megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
91.209.70.182301 Moved Permanently 162 B URL HTTP/1.1 megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
IP 91.209.70.182:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 01 Oct 2022 22:22:26 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 24cdc937930ac2ef9c8f46ba1deabcc5
397417929951bf20f235d5f91510163ac213dc71
eb128aec099dbf1919ee5d965221e904ad3a2162583683cec44518640b505447
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB128AEC099DBF1919EE5D965221E904AD3A2162583683CEC44518640B505447"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2445
Expires: Sat, 01 Oct 2022 23:03:11 GMT
Date: Sat, 01 Oct 2022 22:22:26 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
13.224.103.25200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 13.224.103.25:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 21:59:10 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8455bcb2c0203b0c4ee93b610d75e69a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZRH50-C1
X-Amz-Cf-Id: nj7SUcV38Wv8Ldjk6boeBNTeoRP3pxTy9w8OJtSa3cAopwgjb5sSpA==
Age: 1396
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
13.224.103.9200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 13.224.103.9:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: FisERiIaHHYIMojKG34wg6aahN5wEcQIz9ffp6yFVPDBo3Oeeo6EZA==
age: 60839
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 8814816aa6512189fb73a0fbf1af861a
94061fe3845fe46cc2491d27ba3218c8c5b40773
1bccebbc673a31a235ad4324f10d520b334f36332cfe02792dce40d548410a48
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 22:22:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 30 Sep 2022 11:25:46 GMT
Expires: Fri, 07 Oct 2022 11:25:45 GMT
Etag: "94061fe3845fe46cc2491d27ba3218c8c5b40773"
Cache-Control: max-age=478398,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753898d92bfe0b49-OSL
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/main_logo_inverted.png
91.209.70.182200 OK 7.1 kB URL HTTP/2 megaup.net/themes/flow/images/main_logo_inverted.png
IP 91.209.70.182:0
File type PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d15526be10b904a6b48d1af04a10cc3
c09b6874359ac6d71db95593618a9acb55baa984
894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018
GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/loading_small.gif
91.209.70.182200 OK 184 kB URL HTTP/2 megaup.net/themes/flow/images/loading_small.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 64 x 64\012- data
Size 184 kB (184355 bytes)
Hash b0dd5b3af9c4c0644d7bddee83716209
30002468d0266b893b3559b8d0d260c6cbf0ad7c
2418224bb4d12c122ef3c54d2ee9edb5f6f28d539e91a166b0215553f8c7609d
GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash efb1a40fb842eb91b910093b42225a40
e1c4e44351107d440f9cd460ff468893f3856dff
87dd75d8277853e07954b7ffdfb7f13b61a1941c1bdaaf7269719182fdab6167
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87DD75D8277853E07954B7FFDFB7F13B61A1941C1BDAAF7269719182FDAB6167"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=487
Expires: Sat, 01 Oct 2022 22:30:34 GMT
Date: Sat, 01 Oct 2022 22:22:27 GMT
Connection: keep-alive
megaup.net/themes/flow/js/jquery.fileupload-resize.js
91.209.70.182200 OK 2.6 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-resize.js
IP 91.209.70.182:0
Hash 1e8acfb366e4862ae80a9dacca841cc8
7d8add0971c741b4303f7d60fa0785b8211bf406
1a18cd857e472b84e1ab43b21602d8de2c678c3c93df53740f9636f2fb562628
GET /themes/flow/js/jquery.fileupload-resize.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1f7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-validate.js
91.209.70.182200 OK 1.8 kB URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-validate.js
IP 91.209.70.182:0
Hash 3d1e662cefb3fda1e333ea0cebc48fd3
c362a6add970223a5c351f6425271dc1f1a90d21
c2c0dae646c3dc3e38ac9e8c561e5a48ccae309046ab1d2fae527abf58c2254d
GET /themes/flow/js/jquery.fileupload-validate.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-fea"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
altowriestwispy.com/tysaSHG1FMaM/18410
23.109.82.168200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 23.109.82.168:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 22:22:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 02-Oct-2022 22:22:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 02-Oct-2022 22:22:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
keydawnawe.com/gwZ1U5hjA8ii/32575
172.255.6.199200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 172.255.6.199:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 22:22:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 02-Oct-2022 22:22:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 02-Oct-2022 22:22:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
www.googletagmanager.com/gtag/js?id=UA-108868042-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash 967fd7e4deb4f41cc42c0a5a260ed11e
d0e687e2ba33eb2d31b2633e5060e06438bea9af
fbb8637a390325ba1f9ab82c2f64ed6a482b6c172f0b47b4264d10df4fa36695
GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 22:22:27 GMT
expires: Sat, 01 Oct 2022 22:22:27 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Oct 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42366
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2d3925dad8ae1248c7b5d96220bd00a
8b6326da45860d5f480504e23864de0c28523b61
