223aabc160a63820353e496ed5a733
1441411ed4d1d2ec3b0109f013d9b380ee0122be
01fa3fd3e1eb03063f4ccc6a4203c7f1a458e2e056ab70d07185fdc7510cd960
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 10 Sep 2023 20:58:33 GMT
Last-Modified: Sun, 10 Sep 2023 19:25:58 GMT
Server: ECAcc (amb/6AD1)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: a3zLqEGWTT6qV8JqmjglNfqigm5dsc_fAbS6aoYb1zAHjVbrBKtqkQ==
Age: 5556
dmmzkfd82wayn.cloudfront.net/yNW9lVzRWAAsxC0EGAWoMAllWZgwTBRY4WkVSPxJYUB4kEnN4LQ9xQE8LWGcSWQ4LMAkTCgs0CQRJBDNWCFtDI0RaBFg+WE0OEzZfUA0ScUFUUgg4TlwDCTYRBylQeQQQXVV/TAReQGR2EF1VO11bGh1yBgUXXWFrA1tAZHYQXVUlQhBcJGYEDEFVfhEHXw-IyV14AQGVyB19UZwQEX1RyBgUJDCVRUwAdcgZzXlRmGgVJEGoF
143.204.42.171 456 B URL dmmzkfd82wayn.cloudfront.net/yNW9lVzRWAAsxC0EGAWoMAllWZgwTBRY4WkVSPxJYUB4kEnN4LQ9xQE8LWGcSWQ4LMAkTCgs0CQRJBDNWCFtDI0RaBFg+WE0OEzZfUA0ScUFUUgg4TlwDCTYRBylQeQQQXVV/TAReQGR2EF1VO11bGh1yBgUXXWFrA1tAZHYQXVUlQhBcJGYEDEFVfhEHXw-IyV14AQGVyB19UZwQEX1RyBgUJDCVRUwAdcgZzXlRmGgVJEGoF
IP 143.204.42.171:0
File type ASCII text, with very long lines (603), with no line terminators
Hash e7d9ae5116af0fce0b2229c59d4e0e12
3fa1276433ffb581d4eed2a46e420647fdfeec83
ba67d5a296edef089f38c4f4b7411a71a862183d1477c9e0155e50bbce41af09
GET /yNW9lVzRWAAsxC0EGAWoMAllWZgwTBRY4WkVSPxJYUB4kEnN4LQ9xQE8LWGcSWQ4LMAkTCgs0CQRJBDNWCFtDI0RaBFg+WE0OEzZfUA0ScUFUUgg4TlwDCTYRBylQeQQQXVV/TAReQGR2EF1VO11bGh1yBgUXXWFrA1tAZHYQXVUlQhBcJGYEDEFVfhEHXw-IyV14AQGVyB19UZwQEX1RyBgUJDCVRUwAdcgZzXlRmGgVJEGoF HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aticalfelixstownrus.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 456
date: Sun, 10 Sep 2023 20:58:33 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: A3vDYRb2U1E16nVPJFiIm2D977YjQTuQ8rvRRelCrAJGcf7v_ZLcXQ==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
91.209.70.182 624 kB URL megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
IP 91.209.70.182:0
Size 624 kB (623624 bytes)
Hash ffa5849037af7c5e6fc1971877859645
deb7c1eca1d4ed43dfbf33442047136d5a5f41a9
8fa669071ed5fb03e9954ba360885e7ba95fb77ae5448dfc313c3c01202b46aa
GET /themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cdf"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
91.209.70.182 951 B URL megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
IP 91.209.70.182:0
File type PNG image data, 114 x 114, 8-bit colormap, non-interlaced\012- data
Hash 76852bc6b2c028db97322a74e85bd020
ed52fb4de0d51f93277bbaae42fa80ba5f92c31e
8a5ef2ef8440c17db1b1b539065ba4a887e07a2c508b79c2d1659512e9016884
GET /themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6; _ga_Z9TE2LW16Q=GS1.1.1694379513.1.0.1694379513.0.0.0; _ga=GA1.1.347109378.1694379514
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:33 GMT
content-type: image/png
content-length: 951
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-3b7"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/
143.204.42.171 73 B URL dmmzkfd82wayn.cloudfront.net/
IP 143.204.42.171:0
File type ASCII text, with no line terminators
Hash 57143c38ff308b700bda81d33fffdc1c
7a4357101b77e5e514797ea16df9f31d0c1711df
0f13250dac3eba96683a13d9c0c14c812448cc2f499a6ad6637a17adf094884d
GET / HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 73
date: Sun, 10 Sep 2023 20:33:35 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ao6-5vvc8XvNwcGytg_7T-T1u0aT_WMOpPXcFBC5bOxNoUmrC7Ycsg==
age: 1498
X-Firefox-Spdy: h2
empafnyfiexpectt.info/QzhJTmVsByo9WAx+IQs3Fl8ILz0NQSofCTNbASpTB1UxNwEbX286DCcFcXxQegl4aBUqXHR9V2VLPS8RNkt0fFVzD28nCyVXdHxDNQV5YFxtCmd7QzYFeGgRM1kuc1RlSD06CX4Jf3dRcA9we1RwD3l8
188.114.96.1 0 B URL empafnyfiexpectt.info/QzhJTmVsByo9WAx+IQs3Fl8ILz0NQSofCTNbASpTB1UxNwEbX286DCcFcXxQegl4aBUqXHR9V2VLPS8RNkt0fFVzD28nCyVXdHxDNQV5YFxtCmd7QzYFeGgRM1kuc1RlSD06CX4Jf3dRcA9we1RwD3l8
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /QzhJTmVsByo9WAx+IQs3Fl8ILz0NQSofCTNbASpTB1UxNwEbX286DCcFcXxQegl4aBUqXHR9V2VLPS8RNkt0fFVzD28nCyVXdHxDNQV5YFxtCmd7QzYFeGgRM1kuc1RlSD06CX4Jf3dRcA9we1RwD3l8 HTTP/1.1
