megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
301 Moved Permanently 162 B URL HTTP/1.1 megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /18nhe/Construction.Simulator.Extended.Edition.part2.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 01 Oct 2022 17:45:41 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 17:02:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f5db034a9eef3b097715a6b5d2c824a8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: F1QkEwR5DI-E9j_Cy0YWHDC3rGAtVOXIqN9TLdyr2DcdGahGctX5Dg==
Age: 2582
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2686
Expires: Sat, 01 Oct 2022 18:30:27 GMT
Date: Sat, 01 Oct 2022 17:45:41 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 03:39:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 db92535f619848d07c0f5eb965b50adc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: SwRolOKBf5jrZCXLu9rmvtng17vqmiYbyiosFmqS7c2xJbAcAf7KOA==
age: 51145
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 8814816aa6512189fb73a0fbf1af861a
94061fe3845fe46cc2491d27ba3218c8c5b40773
1bccebbc673a31a235ad4324f10d520b334f36332cfe02792dce40d548410a48
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 17:45:41 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 30 Sep 2022 11:25:46 GMT
Expires: Fri, 07 Oct 2022 11:25:45 GMT
Etag: "94061fe3845fe46cc2491d27ba3218c8c5b40773"
Cache-Control: max-age=495003,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753703718ef0b4f7-OSL
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/main_logo_inverted.png
200 OK 7.1 kB URL HTTP/2 megaup.net/themes/flow/images/main_logo_inverted.png
IP
File type PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d15526be10b904a6b48d1af04a10cc3
c09b6874359ac6d71db95593618a9acb55baa984
894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018
GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/loading_small.gif
200 OK 184 kB URL HTTP/2 megaup.net/themes/flow/images/loading_small.gif
IP
File type GIF image data, version 89a, 64 x 64\012- data
Size 184 kB (184355 bytes)
Hash b0dd5b3af9c4c0644d7bddee83716209
30002468d0266b893b3559b8d0d260c6cbf0ad7c
2418224bb4d12c122ef3c54d2ee9edb5f6f28d539e91a166b0215553f8c7609d
GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/custom/custom.js
200 OK 1.9 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/custom/custom.js
IP
File type ASCII text, with CRLF line terminators
Hash cfa0ca133c183c0e2843c2e662e149f3
38d5cc72d33d00dc8f653cefa67b7e7a4e81316b
3d557c5150e39bf55e1fa91c7e4f4090966e99dee3d9b107e91c4f6a47299072
GET /themes/flow/frontend_assets/js/custom/custom.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1420"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
200 OK 1.2 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
IP
File type ASCII text, with CRLF line terminators
Hash d066a1d7a6b67ecd80f2df972aae274c
5fb405e1fe3fde794b678365283d66a5a82a643d
de04a8c716cca63db6ff13bfa5d53d73969e321df7904e6ef6a7309b71c74611
GET /themes/flow/frontend_assets/js/isotope/custom-isotope.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
200 OK 40 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
IP
File type ASCII text, with very long lines (464), with CRLF line terminators
Hash f14fcb41cdb5518c2a21c7ab2893807f
65228bd7f6d8a0db12de38afcfacf206751626ed
392dcdb0c986282a5ba78bb677f6d7944d0a984354fc8e8bd39f17be891e12c9
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-303b2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
altowriestwispy.com/tysaSHG1FMaM/18410
200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 17:45:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 02-Oct-2022 17:45:41 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 02-Oct-2022 17:45:41 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
keydawnawe.com/gwZ1U5hjA8ii/32575
200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 17:45:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 02-Oct-2022 17:45:41 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 02-Oct-2022 17:45:41 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
www.googletagmanager.com/gtag/js?id=UA-108868042-1
200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP
File type ASCII text, with very long lines (2039)
Hash 57a478028a70b81b8e81617553e60bb1
388068adb10a14952d59810222716165a173ecfb
fa785cd88a3dbb167bad04d2449242570b0c3498ac4582dee615cbc9ebdac6a3
GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 17:45:41 GMT
expires: Sat, 01 Oct 2022 17:45:41 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Oct 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42365
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2601db85aa6894ea41f37fc0c1f2594a
afc9de950cf648d720a78467582b26346b8d53bc
3211c5c61098100152ea682c86ec84f3a80229b8d709e5cbe0022caba7dc9e24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 17:45:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
200 OK 33 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
IP
File type ASCII text, with very long lines (2241), with CRLF line terminators
Hash 848e7fed6380ed3d2507698e818499c5
d0a63abed37cca3d5f5107160c7a8b6bce481993
aef252b4c9bc924928a54b8952e38658c8f3220f8fc7e247d0e67cac8003f36b
GET /themes/flow/frontend_assets/js/nav/jquery.scrollTo.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-981"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/retina/retina.js
200 OK 37 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/retina/retina.js
IP
File type ASCII text, with very long lines (1249)
Hash f0696e53eaffafb677238e3a7ada4678
7ee64e9334c6ea2b3fea579afc7a6ca610e3662c
0949c0632b0c194178d4263c50bca0af94cf09bf7ea6b50b527a31296c101dda
GET /themes/flow/frontend_assets/js/retina/retina.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-52e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
200 OK 34 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
IP
File type ASCII text, with CRLF line terminators
Hash 14e6ef7b96235617d0de4670485f419d
6d7bf681fa7562ed5f9e771d7a961f3634e3c3e4
6493ec9740fc4cacb43f557f5897e47cc6e712a83bb784a1810997ed22dbb97d
GET /themes/flow/frontend_assets/js/nav/jquery.nav.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1547"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
200 OK 21 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
IP
File type Web Open Font Format, TrueType, length 20972, version 1.0\012- data
Hash cad75e2dacc6794c4e6b14727d4a989d
694d04c8f643df4100c23efc1463ac9f4e732f60
ebccc09339b7730324221aff3d11d215de9997b47bf708ca18a3be2d8e8b9887
GET /themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: font/woff
content-length: 20972
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-51ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Cache-Control, Alert, Last-Modified, Backoff, Retry-After, Expires, Content-Length, Pragma, ETag
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 01 Oct 2022 17:32:53 GMT
Expires: Sat, 01 Oct 2022 18:18:14 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6fa2f2520e1a521d933565337b2b81de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: cD6I4jwNgJyVxVk7KdFFWiD8VRHTGl_H-WijcY17w4_dmx7Xvv7NBg==
Age: 769
megaup.net/themes/flow/styles/file-upload.css
200 OK 2.1 kB URL HTTP/2 megaup.net/themes/flow/styles/file-upload.css
IP
File type assembler source, ASCII text
Hash 05be2bb74aaa2f54702d4d7a9902e3f5
44352351ca0cb7e690b2deeb5ca3579034cd8427
cd9205a2f818c8798b8f4ff30cee7b83ccc5bc55f842a173736ca9f130d4529f
GET /themes/flow/styles/file-upload.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-21ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 2a43061cad4b3d4c385f8f089e4121a8
7dce2deea21ef9ab3fd7d8ba0f7a3ce2ac56a5b7
1f14ea6e98b0d559f9cadacae95b94f808950ed0b0534700338e978ef4072e90
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1F14EA6E98B0D559F9CADACAE95B94F808950ED0B0534700338E978EF4072E90"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6167
Expires: Sat, 01 Oct 2022 19:28:29 GMT
Date: Sat, 01 Oct 2022 17:45:42 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 2a43061cad4b3d4c385f8f089e4121a8
7dce2deea21ef9ab3fd7d8ba0f7a3ce2ac56a5b7
1f14ea6e98b0d559f9cadacae95b94f808950ed0b0534700338e978ef4072e90
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1F14EA6E98B0D559F9CADACAE95B94F808950ED0B0534700338E978EF4072E90"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6167
Expires: Sat, 01 Oct 2022 19:28:29 GMT
Date: Sat, 01 Oct 2022 17:45:42 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 2a43061cad4b3d4c385f8f089e4121a8
7dce2deea21ef9ab3fd7d8ba0f7a3ce2ac56a5b7
1f14ea6e98b0d559f9cadacae95b94f808950ed0b0534700338e978ef4072e90
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1F14EA6E98B0D559F9CADACAE95B94F808950ED0B0534700338E978EF4072E90"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6167
Expires: Sat, 01 Oct 2022 19:28:29 GMT
Date: Sat, 01 Oct 2022 17:45:42 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 2a43061cad4b3d4c385f8f089e4121a8