421d30a538dc347afc7fc8eee0fa6502aa65d789eb2353eb9c9f8bd0c5f3b3d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 22:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
13.224.98.153200 OK 189 kB URL HTTP/2 dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
IP 13.224.98.153:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 189 kB (188852 bytes)
Hash 1a02217c9c259a0012360067af867c63
24ee813ea59fed6bfe2a257cd2e095050d79409c
696372bc22edb20a77bc12db3f62bbef808a0a94f56f70e9e88d66c55b7dd500
GET /?kzmmd=761186 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 188852
date: Sat, 01 Oct 2022 22:22:27 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b78.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: VZDJoDWNqSY5Xj66nPN7kwZUOX-Sm-r_XE2fLuD02nPmJdMabp_INw==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31836, version 1.1\012- data
Hash 4514fa5a5b3d1e0b14aa32a7d068124a
e634977bfabc20ed15fe7ed03d3876cf68834b93
5b0f118d658eacc5740b10b0dc2ebbd99ee8e8262c72ff29bfcda48c02b19861
GET /themes/flow/frontend_assets/fonts/raleway.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: font/woff
content-length: 31836
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c5c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
91.209.70.182200 OK 37 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (2241), with CRLF line terminators
Hash 87612722b3c61c40b483dc31b7e39e10
fb81f15c945a98c853366d58714ef29ff8ed16ad
06f337bcdc3cc67d4f1f0917534e863d65d0f448b4a6c243bf91e33b29e81b4d
GET /themes/flow/frontend_assets/js/nav/jquery.scrollTo.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-981"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
91.209.70.182200 OK 34 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (28941)
Hash f55e5528abc345eda623e713cd9dd71d
9ad5f9ce9c5291999d0e4bb6ebfac4956b1ce28c
07d54dada2be2b3ee11318f0deb5fba829101eced18f6dc493faf352fb47e438
GET /themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
91.209.70.182200 OK 1.0 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (1285)
Hash 64b770077942a5fd646ecb6e3f8d3975
cca2f2968ecdc117158abd982193da239b3bbe20
71c15d6708f3749418374e10e95ba17e8ca44d54e6a3e073b6bb6fd92973e891
GET /themes/flow/frontend_assets/js/animation/jquery.appear.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-5c6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 829e839c217bf861b8cf90c8d636f510
459714fcf0d374bdc078ef59d122d59bf9312c5f
36282e09bb25caf3d7350c4bee485cb87947aabc7d7409169caf15c2e75d8b7d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4448
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 22:22:27 GMT