Host: empafnyfiexpectt.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
date: Sun, 10 Sep 2023 20:58:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64fyuTTBN%2BXDzQAYoZ9E91Qhca28RxIQRyCPhuc1sIA2ypzwACz%2FVqDLLyGfelSGZV%2BfcCKWP%2BIVyEICpVqpFluIlqcbq%2BIINuJOa6XVr7BAV%2FTkL%2FRkABpsATsMFku5Z4K866Q%2BrAE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804a96f8ac24569d-OSL
alt-svc: h3=":443"; ma=86400
parrecleftne.xyz/utx?tid=832633&top=megaup.net&cb=LEiKANSAsVas
52.85.242.51 0 B URL parrecleftne.xyz/utx?tid=832633&top=megaup.net&cb=LEiKANSAsVas
IP 52.85.242.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=832633&top=megaup.net&cb=LEiKANSAsVas HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sun, 10 Sep 2023 20:58:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 10 Sep 2023 20:59:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 21258ec71c1aa4499bcd08c6ad0eba38.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: PsOlbzTg-uxbQbzjZxvXgaK7jYIgMVh8R5BH5bI9_EGdLZI_tlT3Kw==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
91.209.70.182 750 B URL megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
IP 91.209.70.182:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash e95c130b43ef6c32b9c9459aff5706c1
51b8b0d3ae3eabd9c31e65098acfa9ba18e9bb30
6c3dde0843949903d807800c8d6706e357fd762d29885946bacac881d4abfb35
GET /themes/flow/frontend_assets/images/icons/favicon/favicon.ico HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6; _ga_Z9TE2LW16Q=GS1.1.1694379513.1.0.1694379513.0.0.0; _ga=GA1.1.347109378.1694379514
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:33 GMT
content-type: image/x-icon
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-47e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 43d1b0c36a3cd563b001b3f3be1823ba
08772d005eba2778e63f84b02ade416dfbd81eaa
be2785faa89e68455b5f2786bbce579a6768bffb835e1cb73a40aef764932bd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 20:58:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aticalfelixstownrus.info/utx?cb=RJD9XFcuUEC6&top=megaup.net&tid=761186
108.157.214.94 0 B URL aticalfelixstownrus.info/utx?cb=RJD9XFcuUEC6&top=megaup.net&tid=761186
IP 108.157.214.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=RJD9XFcuUEC6&top=megaup.net&tid=761186 HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sun, 10 Sep 2023 20:58:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 10 Sep 2023 20:59:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: fJX0sI8kZ8Ng8ICdmSc6gW6gQNhxMmSm2cjLf5ulgwV_lWgxbOjCzg==
X-Firefox-Spdy: h2
aticalfelixstownrus.info/utx?cb=FZfd769ODhy9&top=megaup.net&tid=825911
108.157.214.94 0 B URL aticalfelixstownrus.info/utx?cb=FZfd769ODhy9&top=megaup.net&tid=825911
IP 108.157.214.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=FZfd769ODhy9&top=megaup.net&tid=825911 HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sun, 10 Sep 2023 20:58:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 10 Sep 2023 20:59:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: zojnDD__JmnDNtQgO2pv5Mb1NlVQMf6flnxqymlVy9AVsjH3A6AYLg==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109 0 B URL accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:FLLQ80wR_fhE3JN9CS-yZXf4RTvMcg:i06gxeVlIJrk5VFt; Expires=Tue, 09-Sep-2025 20:58:33 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 20:58:33 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhdAjUt3QEPBRW3ipfMaMjA4NMyHmTsrYaG1vsvM5xUQj5N_WtrHt0ypJsoxQfMYVQo3e-XBXQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-xRRGP0Fqwu8h4Xi7vu3xsQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
91.209.70.182 32 kB URL megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31568, version 1.1\012- data
Hash e0c4ac0e73196bd0469c5c33304b7773
bb071565f82907d117b0732dca8013409162c67d
ff3bf3a4a1bf2b922157b18d0e8cddd95f2fc2dfe09c30a3ce67bc11a84c67af
GET /themes/flow/frontend_assets/fonts/raleway_bold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6; _ga_Z9TE2LW16Q=GS1.1.1694379513.1.0.1694379513.0.0.0; _ga=GA1.1.347109378.1694379514