7dce2deea21ef9ab3fd7d8ba0f7a3ce2ac56a5b7
1f14ea6e98b0d559f9cadacae95b94f808950ed0b0534700338e978ef4072e90
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1F14EA6E98B0D559F9CADACAE95B94F808950ED0B0534700338E978EF4072E90"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6167
Expires: Sat, 01 Oct 2022 19:28:29 GMT
Date: Sat, 01 Oct 2022 17:45:42 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 2a43061cad4b3d4c385f8f089e4121a8
7dce2deea21ef9ab3fd7d8ba0f7a3ce2ac56a5b7
1f14ea6e98b0d559f9cadacae95b94f808950ed0b0534700338e978ef4072e90
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1F14EA6E98B0D559F9CADACAE95B94F808950ED0B0534700338E978EF4072E90"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6167
Expires: Sat, 01 Oct 2022 19:28:29 GMT
Date: Sat, 01 Oct 2022 17:45:42 GMT
Connection: keep-alive
keydawnawe.com/gwZ1U5hjA8ii/32575
200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 17:45:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.digicert.com/
200 OK 471 B IP
Hash 829e839c217bf861b8cf90c8d636f510
459714fcf0d374bdc078ef59d122d59bf9312c5f
36282e09bb25caf3d7350c4bee485cb87947aabc7d7409169caf15c2e75d8b7d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5851
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 17:45:42 GMT
Last-Modified: Sat, 01 Oct 2022 16:08:11 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
megaup.net/imageads/017.gif
200 OK 201 kB URL HTTP/2 megaup.net/imageads/017.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Size 201 kB (201359 bytes)
Hash deba3956e47484e8ba669125b2a814d9
2c86aab5ecf6c37457dd9f99861e55b3a57ecd52
d6c5fd53b238600374fe816597570a25ce2aef3aeb902e459e140293be16ddcd
GET /imageads/017.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: image/gif
content-length: 201359
last-modified: Sun, 14 Mar 2021 22:43:04 GMT
vary: Accept-Encoding
etag: "604e9178-3128f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
200 OK 54 kB URL HTTP/2 megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58554), with CRLF, LF line terminators
Hash 0464aac5cd554db08e7b06f1a52f9eae
50148c838b0a9b06960d8ea4730ae0ad6360507f
b933e9f223ded480ef35a0f4656d91193e55b922673996ff82dc1e71d04503d1
GET /18nhe/Construction.Simulator.Extended.Edition.part2.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: filehosting=6oekljahf41380e4p8hc1fo026; expires=Sun, 02-Oct-2022 17:45:41 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
200 OK 708 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
IP
File type ASCII text, with very long lines (1285)
Hash c63d77e0fd41daafb620c89a9735522e
89d098bde920e3bdbb810bf06abe530b1fc3737b
c7d9a559dfe55c2d4f9e6d0f72601ab12797e768dfe95f41d59d5aa496a6cb70
GET /themes/flow/frontend_assets/js/animation/jquery.appear.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-5c6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
200 OK 165 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
IP
File type ASCII text, with CRLF line terminators
Hash d9a482f3cecac321171489c73ee7a350
fbfe4b8362112dedca078cb027b218bba7cb2996
64156bd3da05f9a15e02c1a0aa9d3999c1098636c47f86bca083bd35f5d55d1c
GET /themes/flow/frontend_assets/css/All-stylesheets.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-153"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/custom.css
200 OK 3.4 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/custom.css
IP
File type assembler source, ASCII text, with CRLF line terminators
Hash 39f75e058b0ed002fc475232f45a93f0
8ef86552b3d1aeb260a7603915dec049da363978
6b71e51f798a06b773a3e73771659cc3860ff156f857c82eb36182475596c7f1
GET /themes/flow/frontend_assets/css/custom.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3577"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/responsive.css
200 OK 1.1 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/responsive.css
IP
File type assembler source, ASCII text
Hash 07f2c112e38e5a1f41930f52528c08fd
85a2a4dfd940f66c2ade5cac3a6b65c4ee21b860
0065bcb62eb6d33e62ee97d4ac9b56261faf246b5296abdd7ebca2adef30b304
GET /themes/flow/frontend_assets/css/responsive.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-e56"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
200 OK 3.5 kB URL HTTP/2 megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
IP
Hash b7c3935db890c12d26b069405d7926e7
4264edab85ae8722f460e20143e4a9ef139040a4
42afd9d939c277782bc5328193614d4103ccf81b91ade4c24e3a27d272dc2a33
GET /themes/flow/styles/font-icons/entypo/css/entypo.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45f5"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 2a43061cad4b3d4c385f8f089e4121a8
7dce2deea21ef9ab3fd7d8ba0f7a3ce2ac56a5b7
1f14ea6e98b0d559f9cadacae95b94f808950ed0b0534700338e978ef4072e90
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1F14EA6E98B0D559F9CADACAE95B94F808950ED0B0534700338E978EF4072E90"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6167
Expires: Sat, 01 Oct 2022 19:28:29 GMT
Date: Sat, 01 Oct 2022 17:45:42 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 159b79ad1ea6b5775e183f7cec043b4e
7defc3d25de90faf616497445c285e020627ba6c
805c0543d34ebb9710b2aa73d0cb38358831c630e7361fc38079b0c6ede4c3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "805C0543D34EBB9710B2AA73D0CB38358831C630E7361FC38079B0C6EDE4C3D1"
Last-Modified: Thu, 29 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1893
Expires: Sat, 01 Oct 2022 18:17:15 GMT
Date: Sat, 01 Oct 2022 17:45:42 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 280 B IP
Hash 8812897bca3236915e3d430052240422
699b40dce0d85bdfe92f407d2b962f0496b5070f
814e48413af6de66d4d014aa9f909b092564fc28253aa90cfda6de694563b73f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 17:45:42 GMT
Content-Type: application/ocsp-response
Content-Length: 280
Connection: keep-alive
Last-Modified: Fri, 30 Sep 2022 21:53:49 GMT
Expires: Fri, 07 Oct 2022 21:53:48 GMT
Etag: "699b40dce0d85bdfe92f407d2b962f0496b5070f"
Cache-Control: max-age=532685,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7537037898c3b4f7-OSL
platform.bidgear.com/media/img/b15.png
200 OK 649 B URL HTTP/2 platform.bidgear.com/media/img/b15.png
IP
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash d832fb80c97ff291b952757bb98240d2
63732e61a0784ed68fde494f83e4686a5c4bf7fa
7b35c11af8accdb40a14303dd3ae2762a97d2527933c56b6c9be6da2d0d11943
GET /media/img/b15.png HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: image/png
content-length: 649
last-modified: Mon, 25 Jul 2022 09:43:33 GMT
etag: "62de65c5-289"
expires: Sun, 23 Oct 2022 09:44:55 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 720029
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iumtk26wPZALSlNdoTpOdBWypwGjGtwd2vnLSP0um8Q9pxCYdRuQQQEDiEP3YnDZoo52dgDQ%2BXmLF1zUFjjxClx8o8zWNAtTterDhsctl40BG7lDFGO7iVPG7AajdfGvv1%2B6rbVC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75370378fa1e0b61-OSL
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
200 OK 13 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
IP
File type HTML document, ASCII text, with very long lines (15714), with CRLF line terminators
Hash a34ca24f174fc2caa63a6d47484bcff7
ff754572c8bbd5704d46efc2ddb70d548b5d6513
29ecb5eccbd7c7513b038b58eaf8c1174deab73d302b9203ebe37fd58ed43856
GET /themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3ead"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664646338686
200 OK 26 kB URL HTTP/2 platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664646338686
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (4445), with no line terminators
Hash 2d85a7be95a7feee0f2a3ef620237ce8
29cbf59951847de7522208758864e2920039c4cf
b71f80e22b2ec108cb80b8bc5590969a447e98d64cd126f6493552e8b2cd837c
GET /async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664646338686 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qUNA7smtaXOvkr7%2FYjphQl8rXupXdiGY%2B5FKSg68IfV%2BUsAYfpPffE3oOVApFau08sAyK78%2FmxVmhfy5dHiLWmvU%2F4UQ4CG55IbzDDcYHjimhEbnOkGRdqENdbrpwrsFM8FXsgf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537037809240b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
200 OK 951 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
IP
File type PNG image data, 114 x 114, 8-bit colormap, non-interlaced\012- data
Hash 76852bc6b2c028db97322a74e85bd020
ed52fb4de0d51f93277bbaae42fa80ba5f92c31e
8a5ef2ef8440c17db1b1b539065ba4a887e07a2c508b79c2d1659512e9016884
GET /themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: image/png
content-length: 951
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-3b7"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
imp9.bidgear.com/rec?t=1&z=6192&uuid=d65179555d9f4e1398241423ace085e8&p=28&g=NO&token=4a44335432&tbg=1664646342
200 OK 599 B URL HTTP/2 imp9.bidgear.com/rec?t=1&z=6192&uuid=d65179555d9f4e1398241423ace085e8&p=28&g=NO&token=4a44335432&tbg=1664646342
IP
File type JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Hash ca49a7e783b806a4e8576ea80346203d