Last-Modified: Sat, 01 Oct 2022 21:08:19 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c7ac9e29595749072622837820f8d808
191d4449aae47380468d57045d45cef96f6db384
bdb8c13be73e6d521c8a00aecfa51db277d908562bf1d31c675055f08868f215
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BDB8C13BE73E6D521C8A00AECFA51DB277D908562BF1D31C675055F08868F215"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8146
Expires: Sun, 02 Oct 2022 00:38:13 GMT
Date: Sat, 01 Oct 2022 22:22:27 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c7ac9e29595749072622837820f8d808
191d4449aae47380468d57045d45cef96f6db384
bdb8c13be73e6d521c8a00aecfa51db277d908562bf1d31c675055f08868f215
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BDB8C13BE73E6D521C8A00AECFA51DB277D908562BF1D31C675055F08868F215"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8146
Expires: Sun, 02 Oct 2022 00:38:13 GMT
Date: Sat, 01 Oct 2022 22:22:27 GMT
Connection: keep-alive
altowriestwispy.com/tysaSHG1FMaM/18410
23.109.82.168200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 23.109.82.168:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 22:22:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
begantotireo.xyz/ZnNxVUUHERI4egdOE3MwFB9McHcgVkMTIQseCz4jAktDIiQfHV82KQkGFTM3CR0FeysDB1RnAxI+HTEyNTYZBwokRwQxdT9WQxcDLiVUZwMkNCsXJi5HJAUUKx07Pg8XNBkUDzUZSW0HVQMnET8oSxM+HBI1OQNxIDcCBw8PSyE2FzMeOiJ8CyUYPjYzNAEQJwwLMhoHEkI9PjYfNRg6LDAKEhEPMUY5Gy5WHztlIkNBMx0GNwM3ZxBUFSYMBgUYO2EcIwMcBBJXRBIdDyUWMgcnKSIkIic3MR8WDSRWQxcnMTU0Nx0SBBI+D1I8Ggc8NwQdLQcuHzAMElYyKy1oBQc6ZC5SJSk6Cic0FRcgLhQ1D3UgBxQyDB40JToxMDcWHCc+A0E3LjweFBcUDycpPmMMAB47NVsZKRQ9Dj8+ZyI+MEU
143.204.55.80200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/ZnNxVUUHERI4egdOE3MwFB9McHcgVkMTIQseCz4jAktDIiQfHV82KQkGFTM3CR0FeysDB1RnAxI+HTEyNTYZBwokRwQxdT9WQxcDLiVUZwMkNCsXJi5HJAUUKx07Pg8XNBkUDzUZSW0HVQMnET8oSxM+HBI1OQNxIDcCBw8PSyE2FzMeOiJ8CyUYPjYzNAEQJwwLMhoHEkI9PjYfNRg6LDAKEhEPMUY5Gy5WHztlIkNBMx0GNwM3ZxBUFSYMBgUYO2EcIwMcBBJXRBIdDyUWMgcnKSIkIic3MR8WDSRWQxcnMTU0Nx0SBBI+D1I8Ggc8NwQdLQcuHzAMElYyKy1oBQc6ZC5SJSk6Cic0FRcgLhQ1D3UgBxQyDB40JToxMDcWHCc+A0E3LjweFBcUDycpPmMMAB47NVsZKRQ9Dj8+ZyI+MEU
IP 143.204.55.80:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash 0ff482ec53d2d7059a354e9b048821ed
a4aa2309ab3ea21ecbdde7886a40fd9f9ba49cf8
336cfadd63b3de590da68c5dfc00e52c50c48efebc8d3974cec5627d62582791
GET /ZnNxVUUHERI4egdOE3MwFB9McHcgVkMTIQseCz4jAktDIiQfHV82KQkGFTM3CR0FeysDB1RnAxI+HTEyNTYZBwokRwQxdT9WQxcDLiVUZwMkNCsXJi5HJAUUKx07Pg8XNBkUDzUZSW0HVQMnET8oSxM+HBI1OQNxIDcCBw8PSyE2FzMeOiJ8CyUYPjYzNAEQJwwLMhoHEkI9PjYfNRg6LDAKEhEPMUY5Gy5WHztlIkNBMx0GNwM3ZxBUFSYMBgUYO2EcIwMcBBJXRBIdDyUWMgcnKSIkIic3MR8WDSRWQxcnMTU0Nx0SBBI+D1I8Ggc8NwQdLQcuHzAMElYyKy1oBQc6ZC5SJSk6Cic0FRcgLhQ1D3UgBxQyDB40JToxMDcWHCc+A0E3LjweFBcUDycpPmMMAB47NVsZKRQ9Dj8+ZyI+MEU HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Sat, 01 Oct 2022 22:22:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UXWiPJachKJrgZ7le6SNPLVuN0-ULqsQFY2c3KjSDcFbcPtnNrJH2w==