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:33 GMT
content-type: font/woff
content-length: 31568
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7b50"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109 0 B URL accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:rfN0dmyD2C3Bd8rtJTp9Ji2QSxnf4g:tJbfWAtDDTZdcHks; Expires=Tue, 09-Sep-2025 20:58:33 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 20:58:33 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfRAd9r_ZTlCma_9oC_-DW3HukHh3N9-gm0e0TiIYWWBydyDgGE3Tf89oE6LTpSzfefRix8RA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-mspALDmjv6Xo2g9dJBQmEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash e2dfeebda42275462be4c1b20fe1b66c
99021e22053a501bed57981c24ce6dbc1486cee0
487f4ecfe7ca98212b2274e00625ff493add046e76b28c9382731e7211856567
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 20:58:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25 17 kB URL hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 10 Sep 2023 20:58:33 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10706580
X-HW: 1694379513.dop207.sk1.t,1694379513.cds262.sk1.shn,1694379513.cds262.sk1.c
Access-Control-Allow-Origin: *
aticalfelixstownrus.info/utx?cb=lmWyYFDliaMj&top=megaup.net&tid=876318
108.157.214.94 0 B URL aticalfelixstownrus.info/utx?cb=lmWyYFDliaMj&top=megaup.net&tid=876318
IP 108.157.214.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=lmWyYFDliaMj&top=megaup.net&tid=876318 HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sun, 10 Sep 2023 20:58:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 10 Sep 2023 20:59:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: MIYEVwWBHxQSnHlAw31Fhvhn4HXIQxY_uAMfJ4ugojjHCQKAaXkqVQ==
X-Firefox-Spdy: h2
aticalfelixstownrus.info/utx?cb=Q2FImoD2lvyD&top=megaup.net&tid=764141
108.157.214.94 0 B URL aticalfelixstownrus.info/utx?cb=Q2FImoD2lvyD&top=megaup.net&tid=764141
IP 108.157.214.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Q2FImoD2lvyD&top=megaup.net&tid=764141 HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sun, 10 Sep 2023 20:58:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 10 Sep 2023 20:59:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 8aOfHI2pgVNDXD-pboESzqXASHsg9CUObJmrykkmPPcXuUORd2-EjQ==
X-Firefox-Spdy: h2
aticalfelixstownrus.info/multi?cs=OXgzRWcASAF2UghAB31XDksAdV4&abt=0&red=1&sm=76&k=download%20file%20advcwar1p2%20rebcamp%20nswtch%20base%20ziperto%20part1&v=1.0.60.3&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fmegaup.net%2F2zxS0%3Fpt%3D%2BJjuTHu6TNOglMOdAADjy9OUCG0%2FoTDvqWeRsl0MQQA%3D&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&_tLcE=1694379513704&crc=1
108.157.214.94 1.7 kB URL aticalfelixstownrus.info/multi?cs=OXgzRWcASAF2UghAB31XDksAdV4&abt=0&red=1&sm=76&k=download%20file%20advcwar1p2%20rebcamp%20nswtch%20base%20ziperto%20part1&v=1.0.60.3&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fmegaup.net%2F2zxS0%3Fpt%3D%2BJjuTHu6TNOglMOdAADjy9OUCG0%2FoTDvqWeRsl0MQQA%3D&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&_tLcE=1694379513704&crc=1
IP 108.157.214.94:0
File type ASCII text, with very long lines (3423), with no line terminators
Hash 9287f80843d552d03bfc7fb2aac559a4
7be5c709ddcda6f58298a738ae6b845fd26a966c
c832986bf78b990e273ba779c559387d1169692410e1a6a8946c3409819c73c3
GET /multi?cs=OXgzRWcASAF2UghAB31XDksAdV4&abt=0&red=1&sm=76&k=download%20file%20advcwar1p2%20rebcamp%20nswtch%20base%20ziperto%20part1&v=1.0.60.3&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fmegaup.net%2F2zxS0%3Fpt%3D%2BJjuTHu6TNOglMOdAADjy9OUCG0%2FoTDvqWeRsl0MQQA%3D&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&_tLcE=1694379513704&crc=1 HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1661
date: Sun, 10 Sep 2023 20:58:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=dc6ab826-f73c-4c52-b150-0569f8a39663