6fe9d083221dae98f6c76f7121c37bc884b02d82
3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28
GET /rec?t=1&z=6192&uuid=d65179555d9f4e1398241423ace085e8&p=28&g=NO&token=4a44335432&tbg=1664646342 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: image/jpeg
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mxzojWbcqi1BLjDHmVV7c7iDyfn4M4J1IzGu2tISPM8qrWySZknbVTW0x2f%2BmxrYlhYbXIqBNCEtFPtPidviIlRPMn8YMhLH8z7we9wjouLXorRsWBXAj9guXJD2zDBh8RM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75370378ea130b61-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 17f6b8a1291315c2c038c38a055a2834
875d45eb081dea8964f745db9b189f1788aac472
329a5f1dbd5f4ebb6b21fb6e95e42eb2e120fc0373fa1e4f07c5ac4d21cc4530
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 17:45:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
megaup.net/sw.js
200 OK 31 kB IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash cb6a40e94cd248e7b6080209f526c9e2
c642a2a69acbfec0e19c56691409ea907e5b3cfc
e460653590fbbbd6c5e97c55b41f12439e86e62cb09db21c0d40dcf89e2ac5ed
GET /sw.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:52 GMT
vary: Accept-Encoding
etag: W/"60758f38-12fe6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
fhisladyloveh.xyz/RTVZUWokVzo8VSQIO3cfN1lkdFgDEGsXDihYIzoMIQ1rJgs8W3cyBipAPTcYKlstfwQgQXxjLC1mDxdaFmAMIDotWi80AHUBHBk4fFM0NSIgfWgnJTJWNBoQKUYXAjNgBx8QOBBNHj88cH8+HCUmX206IBINIRwQE388BicpeBs+HyByYWEtLEVtNCImYxUCDnVvDxhTC2YAZzkRWmgBACZRFSsJYAcbASgPQxQSAjZyCghPd3MQFVocfh4TXQMFHz8OEk0zAy0ADDwWKBdQPjUZHAUIPSYGVjIVLT0GPAIGCFMhIU93cwMHLHN3aykAF3EqKwgCfGgyIgtbAAdHdEY9YgF3cAo+Hw9bCxYudlFsCC8XAD0ZBiJgASVbCU8+FiYGeDQaPAMCGGIoK2I3PQAVciEXTC9GNj8aeHQ2KyIBcAphWjJCHmYdMGQ
200 OK 1.2 kB URL HTTP/2 fhisladyloveh.xyz/RTVZUWokVzo8VSQIO3cfN1lkdFgDEGsXDihYIzoMIQ1rJgs8W3cyBipAPTcYKlstfwQgQXxjLC1mDxdaFmAMIDotWi80AHUBHBk4fFM0NSIgfWgnJTJWNBoQKUYXAjNgBx8QOBBNHj88cH8+HCUmX206IBINIRwQE388BicpeBs+HyByYWEtLEVtNCImYxUCDnVvDxhTC2YAZzkRWmgBACZRFSsJYAcbASgPQxQSAjZyCghPd3MQFVocfh4TXQMFHz8OEk0zAy0ADDwWKBdQPjUZHAUIPSYGVjIVLT0GPAIGCFMhIU93cwMHLHN3aykAF3EqKwgCfGgyIgtbAAdHdEY9YgF3cAo+Hw9bCxYudlFsCC8XAD0ZBiJgASVbCU8+FiYGeDQaPAMCGGIoK2I3PQAVciEXTC9GNj8aeHQ2KyIBcAphWjJCHmYdMGQ
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3026), with no line terminators
Hash c62df40c8bab252f8cff320d932f31da
54c5fa447465348ea51a5d930b65c581cfe4a865
1588efecf838dfae92c84f4f1cd908c57cc92cb7c8ac7b22c868fdc30705d933
GET /RTVZUWokVzo8VSQIO3cfN1lkdFgDEGsXDihYIzoMIQ1rJgs8W3cyBipAPTcYKlstfwQgQXxjLC1mDxdaFmAMIDotWi80AHUBHBk4fFM0NSIgfWgnJTJWNBoQKUYXAjNgBx8QOBBNHj88cH8+HCUmX206IBINIRwQE388BicpeBs+HyByYWEtLEVtNCImYxUCDnVvDxhTC2YAZzkRWmgBACZRFSsJYAcbASgPQxQSAjZyCghPd3MQFVocfh4TXQMFHz8OEk0zAy0ADDwWKBdQPjUZHAUIPSYGVjIVLT0GPAIGCFMhIU93cwMHLHN3aykAF3EqKwgCfGgyIgtbAAdHdEY9YgF3cAo+Hw9bCxYudlFsCC8XAD0ZBiJgASVbCU8+FiYGeDQaPAMCGGIoK2I3PQAVciEXTC9GNj8aeHQ2KyIBcAphWjJCHmYdMGQ HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1180
date: Sat, 01 Oct 2022 17:45:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4db6285f05eea501ed4657d6127ec5f8.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX50-C2
x-amz-cf-id: InQ0dkVIIvR9cTqwWfn8Kw-S7S2Tsw3fHyLmIAM5klDjLxAYHQZUGQ==
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sat, 01 Oct 2022 16:41:09 GMT
expires: Sat, 01 Oct 2022 18:41:09 GMT
cache-control: public, max-age=7200
age: 3873
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 76fda9bb7d23b03c4b8203e61267bdfb
37b1fcf2c92e99799ebca1623a646b255691cdc3
9782e91ebd1487e505b2009b9b9854d0d3f958a66d47fcceb368ad2eb2955d16
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5508
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 17:45:42 GMT
Last-Modified: Sat, 01 Oct 2022 16:13:54 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
200 OK 623 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
IP
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f18a5a1527e7431847ba21b5e4d950d2
18c056c75af57e8f1810b65fd935f82a36c0c8eb
07bba575164bd4bd83f547c26abdfee7971696c688bd3b5328ba8b240162dc12
GET /themes/flow/frontend_assets/images/icons/favicon/favicon.ico HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: image/x-icon
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-47e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash f88671bd2916c3dd7440ecbd4ceff029
89a2264b381408946d6c88735557b035b49d0079
2e125af5a9cd56c5daa6145caaad1dac94e468faf69ce26e9d39c6418445122b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2E125AF5A9CD56C5DAA6145CAAAD1DAC94E468FAF69CE26E9D39C6418445122B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9871
Expires: Sat, 01 Oct 2022 20:30:13 GMT
Date: Sat, 01 Oct 2022 17:45:42 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2406f709deebae46a57115b2a28c6dbe
c03cb7f48ebb34d140a0518ce5bdcbc592042913
b8d1f67bd3d1803167b7851e2e2eb69b0f2560aee0c27495b64b3cb993221a58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 17:45:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
megaup.net/themes/flow/js/jquery.fileupload-resize.js
200 OK 3.3 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-resize.js
IP
Hash 4f264364b8ac84c19edc918684abb184
2c11271465134f6736bd5af33d672e9d48aecedc
700a16b874d92f2c05e712f0f780e8c024027daae8097e41828a067befd7dcb0
GET /themes/flow/js/jquery.fileupload-resize.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1f7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash f88671bd2916c3dd7440ecbd4ceff029
89a2264b381408946d6c88735557b035b49d0079
2e125af5a9cd56c5daa6145caaad1dac94e468faf69ce26e9d39c6418445122b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2E125AF5A9CD56C5DAA6145CAAAD1DAC94E468FAF69CE26E9D39C6418445122B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9871
Expires: Sat, 01 Oct 2022 20:30:13 GMT
Date: Sat, 01 Oct 2022 17:45:42 GMT
Connection: keep-alive
fhisladyloveh.xyz/SmlwRmMrCxMrXCtUEmAWOAVNY1EMTEIABycECi0FLlFCMQIzB14lDyUcFCARJQcEaA0vHVV0JS09NTIMHgcpMCkLMB8VNy0ANA4tCAweNjkuAjI3KhgaGAEnMlsyPAALKDMPKQwCMQknJlk3CzcmTEIANyAGPQ0rEDARBAw+IyF/GR8qGyogeSc4JwolJDwDF34LIjFGeCs3FQd4LgpyIQEAOQkzCywYCjZ+XjZ1JicrChcFAyoTDAJ6ODsgCBBMQgQ2eVxHFycQIRYRVigtNghGeCsVMTIkLjQtGR4xCAEtAicVAzYIXRIqEAc8Q3NUDQMYEgU9GSIjJSJRKS1Oe1EiLxA/KgkTOSsxGzMFDzNJI1IiTEIAMSRYBRENfjg6EggEIjItUygFHw83eRkcESQtLRMeDGwDAykNOlQfPxUGABEeVQgsRQ4kP10
200 OK 1.2 kB URL HTTP/2 fhisladyloveh.xyz/SmlwRmMrCxMrXCtUEmAWOAVNY1EMTEIABycECi0FLlFCMQIzB14lDyUcFCARJQcEaA0vHVV0JS09NTIMHgcpMCkLMB8VNy0ANA4tCAweNjkuAjI3KhgaGAEnMlsyPAALKDMPKQwCMQknJlk3CzcmTEIANyAGPQ0rEDARBAw+IyF/GR8qGyogeSc4JwolJDwDF34LIjFGeCs3FQd4LgpyIQEAOQkzCywYCjZ+XjZ1JicrChcFAyoTDAJ6ODsgCBBMQgQ2eVxHFycQIRYRVigtNghGeCsVMTIkLjQtGR4xCAEtAicVAzYIXRIqEAc8Q3NUDQMYEgU9GSIjJSJRKS1Oe1EiLxA/KgkTOSsxGzMFDzNJI1IiTEIAMSRYBRENfjg6EggEIjItUygFHw83eRkcESQtLRMeDGwDAykNOlQfPxUGABEeVQgsRQ4kP10
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3024), with no line terminators
Hash 95d51ab408e7e87fa77323a892f8dc3f
8b8766abb01895785cd53783b95713fda2228213
ef4d6ba7fa38e1641c06f8189a19fa0a9b0abb54ffd03692d22b94d65d62c201
GET /SmlwRmMrCxMrXCtUEmAWOAVNY1EMTEIABycECi0FLlFCMQIzB14lDyUcFCARJQcEaA0vHVV0JS09NTIMHgcpMCkLMB8VNy0ANA4tCAweNjkuAjI3KhgaGAEnMlsyPAALKDMPKQwCMQknJlk3CzcmTEIANyAGPQ0rEDARBAw+IyF/GR8qGyogeSc4JwolJDwDF34LIjFGeCs3FQd4LgpyIQEAOQkzCywYCjZ+XjZ1JicrChcFAyoTDAJ6ODsgCBBMQgQ2eVxHFycQIRYRVigtNghGeCsVMTIkLjQtGR4xCAEtAicVAzYIXRIqEAc8Q3NUDQMYEgU9GSIjJSJRKS1Oe1EiLxA/KgkTOSsxGzMFDzNJI1IiTEIAMSRYBRENfjg6EggEIjItUygFHw83eRkcESQtLRMeDGwDAykNOlQfPxUGABEeVQgsRQ4kP10 HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1182
date: Sat, 01 Oct 2022 17:45:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4db6285f05eea501ed4657d6127ec5f8.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX50-C2
x-amz-cf-id: 8bVU0AKZkfGksnRqxpftFRL5cDrsGX4g1TJOKXpR6XO2dPR0SnMw_A==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 58cdcbc619cc37c2b412a271310b92b1
67fde013c375e4dbef8ffaba1b96afe8fa3be17b
93eef600189a7527f0aa3eb6dc9b4e9568f61193938d6a75f6ca956b76e94740
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 17:45:42 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-586459327%3A1664646342744253&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoHqFjP7Cq3u7kedWkGIMqEsjd0yPMKBPNiCFLzeqp6Y4wnuSQuBrq0oy88lxzjQ8KNj7-TPA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-rCto7ZUlj_5kx-3Uu53a0g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:qeKA83ugDWh4DCjZJhrJ-z9F81GdRw:IcM5bBiClktnloTJ;Path=/;Expires=Mon, 30-Sep-2024 17:45:42 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
200 OK 5.2 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
IP
Hash fdafb6e9bf21b09095a4b950947c9582
a79203ed6e1aeb0836a6860cf4ff855181470fad
cd00adb59ca86b7317f38ff8eb5873dd7b23bbc259ad1ad24d61816a5a212d32
GET /themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-8d4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 047a34f64ffc1b071a4d3e6a712e2910
ecc68ad772ed011f8db29ee5f474a8290e6cf3c6
081900e282f9594d63109063775741c0cdfa24768d587d08efac222db43a251e