X-Firefox-Spdy: h2
begantotireo.xyz/U2d3akgyBRQHdzJaFUw9IQtKT3oVQkUsLD4KDQEuN19FHSkqCVkJJDwSEww6PAkDRCY2E1JYDik9LxokHTEYLQ4CEyMwGhYzNjsgOjIcEh8RID0uDRE9FiQKBS80LSsCMjMZJQkOOiQAAB8nLA4JBDI/cHZVNT0NIyMgPjsfLyENHAMQBDAfEjVPKApnLzQtfRcjHzwpHjEQCQAVJk8oMBImJTkjGj81KB0JEBA8AGIQRSkaJyY1EjACMTE/GTIhITkAAjUFOw04CTItIAUhEBIqHx9GDB4kMh4yHSRRNlh9EjQkCRkyISIjDSslByANHTMwWDgeP0ZHKxU3JisSFwsHT3oVMQ0SEBEwAzwbPzYxC3gRLiE8BSkhD1IMBA49KxsQKjoIDScsJloKPTE2TCIgCBkadT41PV8JEDQOAi8aHTlZ
143.204.55.80200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/U2d3akgyBRQHdzJaFUw9IQtKT3oVQkUsLD4KDQEuN19FHSkqCVkJJDwSEww6PAkDRCY2E1JYDik9LxokHTEYLQ4CEyMwGhYzNjsgOjIcEh8RID0uDRE9FiQKBS80LSsCMjMZJQkOOiQAAB8nLA4JBDI/cHZVNT0NIyMgPjsfLyENHAMQBDAfEjVPKApnLzQtfRcjHzwpHjEQCQAVJk8oMBImJTkjGj81KB0JEBA8AGIQRSkaJyY1EjACMTE/GTIhITkAAjUFOw04CTItIAUhEBIqHx9GDB4kMh4yHSRRNlh9EjQkCRkyISIjDSslByANHTMwWDgeP0ZHKxU3JisSFwsHT3oVMQ0SEBEwAzwbPzYxC3gRLiE8BSkhD1IMBA49KxsQKjoIDScsJloKPTE2TCIgCBkadT41PV8JEDQOAi8aHTlZ
IP 143.204.55.80:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3022), with no line terminators
Hash ee1ad5ccb4b89be6e0fdd071c5f17dcf
c3bb8b00d893a58e1104c1a4c99cdcdb851e0470
f4dd027a97cb299d21b543f27eca006c5d08e9cc9191a88533f1e82f905f4487
GET /U2d3akgyBRQHdzJaFUw9IQtKT3oVQkUsLD4KDQEuN19FHSkqCVkJJDwSEww6PAkDRCY2E1JYDik9LxokHTEYLQ4CEyMwGhYzNjsgOjIcEh8RID0uDRE9FiQKBS80LSsCMjMZJQkOOiQAAB8nLA4JBDI/cHZVNT0NIyMgPjsfLyENHAMQBDAfEjVPKApnLzQtfRcjHzwpHjEQCQAVJk8oMBImJTkjGj81KB0JEBA8AGIQRSkaJyY1EjACMTE/GTIhITkAAjUFOw04CTItIAUhEBIqHx9GDB4kMh4yHSRRNlh9EjQkCRkyISIjDSslByANHTMwWDgeP0ZHKxU3JisSFwsHT3oVMQ0SEBEwAzwbPzYxC3gRLiE8BSkhD1IMBA49KxsQKjoIDScsJloKPTE2TCIgCBkadT41PV8JEDQOAi8aHTlZ HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1177
date: Sat, 01 Oct 2022 22:22:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: omIXAfccHkF3tSQUv-7pus4NIfaTztq-r1zTVj1ZM96nq242eGx8KA==
X-Firefox-Spdy: h2
keydawnawe.com/gwZ1U5hjA8ii/32575
172.255.6.199200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 172.255.6.199:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 22:22:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
begantotireo.xyz/aVgwNGcIOlNZWAhlUhISGzQNEVUvfQJyAwQ1Sl8BDWACQwYQNh5XCwYtVFIVBjZEGgkMLBUGIQ0WZVghJx5cYy0ALGNuDCw/eWULARoDTF8rD1dgLhMCUnpXP2h5Xy0OO2JTCDMiZgckDjRdUlcsInllCxkdSWEMPjIEfQUQGlF7AAFsaQUyUA4DZh8sMQFyLQBsenghGix5ci4eD0lDDywxSGEDKjBSfVYeNHtiMVEaRw0QLjVbZQJaDVN9NjtsaXUECx14QFY+HHJWNy1oYlUQPCBWZS4uGQMFACsgQ2UCWg53eB8rbnJ1Vh8fA1gULA9DcisAdXJsKgUoQ1BUIypybA9YGndTIQwfcXMGPxVXelYsfQJyMAMeV3YPURVWBhQsPgB2Vw0ZFl4UBjZACQAfYXRlCjo0cncrOw