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: fndt9sKgtz_xKFqx3tZZwuwHSTWBnTobbw_oJ4ETYaRpQ9Aszo8xqw==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhdAjUt3QEPBRW3ipfMaMjA4NMyHmTsrYaG1vsvM5xUQj5N_WtrHt0ypJsoxQfMYVQo3e-XBXQ
142.250.74.109 406 B URL accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhdAjUt3QEPBRW3ipfMaMjA4NMyHmTsrYaG1vsvM5xUQj5N_WtrHt0ypJsoxQfMYVQo3e-XBXQ
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (397)
Hash 6ef357782934ccfa6e7115dee806f7e5
c38637e6d5aa02eab4363d91abcad86af9630a81
7be0923fb9b94aa49ab54ae43916801ad66c964acc27556b96057bca81ae38b1
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhdAjUt3QEPBRW3ipfMaMjA4NMyHmTsrYaG1vsvM5xUQj5N_WtrHt0ypJsoxQfMYVQo3e-XBXQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:aLHrdFXNBe3Dsu_71rilKB6M3RcecA:I-OPcOQdrijFVJvp;Path=/;Expires=Tue, 09-Sep-2025 20:58:34 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 20:58:34 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfCls4N2oGPHdr-_zATvFVDvr_QIm9MWOQQNNTZl7Klrlp4Zep01Fr9DLnf6HxnbAw3540s&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1862956751%3A1694379514026431&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-XKHt5XQcJdW1NBjnundSLA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 406
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfRAd9r_ZTlCma_9oC_-DW3HukHh3N9-gm0e0TiIYWWBydyDgGE3Tf89oE6LTpSzfefRix8RA
142.250.74.109 404 B URL accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfRAd9r_ZTlCma_9oC_-DW3HukHh3N9-gm0e0TiIYWWBydyDgGE3Tf89oE6LTpSzfefRix8RA
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (394)
Hash cc3c9d15528cc34044b7385eeb758b83
f3a710fd82626036ba506c272cbda70aca203e91
4001fc0c16b88efd877487ffb7ae25c1c7597c9022c8d4ac5bd48f174f79dcd1
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfRAd9r_ZTlCma_9oC_-DW3HukHh3N9-gm0e0TiIYWWBydyDgGE3Tf89oE6LTpSzfefRix8RA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:Grg5tgQ2YiuqJAwoJdizzkFjFuRVuQ:hGgN9aVznAhqxjYg;Path=/;Expires=Tue, 09-Sep-2025 20:58:34 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 20:58:34 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdZ5kkkzSEFOPMkK3JUZQafIx6CGvvvL_UBUnEsQNnkm9sfS_2ukJqgRCEkt-9TGEXhglsi&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2012409177%3A1694379514066949&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Qg57zqvzZ7ILitaDw2XnNA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 404
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
aticalfelixstownrus.info/floater?cs=VkZNNElud3oDcGd3eQZ7YHJ7BHk&abt=0&red=1&sm=83&k=download%20file%20advcwar1p2%20rebcamp%20nswtch%20base%20ziperto%20part1&v=0.9.2.5&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fmegaup.net%2F2zxS0%3Fpt%3D%2BJjuTHu6TNOglMOdAADjy9OUCG0%2FoTDvqWeRsl0MQQA%3D&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_LmCF=1694379513702&crc=1
108.157.214.94 2.1 kB URL aticalfelixstownrus.info/floater?cs=VkZNNElud3oDcGd3eQZ7YHJ7BHk&abt=0&red=1&sm=83&k=download%20file%20advcwar1p2%20rebcamp%20nswtch%20base%20ziperto%20part1&v=0.9.2.5&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fmegaup.net%2F2zxS0%3Fpt%3D%2BJjuTHu6TNOglMOdAADjy9OUCG0%2FoTDvqWeRsl0MQQA%3D&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_LmCF=1694379513702&crc=1
IP 108.157.214.94:0
File type ASCII text, with very long lines (3971), with no line terminators
Hash 73cf473b6777818f957138fb5647adac
aae291eafbbf88ee34159934f2c2b515048d7733
99706d6f96f5e54a4b310f0512d045732ddb2387cc0b7af33001a8fba8621e71
GET /floater?cs=VkZNNElud3oDcGd3eQZ7YHJ7BHk&abt=0&red=1&sm=83&k=download%20file%20advcwar1p2%20rebcamp%20nswtch%20base%20ziperto%20part1&v=0.9.2.5&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fmegaup.net%2F2zxS0%3Fpt%3D%2BJjuTHu6TNOglMOdAADjy9OUCG0%2FoTDvqWeRsl0MQQA%3D&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_LmCF=1694379513702&crc=1 HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
content-length: 2065