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 17:45:42 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S956522225%3A1664646342785390&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqdKqqGWhfawi_-YibeyhM1OJCwqbqcnQNoQOa2UF-x6mp0KeZKIBS5Opb8NmF6O4syUt25Iw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Q7dGFlx37V2gMkCVvnbsUw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:tL_jYZRmCY1i6E7mwqEffGogPxODoA:s3c-SbiqBk24chGp;Path=/;Expires=Mon, 30-Sep-2024 17:45:42 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/
200 OK 73 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/
IP
File type ASCII text, with no line terminators
Hash de37377b72195a4f064edf7ec8a76676
ed544d5b6a37acad78498099407c648a93316ddb
b3209cc0b1d1b71e85af4e843afe00a3079f3286d52b3fb47e72c6c5c48b8399
GET / HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73
date: Sat, 01 Oct 2022 17:17:24 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 ce3edb24525b5cd14ad82bbb2327e8a4.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: 1oocFJHuukMuAhwEt_xUNtVB_ZiEVV_NRvSLi27kYd1f4xW-Gw80Vw==
age: 1698
X-Firefox-Spdy: h2
syndication.exdynsrv.com/v1/api.php
200 OK 2.3 kB URL HTTP/1.1 syndication.exdynsrv.com/v1/api.php
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5235), with no line terminators
Hash 031233e49a0555d98d121e703f3c09ec
63e0ec9a4a106d7f039155f4e329e14d16ab58fd
f6d66f56e5891cb1426e65abe53b5804ce536f59829b12bda05747236ec7afc8
POST /v1/api.php HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 17:45:42 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263387cc6c1ea03.551204241001325939%22%3B%7D; expires=Mon, 30-Sep-2024 17:45:42 GMT; Max-Age=63072000; path=/; domain=exdynsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
accounts.google.com/v3/signin/identifier?dsh=S-586459327%3A1664646342744253&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoHqFjP7Cq3u7kedWkGIMqEsjd0yPMKBPNiCFLzeqp6Y4wnuSQuBrq0oy88lxzjQ8KNj7-TPA
403 Forbidden 1.2 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-586459327%3A1664646342744253&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoHqFjP7Cq3u7kedWkGIMqEsjd0yPMKBPNiCFLzeqp6Y4wnuSQuBrq0oy88lxzjQ8KNj7-TPA
IP
Hash 39da86b021482a64a81d16b171b94278
4910a2f927d3cd9a695f2a0367e4a03a7b00d9eb
02275db9a6f379f32db9e54d34517fb69bab5ef38f9c9d783379fb0582de626c
GET /v3/signin/identifier?dsh=S-586459327%3A1664646342744253&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoHqFjP7Cq3u7kedWkGIMqEsjd0yPMKBPNiCFLzeqp6Y4wnuSQuBrq0oy88lxzjQ8KNj7-TPA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 17:45:42 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-Ca6XEnI4PKw_L-K7vARPTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=fQvfKLtojGk43DlDMD9Zw_DSfyrg911QEkNVvH3N38HWgPMFWN5a1fvuwxBk6blWn3G9jqIkcden1HJkjkoNe2YI_5DN3G3vuDIyDgH8BVwVY74d2FOHId-OU31H9R8NbMpOM43IQ4g02D284npKdeXHcqt_mGxZBM45dc7KGhQ; expires=Sun, 02-Apr-2023 17:45:42 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fhisladyloveh.xyz/utx?cb=BsRPIefdtHrS&top=megaup.net&tid=761186
204 No Content 0 B URL HTTP/2 fhisladyloveh.xyz/utx?cb=BsRPIefdtHrS&top=megaup.net&tid=761186
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=BsRPIefdtHrS&top=megaup.net&tid=761186 HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 17:45:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 17:46:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4db6285f05eea501ed4657d6127ec5f8.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX50-C2
x-amz-cf-id: BUgr-luTT8jxglKMOsIa8mkcZ2ZrCAwFJDrJuScHnfE7m1O2DzGUnw==
X-Firefox-Spdy: h2
fhisladyloveh.xyz/utx?cb=8DarqXNuJ5Cs&top=megaup.net&tid=876318
204 No Content 0 B URL HTTP/2 fhisladyloveh.xyz/utx?cb=8DarqXNuJ5Cs&top=megaup.net&tid=876318
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=8DarqXNuJ5Cs&top=megaup.net&tid=876318 HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 17:45:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 17:46:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4db6285f05eea501ed4657d6127ec5f8.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX50-C2
x-amz-cf-id: Sq3IyRLSYJOrOBdkburxbAL3Jek5Z7zSZGdDxxI6yqBwqJL01Mzeug==
X-Firefox-Spdy: h2
fhisladyloveh.xyz/utx?cb=mnlXErnYJIRb&top=megaup.net&tid=764141
204 No Content 0 B URL HTTP/2 fhisladyloveh.xyz/utx?cb=mnlXErnYJIRb&top=megaup.net&tid=764141
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=mnlXErnYJIRb&top=megaup.net&tid=764141 HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 17:45:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 17:46:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4db6285f05eea501ed4657d6127ec5f8.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX50-C2
x-amz-cf-id: osSsKdLRIbbYLfX5nnpurYp-VIbL0AMM9WgfLMRUzyz1iBF2i9a1fA==
X-Firefox-Spdy: h2
fhisladyloveh.xyz/utx?cb=PMW4LCjaNAfK&top=megaup.net&tid=825911
204 No Content 0 B URL HTTP/2 fhisladyloveh.xyz/utx?cb=PMW4LCjaNAfK&top=megaup.net&tid=825911
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=PMW4LCjaNAfK&top=megaup.net&tid=825911 HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 17:45:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 17:46:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4db6285f05eea501ed4657d6127ec5f8.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX50-C2
x-amz-cf-id: Wc684ZJlUEwPQNrYUSAbOEFHSjQfoFCehaMpowMtlPuIGYMq8R1oaw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 9258de3968ca063250558ee06c75757b
56415f416ce29130b0a0b6fc919e2cdc0fd4d693
2474d99b3d10370e1efad3804a6f32452287e6b8e24d8254c69e8619a62624d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 17:45:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 76fda9bb7d23b03c4b8203e61267bdfb
37b1fcf2c92e99799ebca1623a646b255691cdc3
9782e91ebd1487e505b2009b9b9854d0d3f958a66d47fcceb368ad2eb2955d16
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5508
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 17:45:42 GMT
Last-Modified: Sat, 01 Oct 2022 16:13:54 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
dmmzkfd82wayn.cloudfront.net/zWURXWHA6Kzk+Ty0tM2VJbX1vbkR/LiQ3Hil5IDY1OicSFxE0YiMiFGR0cTQRNyNqfhU3J2ppVjggNWVEfzE2ZR02Pj40HDhhZR5Fd3RyakBxPGZpVWoGcmpANS05LQh8dmcgSG8bYWxVagZyakArMnJrMWByeWhZfHZnPxU6Lzh9Qh92Z2lAaXVnaVVrdD-ExAjwiOCBVawJubl5pYiJlQQ
200 OK 180 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/zWURXWHA6Kzk+Ty0tM2VJbX1vbkR/LiQ3Hil5IDY1OicSFxE0YiMiFGR0cTQRNyNqfhU3J2ppVjggNWVEfzE2ZR02Pj40HDhhZR5Fd3RyakBxPGZpVWoGcmpANS05LQh8dmcgSG8bYWxVagZyakArMnJrMWByeWhZfHZnPxU6Lzh9Qh92Z2lAaXVnaVVrdD-ExAjwiOCBVawJubl5pYiJlQQ
IP
File type ASCII text, with no line terminators
Hash 3cb284632f56adf59b8180211af7c858
ed02f9d7f7a7c6f61f2e2e103d5ed10ca2cc47a0
0fd390a3011da7faf93def569ab1e7c4cb6488abed907cf4fb2b52ed4cb31e0e
GET /zWURXWHA6Kzk+Ty0tM2VJbX1vbkR/LiQ3Hil5IDY1OicSFxE0YiMiFGR0cTQRNyNqfhU3J2ppVjggNWVEfzE2ZR02Pj40HDhhZR5Fd3RyakBxPGZpVWoGcmpANS05LQh8dmcgSG8bYWxVagZyakArMnJrMWByeWhZfHZnPxU6Lzh9Qh92Z2lAaXVnaVVrdD-ExAjwiOCBVawJubl5pYiJlQQ HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fhisladyloveh.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 180
date: Sat, 01 Oct 2022 17:45:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f4faeb517127841e7e64a20ebbade858.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: a6eR3x16-050CrM4fXmlJrH76VElpQqoMPjzDhpqkRCo1Cuqa9zTqw==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/hSVF0SUUqPhovej04EHR9fmdHeH1vOwcmKzlsNSY/ARUxGnV5JgMOcj4kJW8xMzVJeWMlMBoueG80Gip4eHcVLSd0ZVI9NSY6STo1PjcdLzc+PBJvMChsGSY/ID0YKGB7F0FndWxjRGE9eGBRegdsY0QlLCckDGx3eSlMfxp/ZVF6B2xjRDszbGI1cHNnYV-1sd3k2ESouJnRGD3d5YER5dHlgUXt1LzgGLCMmKVF7A3BnWnljPGxF
200 OK 459 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/hSVF0SUUqPhovej04EHR9fmdHeH1vOwcmKzlsNSY/ARUxGnV5JgMOcj4kJW8xMzVJeWMlMBoueG80Gip4eHcVLSd0ZVI9NSY6STo1PjcdLzc+PBJvMChsGSY/ID0YKGB7F0FndWxjRGE9eGBRegdsY0QlLCckDGx3eSlMfxp/ZVF6B2xjRDszbGI1cHNnYV-1sd3k2ESouJnRGD3d5YER5dHlgUXt1LzgGLCMmKVF7A3BnWnljPGxF
IP
File type ASCII text, with very long lines (600), with no line terminators
Hash 3151b789fb3b6d232e26195a82d81b9e
e2a4b560add656e1ef7d167fed615b3c36325c68
628a876e6eb7adc1d6aa806eb4e39404498d87ba34011665581722af4ec7292a
GET /hSVF0SUUqPhovej04EHR9fmdHeH1vOwcmKzlsNSY/ARUxGnV5JgMOcj4kJW8xMzVJeWMlMBoueG80Gip4eHcVLSd0ZVI9NSY6STo1PjcdLzc+PBJvMChsGSY/ID0YKGB7F0FndWxjRGE9eGBRegdsY0QlLCckDGx3eSlMfxp/ZVF6B2xjRDszbGI1cHNnYV-1sd3k2ESouJnRGD3d5YER5dHlgUXt1LzgGLCMmKVF7A3BnWnljPGxF HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fhisladyloveh.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 459
date: Sat, 01 Oct 2022 17:45:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f4faeb517127841e7e64a20ebbade858.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: K1HN7lucJ6LXL2vc5YDN8Ls0NtSZq7fK946Ri4HasgjFKLytF5oy6w==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/TRHpGeHYnFSgeSTATIkVOdk9/SUdiEDUXGDRHMjAsPAN0CDEmTA0PUDAAIkVGYhYnFhF5XCMWFXlLYBkSJkdyXgI0FS1FAyoeIx4fKh8iXgMlRysXDC0WKhlTdjxzVkZhSHZQDnVLY0s0YUh2FB8qDz5dRHQCfk4pck5jSzRhSHYKAGFJB0FAakpvXUR0HS-MbHStfdD5EdEt2SEd0S2NKRiITNB0QKwJjSjB9TGhIUDFHdw