143.204.55.80200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/aVgwNGcIOlNZWAhlUhISGzQNEVUvfQJyAwQ1Sl8BDWACQwYQNh5XCwYtVFIVBjZEGgkMLBUGIQ0WZVghJx5cYy0ALGNuDCw/eWULARoDTF8rD1dgLhMCUnpXP2h5Xy0OO2JTCDMiZgckDjRdUlcsInllCxkdSWEMPjIEfQUQGlF7AAFsaQUyUA4DZh8sMQFyLQBsenghGix5ci4eD0lDDywxSGEDKjBSfVYeNHtiMVEaRw0QLjVbZQJaDVN9NjtsaXUECx14QFY+HHJWNy1oYlUQPCBWZS4uGQMFACsgQ2UCWg53eB8rbnJ1Vh8fA1gULA9DcisAdXJsKgUoQ1BUIypybA9YGndTIQwfcXMGPxVXelYsfQJyMAMeV3YPURVWBhQsPgB2Vw0ZFl4UBjZACQAfYXRlCjo0cncrOw
IP 143.204.55.80:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash e5e1372bf2738cddbd60d49e44229c54
f279401b3477a0431a6489dc73a29847ef988144
c52164195fce9094f91845a01c9ccbc972f57f9b4f99c5e663112f555ddbf720
GET /aVgwNGcIOlNZWAhlUhISGzQNEVUvfQJyAwQ1Sl8BDWACQwYQNh5XCwYtVFIVBjZEGgkMLBUGIQ0WZVghJx5cYy0ALGNuDCw/eWULARoDTF8rD1dgLhMCUnpXP2h5Xy0OO2JTCDMiZgckDjRdUlcsInllCxkdSWEMPjIEfQUQGlF7AAFsaQUyUA4DZh8sMQFyLQBsenghGix5ci4eD0lDDywxSGEDKjBSfVYeNHtiMVEaRw0QLjVbZQJaDVN9NjtsaXUECx14QFY+HHJWNy1oYlUQPCBWZS4uGQMFACsgQ2UCWg53eB8rbnJ1Vh8fA1gULA9DcisAdXJsKgUoQ1BUIypybA9YGndTIQwfcXMGPxVXelYsfQJyMAMeV3YPURVWBhQsPgB2Vw0ZFl4UBjZACQAfYXRlCjo0cncrOw HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1170
date: Sat, 01 Oct 2022 22:22:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fGE8H2irJI4x4y0BQQRlX0M41jeflvrlTVewK5RtEaGX2YmYbkiaxw==
X-Firefox-Spdy: h2
begantotireo.xyz/aE45dGIJLFoZXQlzW1IXGiIEUVAuawsyBgUjQx8EDHYLAwMRIBcXDgc7XRIQByBNWgwNOhxGJA4XVCI6Pgt0NiECJUASIDEDdEYOXhhVDBQxIF0xJhEfDjgwIhdzICcADGhAOCk3YDo0EgdtLjAxKHRGDhIceB9QJydrEjMSBw89JFEbWiA3Bg9/HAgLJGAwNSwhDjszGwR2DjQFG3o6Cw0gdzw0WioBO1MmG1oZASocCBAMJw1WOScrd0EXNCEqW0YrCxh/MhsyOX88NFotVDo3DBl/GVNZGn8iR1oMWiwkOw9TPVEjDwg1ODoEQSEOOiBjPCg7GHFZKAUtTiUvIhp8GCY6f0AuBT4sbEcOAxRrEDsyKR8eEQcgSUkQDSxeHyw/K1ZGBy8
143.204.55.80200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/aE45dGIJLFoZXQlzW1IXGiIEUVAuawsyBgUjQx8EDHYLAwMRIBcXDgc7XRIQByBNWgwNOhxGJA4XVCI6Pgt0NiECJUASIDEDdEYOXhhVDBQxIF0xJhEfDjgwIhdzICcADGhAOCk3YDo0EgdtLjAxKHRGDhIceB9QJydrEjMSBw89JFEbWiA3Bg9/HAgLJGAwNSwhDjszGwR2DjQFG3o6Cw0gdzw0WioBO1MmG1oZASocCBAMJw1WOScrd0EXNCEqW0YrCxh/MhsyOX88NFotVDo3DBl/GVNZGn8iR1oMWiwkOw9TPVEjDwg1ODoEQSEOOiBjPCg7GHFZKAUtTiUvIhp8GCY6f0AuBT4sbEcOAxRrEDsyKR8eEQcgSUkQDSxeHyw/K1ZGBy8
IP 143.204.55.80:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2996), with no line terminators
Hash f70a24c8b3e170e0fd0f207c5d0178dc
1d84dad6775389c01a559e3cd3557924d34145fd
135c11eabf6698dcfaf63a6b673c1010bff3f5a5272a23cd1bb92dd634e46354