date: Sun, 10 Sep 2023 20:58:34 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=6e2a033f-c059-4313-a278-94ef69ec8337
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: T6BkIozonE9yhOyEnd01V7WcTAhYz4tVVRgtCvGkZh5fGif4r9OH5g==
X-Firefox-Spdy: h2
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 5.0 kB URL GET HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:443
Requested by https://a.adtng.com/get/10012456?time=1614803572912&apb=ooddNHdLHTPHNVS4ASOpprpmtrdTbbZNLTK6V1Esqp6pXVTTOpmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6ujO6uzfi3TTTfeXWWzPW6q663euvSeWZ0rv9.czijBuZznSuldK6V0rpXSuldK6au6miy6qahwfY-
Certificate IssuerDigiCert Inc
Subject*.ang-content.com
Fingerprint51:DB:5E:DC:4B:47:52:13:46:14:6B:21:A1:A9:FB:FD:A5:78:DC:A6
ValidityTue, 25 Oct 2022 00:00:00 GMT - Sat, 25 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (5027), with no line terminators
Hash 5e5817bcf4c82c7c85d1d88636d221ce
b5c32cc6c931c33c1297884016e13d3b9a5bf261
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 10 Sep 2023 20:58:35 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10418728
X-HW: 1694379515.dop232.sk1.t,1694379515.cds223.sk1.shn,1694379515.cds223.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/39/1187/805702/1030390/1030390_logo.png
205.185.208.20 16 kB URL hw-cdn2.ang-content.com/a7/creatives/39/1187/805702/1030390/1030390_logo.png
IP 205.185.208.20:0
Certificate IssuerDigiCert Inc
Subject*.ang-content.com
Fingerprint51:DB:5E:DC:4B:47:52:13:46:14:6B:21:A1:A9:FB:FD:A5:78:DC:A6
ValidityTue, 25 Oct 2022 00:00:00 GMT - Sat, 25 Nov 2023 23:59:59 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 2aaacb14c0816c811151f7e5ad369e9f
2b51b630dcbbdcd9cb0e9c298a5d4323de0f19f5
c6f084bf2cbf871312c3c508455dfeff2bb11dc8909d98ab1a43897b16bedf4e
GET /a7/creatives/39/1187/805702/1030390/1030390_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 10 Sep 2023 20:58:35 GMT
Connection: Keep-Alive
ETag: "1651515015"
Content-Length: 15603
Content-Type: image/png
Last-Modified: Mon, 02 May 2022 18:10:15 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10766888
X-HW: 1694379515.dop023.sk1.t,1694379515.cds258.sk1.shn,1694379515.dop023.sk1.t,1694379515.cds247.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/39/1187/805702/1030390/1030390_video.mp4
205.185.208.20 241 kB URL hw-cdn2.ang-content.com/a7/creatives/39/1187/805702/1030390/1030390_video.mp4
IP 205.185.208.20:0
Certificate IssuerDigiCert Inc
Subject*.ang-content.com
Fingerprint51:DB:5E:DC:4B:47:52:13:46:14:6B:21:A1:A9:FB:FD:A5:78:DC:A6
ValidityTue, 25 Oct 2022 00:00:00 GMT - Sat, 25 Nov 2023 23:59:59 GMT
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 241 kB (241322 bytes)
Hash 52c9ace410c8a18974ce86f153b0ef35
6d56cd1072cdf6cea723e26e7027c5c24b035886
01a7d757be5a8e5f1cc060a74cc6f8e2ac5ff4a79e1062c9b9676333b16aceec
GET /a7/creatives/39/1187/805702/1030390/1030390_video.mp4 HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Date: Sun, 10 Sep 2023 20:58:35 GMT
Connection: Keep-Alive
ETag: "1651516075"
Content-Length: 241322
Content-Range: bytes 0-241321/241322
Content-Type: video/mp4
Last-Modified: Mon, 02 May 2022 18:27:55 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10384812
X-HW: 1694379515.dop023.sk1.t,1694379515.cds258.sk1.shn,1694379515.dop023.sk1.t,1694379515.cds014.sk1.c
Access-Control-Allow-Origin: *
empafnyfiexpectt.info/bTF3WmZCDhQpWyB1JTQwBmg+GDAvWREtIytkRQhWL1Y1CDwDaFEuDwkMT2hTVABGfBYEVUppVEtCAzsSGEJKaFZdBFEzCAteSmhWXQdHaldeA1JtJQVFAyoVSAI2f1QrFEUcHgBdWTIJH0ISdwQEVRE1FB9UFjZIAkMQf1QrRR8vCw9fFjMKSAIxM0NedTZoFAsBPREjBVU6BVZIA0EqQ151RmxfWQJAY1NcAlloVF0JRm9DXwceNwEZFEQeDw5eGX9RLgBGblVYAUEFU1QIR25QXxRAGVNcBkBqUl8IQ2hUWQNEaVVVCUR8EFABWWNIXx9CfBNQAENrVFUFRGJRXwBHalRVBFEuFgxWSmtAHUUDNltcB05uVVoIQmtQWwVE
188.114.96.1 0 B URL empafnyfiexpectt.info/bTF3WmZCDhQpWyB1JTQwBmg+GDAvWREtIytkRQhWL1Y1CDwDaFEuDwkMT2hTVABGfBYEVUppVEtCAzsSGEJKaFZdBFEzCAteSmhWXQdHaldeA1JtJQVFAyoVSAI2f1QrFEUcHgBdWTIJH0ISdwQEVRE1FB9UFjZIAkMQf1QrRR8vCw9fFjMKSAIxM0NedTZoFAsBPREjBVU6BVZIA0EqQ151RmxfWQJAY1NcAlloVF0JRm9DXwceNwEZFEQeDw5eGX9RLgBGblVYAUEFU1QIR25QXxRAGVNcBkBqUl8IQ2hUWQNEaVVVCUR8EFABWWNIXx9CfBNQAENrVFUFRGJRXwBHalRVBFEuFgxWSmtAHUUDNltcB05uVVoIQmtQWwVE