200 OK 354 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/TRHpGeHYnFSgeSTATIkVOdk9/SUdiEDUXGDRHMjAsPAN0CDEmTA0PUDAAIkVGYhYnFhF5XCMWFXlLYBkSJkdyXgI0FS1FAyoeIx4fKh8iXgMlRysXDC0WKhlTdjxzVkZhSHZQDnVLY0s0YUh2FB8qDz5dRHQCfk4pck5jSzRhSHYKAGFJB0FAakpvXUR0HS-MbHStfdD5EdEt2SEd0S2NKRiITNB0QKwJjSjB9TGhIUDFHdw
IP
File type ASCII text, with very long lines (452), with no line terminators
Hash ceb0c9fed72f7c58ad5a0303e6c6e6f4
ebd7ee746a5cabeff617186e235d12593c06bbe4
aa93d67da10f900f416aa1f809f1dc6deb7ce125ef2e144c26866e9098906d02
GET /TRHpGeHYnFSgeSTATIkVOdk9/SUdiEDUXGDRHMjAsPAN0CDEmTA0PUDAAIkVGYhYnFhF5XCMWFXlLYBkSJkdyXgI0FS1FAyoeIx4fKh8iXgMlRysXDC0WKhlTdjxzVkZhSHZQDnVLY0s0YUh2FB8qDz5dRHQCfk4pck5jSzRhSHYKAGFJB0FAakpvXUR0HS-MbHStfdD5EdEt2SEd0S2NKRiITNB0QKwJjSjB9TGhIUDFHdw HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fhisladyloveh.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 354
date: Sat, 01 Oct 2022 17:45:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f4faeb517127841e7e64a20ebbade858.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: amLCqtDThWc1YDhy0oH1nTvFDEPjSBvDANtaOSY_3_GBa7DVazBxLw==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/gTEtoTnYvJAYoSTgiDHNBenpZdkBqIRshGDx2BzcAACIJFkAODl0GMTl/TjoMKHZYaBotJQ9zUCklC3NHaioMLEt4bRw+GSd2Gz4BKiIOPAEhLU47F3EmBzQfICcJa0QKfkZ+U357QDZHfW5bDFN+ewQnGDkzTXxGNHNeEUB4blsMU357GjhTfwpReFh8Yk-18RisuCyUZaXkufEZ9e1h/Rn1uWn4QJTkNKBk0bloIT3plWGgDcXo
200 OK 591 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/gTEtoTnYvJAYoSTgiDHNBenpZdkBqIRshGDx2BzcAACIJFkAODl0GMTl/TjoMKHZYaBotJQ9zUCklC3NHaioMLEt4bRw+GSd2Gz4BKiIOPAEhLU47F3EmBzQfICcJa0QKfkZ+U357QDZHfW5bDFN+ewQnGDkzTXxGNHNeEUB4blsMU357GjhTfwpReFh8Yk-18RisuCyUZaXkufEZ9e1h/Rn1uWn4QJTkNKBk0bloIT3plWGgDcXo
IP
File type ASCII text, with very long lines (835), with no line terminators
Hash 28282513f909820e032a9764395ff0c2
db27af24d48d318cbf927d27f0fd649fa0800efe
f98b2717c6a982a1ed4660a5e2eddf3b24cc7024263b5fb5164af54e133336e9
GET /gTEtoTnYvJAYoSTgiDHNBenpZdkBqIRshGDx2BzcAACIJFkAODl0GMTl/TjoMKHZYaBotJQ9zUCklC3NHaioMLEt4bRw+GSd2Gz4BKiIOPAEhLU47F3EmBzQfICcJa0QKfkZ+U357QDZHfW5bDFN+ewQnGDkzTXxGNHNeEUB4blsMU357GjhTfwpReFh8Yk-18RisuCyUZaXkufEZ9e1h/Rn1uWn4QJTkNKBk0bloIT3plWGgDcXo HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fhisladyloveh.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 591
date: Sat, 01 Oct 2022 17:45:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f4faeb517127841e7e64a20ebbade858.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: H6m8nY9RkwpVjN3IFrVgxB2wAREm8r1OC790zddJvJfa7SxUoCIgew==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/oYlhrTDEBNwUqDhYxD3EGVGxaeABEMhgjXxJlGBh+FDMkJHgTNCULFxYiD3EBRDQKIlZffg4iUl9pTS1VAGVfakUSNwBxQhIvDSVXEC8GKhcXOVYhXhgxByBQR2oteR9SfVl8GRppWmkCIH1ZfF0LNh40FFBoE3QHPW5faQIgfVl8QxR9WA0IVHZbZRRQaA-wpUgk3Tn53UGhafAFTaFppA1I+Aj5UBDcTaQMkYV1iAUQtVn0
200 OK 597 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/oYlhrTDEBNwUqDhYxD3EGVGxaeABEMhgjXxJlGBh+FDMkJHgTNCULFxYiD3EBRDQKIlZffg4iUl9pTS1VAGVfakUSNwBxQhIvDSVXEC8GKhcXOVYhXhgxByBQR2oteR9SfVl8GRppWmkCIH1ZfF0LNh40FFBoE3QHPW5faQIgfVl8QxR9WA0IVHZbZRRQaA-wpUgk3Tn53UGhafAFTaFppA1I+Aj5UBDcTaQMkYV1iAUQtVn0
IP
File type ASCII text, with very long lines (828), with no line terminators
Hash efcfe28eea451b0722f202a11e097ff0
13a93b9314f85d495293baa16200900b99b53b99
fac0b41ec59c32d1e18ca8442a4336ac59a463e0874a44d467bfacfb3b3df968
GET /oYlhrTDEBNwUqDhYxD3EGVGxaeABEMhgjXxJlGBh+FDMkJHgTNCULFxYiD3EBRDQKIlZffg4iUl9pTS1VAGVfakUSNwBxQhIvDSVXEC8GKhcXOVYhXhgxByBQR2oteR9SfVl8GRppWmkCIH1ZfF0LNh40FFBoE3QHPW5faQIgfVl8QxR9WA0IVHZbZRRQaA-wpUgk3Tn53UGhafAFTaFppA1I+Aj5UBDcTaQMkYV1iAUQtVn0 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fhisladyloveh.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 597
date: Sat, 01 Oct 2022 17:45:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f4faeb517127841e7e64a20ebbade858.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: RGjruRQx7iBw5N4ws0SPB80PzUu8Nyf2__-YksogT5atXNi6QMgKTg==
X-Firefox-Spdy: h2
syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PWUoEMRC9ihfoUGuSmm+/FRQP0OlJ++UgqKDwDm/Sg4P1qKKWV5uQyMK0EN+xnsxPJghOQckksRseHp9gjLf+un69p0v/hDsbZeQIsopQq5Jhlo1rhjPDJSQGo7g65WJgh4IGxNVseomImAsq4eX5/lAeEMKwcyWkYjSCvmcfn6N4bmWrnTYruu/irfddz6uyBU3i/xPpikRCMcf+JTDYKuPFhW+BYQjhKK8fP5cNuNGvx8KPCQo2m6tyyb1r6xaVYy/DsVbJWy26tU70C3wpPLJUAQAA
200 OK 20 B URL HTTP/1.1 syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PWUoEMRC9ihfoUGuSmm+/FRQP0OlJ++UgqKDwDm/Sg4P1qKKWV5uQyMK0EN+xnsxPJghOQckksRseHp9gjLf+un69p0v/hDsbZeQIsopQq5Jhlo1rhjPDJSQGo7g65WJgh4IGxNVseomImAsq4eX5/lAeEMKwcyWkYjSCvmcfn6N4bmWrnTYruu/irfddz6uyBU3i/xPpikRCMcf+JTDYKuPFhW+BYQjhKK8fP5cNuNGvx8KPCQo2m6tyyb1r6xaVYy/DsVbJWy26tU70C3wpPLJUAQAA
IP
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01PWUoEMRC9ihfoUGuSmm+/FRQP0OlJ++UgqKDwDm/Sg4P1qKKWV5uQyMK0EN+xnsxPJghOQckksRseHp9gjLf+un69p0v/hDsbZeQIsopQq5Jhlo1rhjPDJSQGo7g65WJgh4IGxNVseomImAsq4eX5/lAeEMKwcyWkYjSCvmcfn6N4bmWrnTYruu/irfddz6uyBU3i/xPpikRCMcf+JTDYKuPFhW+BYQjhKK8fP5cNuNGvx8KPCQo2m6tyyb1r6xaVYy/DsVbJWy26tU70C3wpPLJUAQAA HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263387cc6c1ea03.551204241001325939%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 17:45:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263387cc6c1ea03.551204241001325939%22%3B%7D; expires=Mon, 30 Sep 2024 17:45:42 GMT; path=; domain=.exdynsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263387cc6c1ea03.551204241001325939%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22511.0199%22%7D; expires=Mon, 30 Sep 2024 17:45:42 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
200 OK 52 kB URL HTTP/2 megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
IP
File type Unicode text, UTF-8 text, with very long lines (8746)
Hash 2a8dbdc8fba840cf8ded44804ab2e765
9eb0a2972fec09b8b362b23fc5266d0e6e601db1
5360ab87928a854996ed38637d2cb6027e5dda18f66a22fad7c8457e8649c948
GET /themes/flow/js/clipboardjs/clipboard.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2296"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
fhisladyloveh.xyz/utx?tid=832633&top=megaup.net&cb=wVh5nXOygdhX
204 No Content 0 B URL HTTP/2 fhisladyloveh.xyz/utx?tid=832633&top=megaup.net&cb=wVh5nXOygdhX
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=832633&top=megaup.net&cb=wVh5nXOygdhX HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 17:45:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 17:46:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4db6285f05eea501ed4657d6127ec5f8.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX50-C2
x-amz-cf-id: uXSfp-8CCLgkL30OSuQsG6QL8I7Ysbe4oCIeaUnliUzNyeXrJd5MVg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 541b9477ba4015c9c0b61ddb3502bf12
5f35fc25fa5ed69e660ca8c004cc0f13dd3a33b0
8b877db561b7a5b4eb8bae184a7608c30d5674820b430c1985676e968137dbef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B877DB561B7A5B4EB8BAE184A7608C30D5674820B430C1985676E968137DBEF"
Last-Modified: Thu, 29 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5364
Expires: Sat, 01 Oct 2022 19:15:07 GMT
Date: Sat, 01 Oct 2022 17:45:43 GMT
Connection: keep-alive
societingna.info/ZXZFNlkeVDZBBhAEKRRjRx4xQikWTGoZNAARJEMpSxggQnYWAWtcKkdaZ0U0A1R%2FB3VHAiRRBgwSZwx7XUV3AGpWVGkUKhAUGl89V1R%2FFD9REnwDaAASaAVpVU9oAmFSEGgOP1NDaA5oB08kAW4AR3BVP0cL
200 OK 23 kB URL HTTP/2 societingna.info/ZXZFNlkeVDZBBhAEKRRjRx4xQikWTGoZNAARJEMpSxggQnYWAWtcKkdaZ0U0A1R%2FB3VHAiRRBgwSZwx7XUV3AGpWVGkUKhAUGl89V1R%2FFD9REnwDaAASaAVpVU9oAmFSEGgOP1NDaA5oB08kAW4AR3BVP0cL
IP
File type ASCII text, with very long lines (57594), with no line terminators
Hash a9c07e173c5cb36ed598bb3aa6970b25
d27f02f26f2782f0a87d3bdddd5cc13b5bec873f
5fc4202d866b853174add03cb23556b478b65b99d51b2df7da5e4258508362c0
Analyzer Verdict Alert fortinet Malware
GET /ZXZFNlkeVDZBBhAEKRRjRx4xQikWTGoZNAARJEMpSxggQnYWAWtcKkdaZ0U0A1R%2FB3VHAiRRBgwSZwx7XUV3AGpWVGkUKhAUGl89V1R%2FFD9REnwDaAASaAVpVU9oAmFSEGgOP1NDaA5oB08kAW4AR3BVP0cL HTTP/1.1
Host: societingna.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 9afbb4d7a80059ff0c1df6450ee051e3=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e0fa-iZhl8JTIsmTj5e3aPF8gd0Y0TT8"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 32 kB IP
File type ASCII text, with no line terminators
Hash 11b7b5b9ed4feb126a86da9d8acc983e
e499379ba863b979b2ed3ed58647e6c6e2885a30
c3678a921300e8f54bafefbd388fc70de4bdce4e7f633cc305c4c3cc42895563
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: text/plain
set-cookie: csu=1912477793317437@1@1664646342; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nh3Ol3LXVUfyI0F8dhnXPgp0gcRqhxLbvLr5Jykfb9btPh1aCW6oIX0p9kupLAq1tX97FkyIsSPL1yrIjHGn8kTDMKsf%2Fc%2Btd9FsD38qhlo%2FRrVsBHx6I50RY7vL8jKO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7537037a68037521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fhisladyloveh.xyz/multi?cs=dWVRUGhFXWBlUUBVY2JRTVdkaVk&abt=0&red=1&sm=76&k=download%20file%20construction%20simulator%20extended%20edition%20part2&v=1.0.60.0&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&u=1912477793317437&agec=1664646342&fs=1&mbkb=110.49723756906077&ref=https%3A%2F%2Fmegaup.net%2F18nhe%2FConstruction.Simulator.Extended.Edition.part2.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_vCqY=1664646339386&crc=1
200 OK 1.5 kB URL HTTP/2 fhisladyloveh.xyz/multi?cs=dWVRUGhFXWBlUUBVY2JRTVdkaVk&abt=0&red=1&sm=76&k=download%20file%20construction%20simulator%20extended%20edition%20part2&v=1.0.60.0&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&u=1912477793317437&agec=1664646342&fs=1&mbkb=110.49723756906077&ref=https%3A%2F%2Fmegaup.net%2F18nhe%2FConstruction.Simulator.Extended.Edition.part2.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_vCqY=1664646339386&crc=1
IP
File type ASCII text, with very long lines (3243), with no line terminators
Hash 2316b2ad8347f81c04257b7cf0c1ca6f
f677a84ef5a715172db6c184e44c8bba546d1248
b9384015f4b27914c287787072ee6a856269e9d37f2f28d2a1ecfb5c284bed27
GET /multi?cs=dWVRUGhFXWBlUUBVY2JRTVdkaVk&abt=0&red=1&sm=76&k=download%20file%20construction%20simulator%20extended%20edition%20part2&v=1.0.60.0&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&u=1912477793317437&agec=1664646342&fs=1&mbkb=110.49723756906077&ref=https%3A%2F%2Fmegaup.net%2F18nhe%2FConstruction.Simulator.Extended.Edition.part2.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_vCqY=1664646339386&crc=1 HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1548
date: Sat, 01 Oct 2022 17:45:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=cf2ad9e2-175a-4a09-a0e9-3fc507bb4b0a
csu=1912477793317437
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4db6285f05eea501ed4657d6127ec5f8.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX50-C2
x-amz-cf-id: KndzpzBV6N9crV7a6SSttV6k-Kael9XsC27dYQiuz9nIgkAaLDjNbg==
X-Firefox-Spdy: h2
fhisladyloveh.xyz/floater?cs=WHZIZ2prR3FfU2xFfFNZYE5%2BUV8&abt=0&red=1&sm=83&k=download%20file%20construction%20simulator%20extended%20edition%20part2&v=0.8.10.0&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&u=1912477793317437&agec=1664646342&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=110.49723756906077&ref=https%3A%2F%2Fmegaup.net%2F18nhe%2FConstruction.Simulator.Extended.Edition.part2.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_cpj1=1664646339384&crc=1
200 OK 5.2 kB URL HTTP/2 fhisladyloveh.xyz/floater?cs=WHZIZ2prR3FfU2xFfFNZYE5%2BUV8&abt=0&red=1&sm=83&k=download%20file%20construction%20simulator%20extended%20edition%20part2&v=0.8.10.0&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&u=1912477793317437&agec=1664646342&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=110.49723756906077&ref=https%3A%2F%2Fmegaup.net%2F18nhe%2FConstruction.Simulator.Extended.Edition.part2.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_cpj1=1664646339384&crc=1
IP
Hash 669b91bba59fe7ac9c9ec535dc26dd28
8a6cee12c2f84d4b11feabc45562a6084cad6bea
fba38a1e59e0918270a6d847f4e789532b8f05685c43ecce5759e011d8fa9c56
GET /floater?cs=WHZIZ2prR3FfU2xFfFNZYE5%2BUV8&abt=0&red=1&sm=83&k=download%20file%20construction%20simulator%20extended%20edition%20part2&v=0.8.10.0&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&u=1912477793317437&agec=1664646342&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=110.49723756906077&ref=https%3A%2F%2Fmegaup.net%2F18nhe%2FConstruction.Simulator.Extended.Edition.part2.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_cpj1=1664646339384&crc=1 HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 5126
date: Sat, 01 Oct 2022 17:45:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=0e638898-9d60-40a8-ba4d-59a18b6db84d
csu=1912477793317437
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4db6285f05eea501ed4657d6127ec5f8.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX50-C2
x-amz-cf-id: UzUKodHP7HMe2bg-bR9KfPLYgtYgHWwQ7xcGXiA5XcwxdOW_aY_xWQ==
X-Firefox-Spdy: h2
tsapphires.buzz/Y1piajc4eFpZBVVpUUgbQXhOSFFXPltfBgY%2BT1kHU2NPXg9UPE9SUVVvT1IGAWMDXQAGa1cJUUF2QAhUAjsDW1ZbdwYJUgV3VloHAHdbXQVWd1pZDlc7VV9WBmhTDxVPeBEdFU94FhlWEyoKA0UGKUwIQhkgQEYVUmpMXxVPPAMGRAZ2BAtbED9ODFYPKQc3
200 OK 13 kB URL HTTP/2 tsapphires.buzz/Y1piajc4eFpZBVVpUUgbQXhOSFFXPltfBgY%2BT1kHU2NPXg9UPE9SUVVvT1IGAWMDXQAGa1cJUUF2QAhUAjsDW1ZbdwYJUgV3VloHAHdbXQVWd1pZDlc7VV9WBmhTDxVPeBEdFU94FhlWEyoKA0UGKUwIQhkgQEYVUmpMXxVPPAMGRAZ2BAtbED9ODFYPKQc3
IP
File type ASCII text, with very long lines (33861), with no line terminators
Hash 1436a11f11cad1c6b16ee69b660dc32b
2b9ab0c20968f5df51a78b3601ad3d3471d7a030
f569f09b368997b2c284c6648a591634aea4b259da5ccf6f7a3bd359d91c3676
GET /Y1piajc4eFpZBVVpUUgbQXhOSFFXPltfBgY%2BT1kHU2NPXg9UPE9SUVVvT1IGAWMDXQAGa1cJUUF2QAhUAjsDW1ZbdwYJUgV3VloHAHdbXQVWd1pZDlc7VV9WBmhTDxVPeBEdFU94FhlWEyoKA0UGKUwIQhkgQEYVUmpMXxVPPAMGRAZ2BAtbED9ODFYPKQc3 HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 1a59b875359e0fa11b9b445364570be1=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8445-3C0ZGgZtpjoG6I5CW+/O1g0la1o"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
tsapphires.buzz/
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://megaup.net
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 103 kB IP
Size 103 kB (102903 bytes)
Hash 3712d6f2302508678d5996e0c24bff51
f668558f9df6c6ddc03fc7eb05f2aa758b384535
54ff13e51fe447a29139a4caf9423edef59eccb2d8a7f7f5d80b5763c07cf0b5
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2834
last-modified: Sat, 01 Oct 2022 16:58:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F0ZkTzI15gMvRWp67n%2FXdDHsGlkVH4en8jgvmJZCpO%2FAxB03U2jBMhl01LAFLEFcZAYTjzqYCv03pwUy17oCW9UsyHoNq0SIZmVeQ2NWhNFy39UA%2FHG02PH5q0ENkRaG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7537037a2fac7521-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7372
Expires: Sat, 01 Oct 2022 19:48:35 GMT
Date: Sat, 01 Oct 2022 17:45:43 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7372
Expires: Sat, 01 Oct 2022 19:48:35 GMT
Date: Sat, 01 Oct 2022 17:45:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg
200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 21e55a6ca7350ed834993a486e138de1
c09ee0f2be578f0067b2ed0237d565a04438147e
124ca8ae6e3f7c7bb28f0d47fa693753884261ed61896eccf7bc13f249fc8960
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6959
x-amzn-requestid: eaf91f33-2fe3-4ed5-b89c-6199c2f17651
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCF6toAMFSDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-3b8c7f290ffda97b2d179433;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xr7RU7lL1QVYd5D1qQ_jqJQbefIVMeUQsJgxK4C-EvT0Hx0U37SNWQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:16:03 GMT
age: 70180
etag: "c09ee0f2be578f0067b2ed0237d565a04438147e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 109 kB IP
Size 109 kB (108715 bytes)
Hash 9f04ddd660bd3aebbea547f11b5369a7
a6db81c4ebff0c20902b274bf528013cc4691214
880529a4ef8a8a57773e949e86e50691f1ece54374d0429541f1951bd9be4473
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2834
last-modified: Sat, 01 Oct 2022 16:58:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n39yVWeLZRBqS382vcfkDIkGpBzFv4HMoMxeMdSrPDogDWuCjwEr0GFUgKa8JhNxTNva70D1pXPxn%2FvSjHm7NuWZJLZ3IdG0wRRze5q1ertXxCOA1bex47xIfkqoMdbF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7537037a68167521-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 111 kB IP
Size 111 kB (110669 bytes)
Hash 05fe02dc180f1b1e4ad3b93fc10ea869
67b7b6f24af11f70cbde6f88079216bbe6b9cd80
3cc0e3f894f5d2b2edeeb39346db6b65673e76fab4dbccbe4fd27dfe99dad37a
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2834
last-modified: Sat, 01 Oct 2022 16:58:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4D2lCpTTsO9KGSP2OuySFbs94UbLR8pXq3CJREuLF52hfM7xl687doQZYkYklPTv9UFnOnhMk45w44hEPhRVZYveWfXWgYcfifU4HUkRk5mIcNooaxzbjRNjx22m7tQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7537037a4fe47521-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4be456dbe857580c7b4c7fca3936e04e
49798c4a15545a49f3870b2a16af78dbf8e168cc
23e42987d5e9939424d5f4e4fe0c38faf20a221732097927dd4a656199d9d315
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10201
x-amzn-requestid: 62562627-78a8-4c17-bf6c-b2c986b9ee8f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCFH3IAMFoFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-69637d745165485171ca73b9;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CueKD4mKZFXrPdwSOtYV3muaegRDOA632EztOt22qrk0Qd2yj1oPkg==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:57:18 GMT
age: 71305
etag: "49798c4a15545a49f3870b2a16af78dbf8e168cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb90508fe-e6b6-4ad0-9afc-67b46e4d0aa4.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb90508fe-e6b6-4ad0-9afc-67b46e4d0aa4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c475b8cc11fdaabbda170c6605d1391