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /bTF3WmZCDhQpWyB1JTQwBmg+GDAvWREtIytkRQhWL1Y1CDwDaFEuDwkMT2hTVABGfBYEVUppVEtCAzsSGEJKaFZdBFEzCAteSmhWXQdHaldeA1JtJQVFAyoVSAI2f1QrFEUcHgBdWTIJH0ISdwQEVRE1FB9UFjZIAkMQf1QrRR8vCw9fFjMKSAIxM0NedTZoFAsBPREjBVU6BVZIA0EqQ151RmxfWQJAY1NcAlloVF0JRm9DXwceNwEZFEQeDw5eGX9RLgBGblVYAUEFU1QIR25QXxRAGVNcBkBqUl8IQ2hUWQNEaVVVCUR8EFABWWNIXx9CfBNQAENrVFUFRGJRXwBHalRVBFEuFgxWSmtAHUUDNltcB05uVVoIQmtQWwVE HTTP/1.1
Host: empafnyfiexpectt.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
date: Sun, 10 Sep 2023 20:58:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HW48qqkpUcyBV0cFEpetAMBt%2F70O5Y8ex04mLPCkNymCw6HOkzyGBji2DW7lBo%2Fim69pb1lmeRLt1pb%2BeFVAd4CoJEBuGky8F%2FeL%2BrXao%2Fl3pT9cZ5mykSGZaFDGU1m6P%2FYimJYrJM4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804a970aca3c569d-OSL
alt-svc: h3=":443"; ma=86400
megaup.net/themes/flow/frontend_assets/fonts/raleway.woff
91.209.70.182 32 kB URL megaup.net/themes/flow/frontend_assets/fonts/raleway.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31836, version 1.1\012- data
Hash 4514fa5a5b3d1e0b14aa32a7d068124a
e634977bfabc20ed15fe7ed03d3876cf68834b93
5b0f118d658eacc5740b10b0dc2ebbd99ee8e8262c72ff29bfcda48c02b19861
GET /themes/flow/frontend_assets/fonts/raleway.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6; _ga_Z9TE2LW16Q=GS1.1.1694379513.1.0.1694379513.0.0.0; _ga=GA1.1.347109378.1694379514
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:36 GMT
content-type: font/woff
content-length: 31836
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c5c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff
91.209.70.182 31 kB URL megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31344, version 1.1\012- data
Hash 21f79e4c0fbe54a555170aa70bb4c8b7
9d4aaf2016cd21f16bc45089a48de84dba951fa7
2b638674bc57ad355ef2ecbd68e78ecb36bc323aaaf4ddeb9cd4f61bc5f26c42
GET /themes/flow/frontend_assets/fonts/raleway_extrabold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6; _ga_Z9TE2LW16Q=GS1.1.1694379513.1.0.1694379513.0.0.0; _ga=GA1.1.347109378.1694379514
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:36 GMT
content-type: font/woff
content-length: 31344
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7a70"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
91.209.70.182 32 kB URL megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31568, version 1.1\012- data
Hash e0c4ac0e73196bd0469c5c33304b7773
bb071565f82907d117b0732dca8013409162c67d
ff3bf3a4a1bf2b922157b18d0e8cddd95f2fc2dfe09c30a3ce67bc11a84c67af
GET /themes/flow/frontend_assets/fonts/raleway_bold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6; _ga_Z9TE2LW16Q=GS1.1.1694379513.1.0.1694379513.0.0.0; _ga=GA1.1.347109378.1694379514
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:36 GMT
content-type: font/woff
content-length: 31568
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7b50"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff
91.209.70.182 32 kB URL megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31980, version 1.1\012- data
Hash 99ac81a158028ac2023fb3350d2497e7
f08c12c91ab29282a616c3ba8e533f49b5b433ca
92a8c8eca8cfcfc53855bc48ba50b866704a00323c4e3089b564c939a668925d
GET /themes/flow/frontend_assets/fonts/raleway_semibold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6; _ga_Z9TE2LW16Q=GS1.1.1694379513.1.0.1694379513.0.0.0; _ga=GA1.1.347109378.1694379514
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:36 GMT
content-type: font/woff
content-length: 31980
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7cec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdZ5kkkzSEFOPMkK3JUZQafIx6CGvvvL_UBUnEsQNnkm9sfS_2ukJqgRCEkt-9TGEXhglsi&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2012409177%3A1694379514066949&theme=glif