7eea9aa04c5a72c417a580ca45341a0b5adc72cf
888de88ddad429a0bdb565b1f069dab4bea55a3b8a662c4efd9b75fd261dee3b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb90508fe-e6b6-4ad0-9afc-67b46e4d0aa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8734
x-amzn-requestid: abef68e4-c2c6-4551-babc-125c93c1506d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSz0UECTIAMF3BA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376681-5090c08a3349bb8715d3c579;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:58:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pAnOlf78Pu-hwBIKm002F4z1G8Q1pshDOPxwIQ81Yu6HzIT-0PJt1Q==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:22:17 GMT
age: 69806
etag: "7eea9aa04c5a72c417a580ca45341a0b5adc72cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg
200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d31a422078d02bda318c693c05a58dc
2df7db53629c7adda2c0a4dfe9c17791b73a75e1
a07fe4e135b52da6dfa9d8a55684f0a3bf5f5ce52c4064c8ab37836a939902a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8299
x-amzn-requestid: 91eed6b6-632f-472b-93d7-4192425fcdfd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF0SoAMFWgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-17bb04894cc786555d693ec3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8JvNUZRyYeZjd4ZxOrGMCbJxVf46NRhiHXsFvCAZn2QeUkdCzKoYbw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:15:58 GMT
age: 70185
etag: "2df7db53629c7adda2c0a4dfe9c17791b73a75e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a7c73f65eb487dd1b71cab791c5a052b
b21fde09c0a99c3bea272cc5e1034b9b1caa20ec
5729bd0d1e2f553f39e754592c1316193097f9487132ea2666507ad54a7c9a0b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5729BD0D1E2F553F39E754592C1316193097F9487132EA2666507AD54A7C9A0B"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4336
Expires: Sat, 01 Oct 2022 18:58:02 GMT
Date: Sat, 01 Oct 2022 17:45:46 GMT
Connection: keep-alive
stunningruin.com/winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu%2Bf32snhRWQ%2FCCuNNQSbdM7Mz0y4SjNlIMLtZdl30pFRX1Uxe01PVVHVNT3IKCrInGfHgx6nz5At1lfUPcJXOgoeAkLlFNHdPisKeZcaY0Rea9%2BN5D0%2B%2Fz1Pvb%2FtTFsDzk8XrZpOShM9dqQXV594Mw6vVFdJ%2BWB12Wm%2B3mlerdvBi1KoFz1dfVWLdzNWDMAjCIKwukVVdM5ybgKD0XhTWoqDWrNfCK00MbQHnK3C8Ajk4ZU%2BC5PjCw8olkCih%2B%2FcXlVvPTPrCtb5PeGYsBvLgjl7XJtfoz8quraCrD862Ydzx0gMYvTelCDM4X4xpzCo%2FPECsD86IIR7sTrnFCZRGLB9DPiihkhLESwjzHkgeM0BI3FiF7u%2FfMDbnG3%2BjfIKO2YVHf4LyMbvwyyXo%2FtcLCQ2rt03iMzLaYdgtQMMS1CuR%2BkNkmwyUH0Jk74Lkj2zu0Qp0f3fVJQYki%2Bm%2FE5WgbolEjcAdg598xOC7Ffi0gr48qYowDNuBFDzoREI0ZFvFLRmEvN0NeRi0OvBiQm%2BELB1BJCMIu4XUbmGdRrD%2BA5Ar4XkBSgukbr9TvxKFIZQ4mv%2F100l8Bk4n1UCFqhk26%2B24EXHVrbeViITqBKIbR412M0JMR%2FPz%2FvHrd55ZQ0IMih999zubBpwuoH2xoy0VsOqIncWOldnR%2FPnWWgEnGVzGMJAFcsWQO4acM%2BTEkGcM%2BaDYk4mru2JfJs7H4Vmun%2BVGsWOyXrFnsp7SbDs9ZU9MtflDvIV1dVLtBqLe6UbNRr3TjKK4I5vtRqvTkiKUHdXsSDj65wLk%2FgfuKtikMXvq59%2BQTlwjP0LMD%2BGSQwh6FtxfBs8L8LUCm7qANPdd5rUm3bOedE2YPtLsIrKNynZyyp6ecml9cvc%2F5xW2QGoLvEMPGXrJ3Z1bJme7t0zu2DeraUZ92uQTD93OeKb%2B%2F8VraiM3Vi4vutHnL4sJMCnvva5ctsK1JN1z7MsFklLZJWOFYt8uuzdUfNO7tQVvtU9Xbr6ytNxPrXKOjC7B6fjaxxA0Zhc%2F%2FGn6OC5%2F9RLIlrC%2BQN%2BfywUyJUS6BZfOZs4w2GTWxylD7osdW49nw4khkpnu4HEB968%2BntXb7ns4KpA59hcAAAD%2F%2FwEAAP%2F%2Fc%2F%2FfQHkEAAA%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1664646343&pid=91283&sub2=icon&auid=0e1e41427b39aef27ec9ce80cfb93749&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
307 Temporary Redirect 0 B URL HTTP/1.1 stunningruin.com/winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu%2Bf32snhRWQ%2FCCuNNQSbdM7Mz0y4SjNlIMLtZdl30pFRX1Uxe01PVVHVNT3IKCrInGfHgx6nz5At1lfUPcJXOgoeAkLlFNHdPisKeZcaY0Rea9%2BN5D0%2B%2Fz1Pvb%2FtTFsDzk8XrZpOShM9dqQXV594Mw6vVFdJ%2BWB12Wm%2B3mlerdvBi1KoFz1dfVWLdzNWDMAjCIKwukVVdM5ybgKD0XhTWoqDWrNfCK00MbQHnK3C8Ajk4ZU%2BC5PjCw8olkCih%2B%2FcXlVvPTPrCtb5PeGYsBvLgjl7XJtfoz8quraCrD862Ydzx0gMYvTelCDM4X4xpzCo%2FPECsD86IIR7sTrnFCZRGLB9DPiihkhLESwjzHkgeM0BI3FiF7u%2FfMDbnG3%2BjfIKO2YVHf4LyMbvwyyXo%2FtcLCQ2rt03iMzLaYdgtQMMS1CuR%2BkNkmwyUH0Jk74Lkj2zu0Qp0f3fVJQYki%2Bm%2FE5WgbolEjcAdg598xOC7Ffi0gr48qYowDNuBFDzoREI0ZFvFLRmEvN0NeRi0OvBiQm%2BELB1BJCMIu4XUbmGdRrD%2BA5Ar4XkBSgukbr9TvxKFIZQ4mv%2F100l8Bk4n1UCFqhk26%2B24EXHVrbeViITqBKIbR412M0JMR%2FPz%2FvHrd55ZQ0IMih999zubBpwuoH2xoy0VsOqIncWOldnR%2FPnWWgEnGVzGMJAFcsWQO4acM%2BTEkGcM%2BaDYk4mru2JfJs7H4Vmun%2BVGsWOyXrFnsp7SbDs9ZU9MtflDvIV1dVLtBqLe6UbNRr3TjKK4I5vtRqvTkiKUHdXsSDj65wLk%2FgfuKtikMXvq59%2BQTlwjP0LMD%2BGSQwh6FtxfBs8L8LUCm7qANPdd5rUm3bOedE2YPtLsIrKNynZyyp6ecml9cvc%2F5xW2QGoLvEMPGXrJ3Z1bJme7t0zu2DeraUZ92uQTD93OeKb%2B%2F8VraiM3Vi4vutHnL4sJMCnvva5ctsK1JN1z7MsFklLZJWOFYt8uuzdUfNO7tQVvtU9Xbr6ytNxPrXKOjC7B6fjaxxA0Zhc%2F%2FGn6OC5%2F9RLIlrC%2BQN%2BfywUyJUS6BZfOZs4w2GTWxylD7osdW49nw4khkpnu4HEB968%2BntXb7ns4KpA59hcAAAD%2F%2FwEAAP%2F%2Fc%2F%2FfQHkEAAA%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1664646343&pid=91283&sub2=icon&auid=0e1e41427b39aef27ec9ce80cfb93749&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu%2Bf32snhRWQ%2FCCuNNQSbdM7Mz0y4SjNlIMLtZdl30pFRX1Uxe01PVVHVNT3IKCrInGfHgx6nz5At1lfUPcJXOgoeAkLlFNHdPisKeZcaY0Rea9%2BN5D0%2B%2Fz1Pvb%2FtTFsDzk8XrZpOShM9dqQXV594Mw6vVFdJ%2BWB12Wm%2B3mlerdvBi1KoFz1dfVWLdzNWDMAjCIKwukVVdM5ybgKD0XhTWoqDWrNfCK00MbQHnK3C8Ajk4ZU%2BC5PjCw8olkCih%2B%2FcXlVvPTPrCtb5PeGYsBvLgjl7XJtfoz8quraCrD862Ydzx0gMYvTelCDM4X4xpzCo%2FPECsD86IIR7sTrnFCZRGLB9DPiihkhLESwjzHkgeM0BI3FiF7u%2FfMDbnG3%2BjfIKO2YVHf4LyMbvwyyXo%2FtcLCQ2rt03iMzLaYdgtQMMS1CuR%2BkNkmwyUH0Jk74Lkj2zu0Qp0f3fVJQYki%2Bm%2FE5WgbolEjcAdg598xOC7Ffi0gr48qYowDNuBFDzoREI0ZFvFLRmEvN0NeRi0OvBiQm%2BELB1BJCMIu4XUbmGdRrD%2BA5Ar4XkBSgukbr9TvxKFIZQ4mv%2F100l8Bk4n1UCFqhk26%2B24EXHVrbeViITqBKIbR412M0JMR%2FPz%2FvHrd55ZQ0IMih999zubBpwuoH2xoy0VsOqIncWOldnR%2FPnWWgEnGVzGMJAFcsWQO4acM%2BTEkGcM%2BaDYk4mru2JfJs7H4Vmun%2BVGsWOyXrFnsp7SbDs9ZU9MtflDvIV1dVLtBqLe6UbNRr3TjKK4I5vtRqvTkiKUHdXsSDj65wLk%2FgfuKtikMXvq59%2BQTlwjP0LMD%2BGSQwh6FtxfBs8L8LUCm7qANPdd5rUm3bOedE2YPtLsIrKNynZyyp6ecml9cvc%2F5xW2QGoLvEMPGXrJ3Z1bJme7t0zu2DeraUZ92uQTD93OeKb%2B%2F8VraiM3Vi4vutHnL4sJMCnvva5ctsK1JN1z7MsFklLZJWOFYt8uuzdUfNO7tQVvtU9Xbr6ytNxPrXKOjC7B6fjaxxA0Zhc%2F%2FGn6OC5%2F9RLIlrC%2BQN%2BfywUyJUS6BZfOZs4w2GTWxylD7osdW49nw4khkpnu4HEB968%2BntXb7ns4KpA59hcAAAD%2F%2FwEAAP%2F%2Fc%2F%2FfQHkEAAA%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1664646343&pid=91283&sub2=icon&auid=0e1e41427b39aef27ec9ce80cfb93749&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: stunningruin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sat, 01 Oct 2022 17:45:46 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 78cf37ea58d28253382dc66cff969096
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3ac6b2ffa7527d2b4a73da615e7c2e6d
23510e23ed963463bd5b401f5a4b865015cf72a7
e6c40842ed4f61767f82457728ff9a8ef2bc92ffd74b4e70c1fd32553f3efdcf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6C40842ED4F61767F82457728FF9A8EF2BC92FFD74B4E70C1FD32553F3EFDCF"
Last-Modified: Fri, 30 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7455
Expires: Sat, 01 Oct 2022 19:50:01 GMT
Date: Sat, 01 Oct 2022 17:45:46 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Hash 70cf8250da1a25a7b445231428af7828
a849d338423d2919949340838c768bba90b9081c
b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 17:45:46 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Mon, 03 Oct 2022 17:45:46 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
IP
File type Web Open Font Format, TrueType, length 31900, version 1.1\012- data
Hash 1b285c8e5b7445a8e434b2cdf036bab2
c97d4772fbb5c5637d466b5f991bc7ec28830b32
09b979826f2ac158a63ba234042c66414c21282d0bb46eadc62c64a873778825
GET /themes/flow/frontend_assets/fonts/raleway_medium.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026; _ga=GA1.2.621788634.1664646339; _gid=GA1.2.1817065156.1664646339; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:48 GMT
content-type: font/woff
content-length: 31900
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c9c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4d9e5d22c41c745e1237b6a8f58756f2
7d143c8ca3cafa318c6beb8da012d4816becf4a8
e9e6289a2e38c8b2f1826993ac36885a4c9362b66ce5b4c70a7200270793a77f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E6289A2E38C8B2F1826993AC36885A4C9362B66CE5B4C70A7200270793A77F"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6854
Expires: Sat, 01 Oct 2022 19:40:03 GMT
Date: Sat, 01 Oct 2022 17:45:49 GMT
Connection: keep-alive
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
200 OK 30 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
IP
File type ASCII text, with very long lines (23470)
Hash 18ba4e51764e57722b329608511edae0
d2d4e9ce73d5bc88c945f8cca0d21d80f89a5da8
78a99d8d5f503fd55586f8934ee4cb3e5e4b48e5672196f680fc6e78ce77d4e6
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14cc1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
agagraveleran.com/icon?ctx=tnt2m6i6BypTxVFw1ZBs24MuAl6RSdXF79pIukUCfqIaBnqwsv8Vr0D2FGHUvhxg37x7ocmD91D1Lvj4sMuL8gDMgA5ltLiWea0kKP4SFMRdsAQYQHwCH2-tvDPeUHpublWOxZhVrxmSMp55mWvJhbNMDvOepCEG0TmS5IfYFBW60wsrqz75EbVkwUeQiOO3fpvh0aqfMSvlTapfPs_3zaa2gR2AoawcmaOAsE83GCjhlDglfMuEJVgFokS8ER6WoF2ZjwfIFvGvvC-lZNeYz-Runu2s_sAr&z=3317464