142.250.74.109 806 B URL accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdZ5kkkzSEFOPMkK3JUZQafIx6CGvvvL_UBUnEsQNnkm9sfS_2ukJqgRCEkt-9TGEXhglsi&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2012409177%3A1694379514066949&theme=glif
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash ec5e1c44692e42bd7cbd2525dc862138
57e71e72eefdbcfc65ee54aa5d822dc25d9008ae
4cf6dd189d1fe30e497e4488436a28e4f7f8cdb30176df46415d8d1b5eef7628
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdZ5kkkzSEFOPMkK3JUZQafIx6CGvvvL_UBUnEsQNnkm9sfS_2ukJqgRCEkt-9TGEXhglsi&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2012409177%3A1694379514066949&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 20:58:34 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-Z2rymA2LQqfhdMP-ePkf2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.servingserved.com/n337/ad/192x192_KqUUC9O6MHw77v2oLGCJ.jpeg
151.139.128.10 6.9 kB URL static.servingserved.com/n337/ad/192x192_KqUUC9O6MHw77v2oLGCJ.jpeg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 316081929473623da65ba578c61180c3
c8e70eecd0c9e1b8d4e1d092f7ef3be02eaff65a
623137639eccb4f0279e1baf130284dc3875fcb52b935bc01fb34140c6192761
GET /n337/ad/192x192_KqUUC9O6MHw77v2oLGCJ.jpeg HTTP/1.1
Host: static.servingserved.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 10 Sep 2023 20:58:37 GMT
content-length: 6883
content-type: image/jpeg
last-modified: Fri, 07 Apr 2023 23:12:25 GMT
accept-ranges: bytes
etag: "6430a359-1ae3"
cache-control: max-age=86400
server: fbs
x-hw: 1694379517.cds010.sk1.hn,1694379517.cds018.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
91.209.70.182 32 kB URL megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31900, version 1.1\012- data
Hash 1b285c8e5b7445a8e434b2cdf036bab2
c97d4772fbb5c5637d466b5f991bc7ec28830b32
09b979826f2ac158a63ba234042c66414c21282d0bb46eadc62c64a873778825
GET /themes/flow/frontend_assets/fonts/raleway_medium.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6; _ga_Z9TE2LW16Q=GS1.1.1694379513.1.0.1694379513.0.0.0; _ga=GA1.1.347109378.1694379514
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:38 GMT
content-type: font/woff
content-length: 31900
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c9c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
empafnyfiexpectt.info/WnhtSFV1Rw47aA8/Ox4DaQgCHhIQHzx6Ew8hOh4cABQrIg9qF0s8PD5FVXpgY0lcbiUzHFB7Z3wLGSkhLwtQemVqTUshOzwXUHplak5deGRpSkh/FjIMGTgmf0ssbWccXV8OLTcUQyA6KAsIZTczHAsnJygdDCR7NQoKbWccDAU9ODgWDCE5f0srIXBpPAV+GBsWPjwDYisCF2V/Sls4cGk8XH5sbktacWBrS0N6Z2pAXH1waE4EJTIuXV4MPDkXA21iGRYYJDl/Ty59ZG1PXXxnY0xfemFoS157bWJLSz5oalZUZmd0TUs9aGtMXHptbktVf2drSF16bW9eGTg0PUVcbiUuDAF1ZGxBWXtiY01feGNpTw
188.114.96.1 0 B URL empafnyfiexpectt.info/WnhtSFV1Rw47aA8/Ox4DaQgCHhIQHzx6Ew8hOh4cABQrIg9qF0s8PD5FVXpgY0lcbiUzHFB7Z3wLGSkhLwtQemVqTUshOzwXUHplak5deGRpSkh/FjIMGTgmf0ssbWccXV8OLTcUQyA6KAsIZTczHAsnJygdDCR7NQoKbWccDAU9ODgWDCE5f0srIXBpPAV+GBsWPjwDYisCF2V/Sls4cGk8XH5sbktacWBrS0N6Z2pAXH1waE4EJTIuXV4MPDkXA21iGRYYJDl/Ty59ZG1PXXxnY0xfemFoS157bWJLSz5oalZUZmd0TUs9aGtMXHptbktVf2drSF16bW9eGTg0PUVcbiUuDAF1ZGxBWXtiY01feGNpTw
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /WnhtSFV1Rw47aA8/Ox4DaQgCHhIQHzx6Ew8hOh4cABQrIg9qF0s8PD5FVXpgY0lcbiUzHFB7Z3wLGSkhLwtQemVqTUshOzwXUHplak5deGRpSkh/FjIMGTgmf0ssbWccXV8OLTcUQyA6KAsIZTczHAsnJygdDCR7NQoKbWccDAU9ODgWDCE5f0srIXBpPAV+GBsWPjwDYisCF2V/Sls4cGk8XH5sbktacWBrS0N6Z2pAXH1waE4EJTIuXV4MPDkXA21iGRYYJDl/Ty59ZG1PXXxnY0xfemFoS157bWJLSz5oalZUZmd0TUs9aGtMXHptbktVf2drSF16bW9eGTg0PUVcbiUuDAF1ZGxBWXtiY01feGNpTw HTTP/1.1
Host: empafnyfiexpectt.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
date: Sun, 10 Sep 2023 20:58:40 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yy%2FkSgZ7RvEisfO5Jdk6CZQyuu%2FF2xz659g1XbewgrwmLwq9uEKOb9DCEdCNJZoyBGqBLVf92miyTNsZHqveA%2FoEObmd1MhcPDIqynIrd6NHzm9QXRtmMF%2BXV5vLLKvLoE8gk7LgJUc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804a9723c876569d-OSL
alt-svc: h3=":443"; ma=86400
megaup.net/themes/flow/js/jquery.dataTables.min.js
91.209.70.182 20 kB URL megaup.net/themes/flow/js/jquery.dataTables.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (768)
Hash 737f853e9fd6a31d62f5028e88663c9f
cf144f2ab49f53a69fbfe10d3588fc23437d2736
6c3ca64b7acfdd29b3ca6f1b9b46696369abd462d4546182085c347f72211841
GET /themes/flow/js/jquery.dataTables.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
DNT: 1
Connection: keep-alive
Cookie: filehosting=vm9rtal40d1ssc9q1npqqghmv6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:31 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-10fe4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
static.servingserved.com/n337/ad/192x192_hpbo3YohsfFJjjTRWsB9.jpeg
151.139.128.10 6.4 kB URL static.servingserved.com/n337/ad/192x192_hpbo3YohsfFJjjTRWsB9.jpeg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 760e083b0199dcf36cfadd363d72dbf6
6469a8818e2991ddee3eb5e1261f27d0bebc13f7
d4f6e490f7ce250a7f89d2b15391bc6e41eebf134ad92e220e6cdb863693c6d7
GET /n337/ad/192x192_hpbo3YohsfFJjjTRWsB9.jpeg HTTP/1.1
Host: static.servingserved.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 10 Sep 2023 20:58:40 GMT
content-length: 6353
content-type: image/jpeg
last-modified: Fri, 07 Apr 2023 23:13:51 GMT
accept-ranges: bytes
etag: "6430a3af-18d1"
cache-control: max-age=86400
server: fbs
x-hw: 1694379520.cds010.sk1.hn,1694379520.cds257.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
empafnyfiexpectt.info/Vkl3NHF5dhRHTA8fG0QUAAckVic6BC0FNyIeR3YaACQPUiUBCFFAGDJ0QAJAZ3FBEgE/LUoFVyU9FkAEJXRGEhg4LxgJVyB0RhpCYmdEAF9mbwIJQHA9B1UWa3hRRAUiJUoFR299RANIY3hFAklu
188.114.96.1204 No Content 0 B URL GET HTTP/2 empafnyfiexpectt.info/Vkl3NHF5dhRHTA8fG0QUAAckVic6BC0FNyIeR3YaACQPUiUBCFFAGDJ0QAJAZ3FBEgE/LUoFVyU9FkAEJXRGEhg4LxgJVyB0RhpCYmdEAF9mbwIJQHA9B1UWa3hRRAUiJUoFR299RANIY3hFAklu
IP 188.114.96.1:443
Requested by https://megaup.net/2zxS0?pt=+JjuTHu6TNOglMOdAADjy9OUCG0/oTDvqWeRsl0MQQA=
Certificate IssuerLet's Encrypt
Subjectempafnyfiexpectt.info
Fingerprint0A:3C:72:5A:AE:C9:CE:C3:ED:9D:55:D4:4A:C3:28:A5:31:C0:1B:2B
ValidityMon, 04 Sep 2023 06:52:14 GMT - Sun, 03 Dec 2023 06:52:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /Vkl3NHF5dhRHTA8fG0QUAAckVic6BC0FNyIeR3YaACQPUiUBCFFAGDJ0QAJAZ3FBEgE/LUoFVyU9FkAEJXRGEhg4LxgJVyB0RhpCYmdEAF9mbwIJQHA9B1UWa3hRRAUiJUoFR299RANIY3hFAklu HTTP/1.1
Host: empafnyfiexpectt.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sun, 10 Sep 2023 20:58:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JDqYXmI1hYP72rFZ2rIhq6FYTnjcyR%2F7tmQ98TI2aA5hNS6hmi9Xwkz0TXM9sLXttPanp0XPq7LxwTHpHq9xQn%2FLzjg3KQIiDwqmHzR%2Be4h5%2BtZrBamSh4hPPNZesuTNnQDy4AKo9zc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804a96f339e05696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.a-ads.com/a-ads-banners/406681/300x250?region=eu-central-1
213.239.209.209200 OK 621 kB URL GET HTTP/2 static.a-ads.com/a-ads-banners/406681/300x250?region=eu-central-1
IP 213.239.209.209:443
ASN #24940 Hetzner Online GmbH
Requested by https://ad.a-ads.com/1811811?size=300x250
Certificate IssuerSectigo Limited
Subject*.a-ads.com
Fingerprint34:68:C2:05:E5:2A:4E:C3:F9:FC:94:69:D3:A6:BE:F2:21:A2:DE:AE
ValidityWed, 21 Dec 2022 00:00:00 GMT - Sun, 21 Jan 2024 23:59:59 GMT
File type GIF image data, version 89a, 300 x 250\012- data
Size 621 kB (621339 bytes)
Hash c8694e7d5d3b9a928d4d57026ac2b68b
169b9f311167e19bd5061b53fc7e4f528e3ba7a9
0c23834abdcff9f74a47b37290da55f2c84c31c82ce26d9493b39a388b51ed6a
GET /a-ads-banners/406681/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 10 Sep 2023 20:58:33 GMT
content-type: image/gif
content-length: 621339
x-amz-id-2: Cs0DUuveHlDCKn7OdthHHIurClJgvxi1QcF6WlGe6Fk7Ppsp1wDAjaDDvSz75s/jzikeKFnZdd0=
x-amz-request-id: HQG6Y8N8EXS6031A
x-amz-replication-status: COMPLETED
last-modified: Thu, 04 Aug 2022 08:12:39 GMT
etag: "c8694e7d5d3b9a928d4d57026ac2b68b"
cache-control: max-age=315360000
x-amz-version-id: 4E6UO4Ah7Y9Th7PfdrLCDL4YiygucdkX
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2