301 Moved Permanently 0 B URL HTTP/1.1 agagraveleran.com/icon?ctx=tnt2m6i6BypTxVFw1ZBs24MuAl6RSdXF79pIukUCfqIaBnqwsv8Vr0D2FGHUvhxg37x7ocmD91D1Lvj4sMuL8gDMgA5ltLiWea0kKP4SFMRdsAQYQHwCH2-tvDPeUHpublWOxZhVrxmSMp55mWvJhbNMDvOepCEG0TmS5IfYFBW60wsrqz75EbVkwUeQiOO3fpvh0aqfMSvlTapfPs_3zaa2gR2AoawcmaOAsE83GCjhlDglfMuEJVgFokS8ER6WoF2ZjwfIFvGvvC-lZNeYz-Runu2s_sAr&z=3317464
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /icon?ctx=tnt2m6i6BypTxVFw1ZBs24MuAl6RSdXF79pIukUCfqIaBnqwsv8Vr0D2FGHUvhxg37x7ocmD91D1Lvj4sMuL8gDMgA5ltLiWea0kKP4SFMRdsAQYQHwCH2-tvDPeUHpublWOxZhVrxmSMp55mWvJhbNMDvOepCEG0TmS5IfYFBW60wsrqz75EbVkwUeQiOO3fpvh0aqfMSvlTapfPs_3zaa2gR2AoawcmaOAsE83GCjhlDglfMuEJVgFokS8ER6WoF2ZjwfIFvGvvC-lZNeYz-Runu2s_sAr&z=3317464 HTTP/1.1
Host: agagraveleran.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 01 Oct 2022 17:45:49 GMT
Content-Length: 0
Connection: keep-alive
Location: https://outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash ad5950f0aede09c38aa4a4c3d04dec98
5c62cd4d194314118f634e2375a3a01dd9634a01
593a7f8bb53b4204a76178f930cc99313109b116eb8419dfef81f6aea376a36e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "593A7F8BB53B4204A76178F930CC99313109B116EB8419DFEF81F6AEA376A36E"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2615
Expires: Sat, 01 Oct 2022 18:29:24 GMT
Date: Sat, 01 Oct 2022 17:45:49 GMT
Connection: keep-alive
outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
200 OK 23 kB URL HTTP/2 outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 7a555faea541a27da9de79a0e67abf9b
c6650bdf11a8badb1f4ea8eff3003928c5df877f
170b360c4605bbcc8939aa230ff5bb5d274bb6163e50cf47c6e00d3284e4c01e
GET /www/images/7a555faea541a27da9de79a0e67abf9b.jpeg HTTP/1.1
Host: outsimiseara.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 17:45:49 GMT
content-type: image/jpeg
content-length: 23018
cache-control: max-age=86400
cf-bgj: h2pri
etag: "5e240fa2-59ea"
expires: Sun, 02 Oct 2022 13:58:33 GMT
last-modified: Sun, 19 Jan 2020 08:13:22 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 13634
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 753703a6ef71fab8-OSL
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
IP
GET /themes/flow/js/zeroClipboard/ZeroClipboard.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3bd2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.tmpl.min.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.tmpl.min.js
IP
GET /themes/flow/js/jquery.tmpl.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3cb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S956522225%3A1664646342785390&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqdKqqGWhfawi_-YibeyhM1OJCwqbqcnQNoQOa2UF-x6mp0KeZKIBS5Opb8NmF6O4syUt25Iw
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S956522225%3A1664646342785390&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqdKqqGWhfawi_-YibeyhM1OJCwqbqcnQNoQOa2UF-x6mp0KeZKIBS5Opb8NmF6O4syUt25Iw
IP
GET /v3/signin/identifier?dsh=S956522225%3A1664646342785390&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqdKqqGWhfawi_-YibeyhM1OJCwqbqcnQNoQOa2UF-x6mp0KeZKIBS5Opb8NmF6O4syUt25Iw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 17:45:42 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-0P_jBA-RCcPf5K2Ibnz2dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=JdevRKJStIYK3lBqUeZ1Re-rQGyExtRvinTPUtHssfOuXjzOjRYnCmzMDUFSi_j0wm7exJm-f0YUGGdHELy795QKEBwgq-7sfBO8SriGFI8WLuCZBA4bciHk3ZJ1FNSIrUrpwVzHUqv4m9QErBFQeEpM8bK2MBjL2LCB800Xs7M; expires=Sun, 02-Apr-2023 17:45:42 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload.js
IP
GET /themes/flow/js/jquery.fileupload.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-dbd4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: ijldGgNHVfdCff9cke6Zc3/rz/W0uvYTOlNOA6214mmYTjCRjmNbD75ukBnyaumRAa2iZQyFr/WjNtSigiOW2A==
date: Sat, 01 Oct 2022 17:45:42 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/gauge.min.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/gauge.min.js
IP
GET /themes/flow/frontend_assets/js/gauge.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45b8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
200 OK 0 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
IP
GET /?kzmmd=761186 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 188860
date: Sat, 01 Oct 2022 17:17:23 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 f4faeb517127841e7e64a20ebbade858.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: eW583w_dGSxAnt8lvGsmeeOHuijSvJNuiMyn9d_4EzQ8cebsn0OjdA==
age: 1698
X-Firefox-Spdy: h2
static.a-ads.com/a-ads-banners/406681/300x250?region=eu-central-1
200 OK 0 B URL HTTP/2 static.a-ads.com/a-ads-banners/406681/300x250?region=eu-central-1
IP
ASN #24940 Hetzner Online GmbH
GET /a-ads-banners/406681/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: image/gif
content-length: 621339
x-amz-id-2: VHUWm+q3hvIVGEH7K1Rd2eXxyEUvHvBkAfgc3zPJ6EVKLxiN9Rxjoz/eyfXcb9VLwMZ32ilSGA8=
x-amz-request-id: 2EJ72WYATG31JR29
x-amz-replication-status: COMPLETED
last-modified: Thu, 04 Aug 2022 08:12:39 GMT
etag: "c8694e7d5d3b9a928d4d57026ac2b68b"
cache-control: max-age=315360000
x-amz-version-id: 4E6UO4Ah7Y9Th7PfdrLCDL4YiygucdkX
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
IP
GET /themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-59d6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-1.11.0.min.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-1.11.0.min.js
IP
GET /themes/flow/js/jquery-1.11.0.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1787d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-ui.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-ui.js
IP
GET /themes/flow/js/jquery-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6a684"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-validate.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-validate.js
IP
GET /themes/flow/js/jquery.fileupload-validate.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-fea"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
IP
GET /themes/flow/frontend_assets/js/sticky/jquery.sticky.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1099"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
ad.a-ads.com/1811811?size=300x250
200 OK 0 B URL HTTP/2 ad.a-ads.com/1811811?size=300x250
IP
ASN #24940 Hetzner Online GmbH
GET /1811811?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:42 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megaup.net/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.dataTables.min.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.dataTables.min.js
IP
GET /themes/flow/js/jquery.dataTables.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-10fe4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/global.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/global.js
IP
GET /themes/flow/js/global.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-d59"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-ui.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-ui.js
IP
GET /themes/flow/js/jquery.fileupload-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-61ef"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-process.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-process.js
IP
GET /themes/flow/js/jquery.fileupload-process.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
IP
GET /themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
IP
GET /themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cdf"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
IP
GET /themes/flow/frontend_assets/css/isotope/isotope-style.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-af3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/load-image.min.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/load-image.min.js
IP
GET /themes/flow/js/load-image.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-9f2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.iframe-transport.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.iframe-transport.js
IP
GET /themes/flow/js/jquery.iframe-transport.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2427"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/canvas-to-blob.min.js
200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/canvas-to-blob.min.js
IP
GET /themes/flow/js/canvas-to-blob.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/18nhe/Construction.Simulator.Extended.Edition.part2.rar
Connection: keep-alive
Cookie: filehosting=6oekljahf41380e4p8hc1fo026
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 17:45:41 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-408"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
91.209.70.182
148.251.194.214
139.45.195.6
172.67.12.156
95.211.229.248
23.36.76.226
0.0.0.0