GET /aE45dGIJLFoZXQlzW1IXGiIEUVAuawsyBgUjQx8EDHYLAwMRIBcXDgc7XRIQByBNWgwNOhxGJA4XVCI6Pgt0NiECJUASIDEDdEYOXhhVDBQxIF0xJhEfDjgwIhdzICcADGhAOCk3YDo0EgdtLjAxKHRGDhIceB9QJydrEjMSBw89JFEbWiA3Bg9/HAgLJGAwNSwhDjszGwR2DjQFG3o6Cw0gdzw0WioBO1MmG1oZASocCBAMJw1WOScrd0EXNCEqW0YrCxh/MhsyOX88NFotVDo3DBl/GVNZGn8iR1oMWiwkOw9TPVEjDwg1ODoEQSEOOiBjPCg7GHFZKAUtTiUvIhp8GCY6f0AuBT4sbEcOAxRrEDsyKR8eEQcgSUkQDSxeHyw/K1ZGBy8 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1154
date: Sat, 01 Oct 2022 22:22:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: i5EczNulOsIngB7bPkH_SU4wkIaejI695Cd9cfdMloMsFqKK-ZttJg==
X-Firefox-Spdy: h2
begantotireo.xyz/WW5FNXc4DCZYSDhTJxMCKwJ4EEUfS3dzEzQDP14RPVZ3QhYgAGtWGzYbIVMFNgAxGxk8GmAHMWg4AXMhCDt9Bi8zHStWNBs3CG0PbTciYxw9NnBMICA3MHwkCCMPZCY8J3V/GRU/InAmMz8rVCQbIghtD3xcA1YbaV4JTB8pKD90ARUpLnQUIC83exAhBh9PBDI2LwBPEj10YDogIyl4IhwDCXIcMTsCUgQQLXBsOApeMFYmFDohcjEyKAJRDwMXMnQtHjx9cx8LACZmOmA2PHRCOAMcdzsBAnB2AD0GH30ADigCUQ8JPQxgLT4sd2wfYAIkcgc0LxEYPjIiAQwSOiYIfy0+KC5WL2ACBGIlMggSZy8JKghEOjVaMW8/aT0GcjkvCHZ/MjgmBBMdKgErRUopKxRCBGsCAmUEOAg
143.204.55.80200 OK 1.2 kB URL HTTP/2 begantotireo.xyz/WW5FNXc4DCZYSDhTJxMCKwJ4EEUfS3dzEzQDP14RPVZ3QhYgAGtWGzYbIVMFNgAxGxk8GmAHMWg4AXMhCDt9Bi8zHStWNBs3CG0PbTciYxw9NnBMICA3MHwkCCMPZCY8J3V/GRU/InAmMz8rVCQbIghtD3xcA1YbaV4JTB8pKD90ARUpLnQUIC83exAhBh9PBDI2LwBPEj10YDogIyl4IhwDCXIcMTsCUgQQLXBsOApeMFYmFDohcjEyKAJRDwMXMnQtHjx9cx8LACZmOmA2PHRCOAMcdzsBAnB2AD0GH30ADigCUQ8JPQxgLT4sd2wfYAIkcgc0LxEYPjIiAQwSOiYIfy0+KC5WL2ACBGIlMggSZy8JKghEOjVaMW8/aT0GcjkvCHZ/MjgmBBMdKgErRUopKxRCBGsCAmUEOAg
IP 143.204.55.80:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash e512f6e48bfbea36268385e6410bca70
062336d24c238dc9e5745c5987e0a1a83353e7fb
f456ab562b1bff3a4c90bf85644a5811467d45273e110dbba3cd3c2a67a7f919
GET /WW5FNXc4DCZYSDhTJxMCKwJ4EEUfS3dzEzQDP14RPVZ3QhYgAGtWGzYbIVMFNgAxGxk8GmAHMWg4AXMhCDt9Bi8zHStWNBs3CG0PbTciYxw9NnBMICA3MHwkCCMPZCY8J3V/GRU/InAmMz8rVCQbIghtD3xcA1YbaV4JTB8pKD90ARUpLnQUIC83exAhBh9PBDI2LwBPEj10YDogIyl4IhwDCXIcMTsCUgQQLXBsOApeMFYmFDohcjEyKAJRDwMXMnQtHjx9cx8LACZmOmA2PHRCOAMcdzsBAnB2AD0GH30ADigCUQ8JPQxgLT4sd2wfYAIkcgc0LxEYPjIiAQwSOiYIfy0+KC5WL2ACBGIlMggSZy8JKghEOjVaMW8/aT0GcjkvCHZ/MjgmBBMdKgErRUopKxRCBGsCAmUEOAg HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Sat, 01 Oct 2022 22:22:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _TLPtZUB25J8phdYJ0qE5E3DY_4hBAVERcNbJKaoWzP2f5LWfj8E6w==
X-Firefox-Spdy: h2
medadelem.xyz/a3lrVzhERggkBQ9JDzx1Wz8vM24cOg88YhwvHCcIOiFSAXtYOE0jUQ9EXGEJWkFdcUgCHVZmHhgNCiNNGERacVEFHwRqHh1EWnkLX1dZbhZbXx5qCU0NGzZfVkhNJ0wfFVZmDl1NXWEKUk1YbghY
172.67.189.15204 No Content 0 B URL HTTP/2 medadelem.xyz/a3lrVzhERggkBQ9JDzx1Wz8vM24cOg88YhwvHCcIOiFSAXtYOE0jUQ9EXGEJWkFdcUgCHVZmHhgNCiNNGERacVEFHwRqHh1EWnkLX1dZbhZbXx5qCU0NGzZfVkhNJ0wfFVZmDl1NXWEKUk1YbghY
IP 172.67.189.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a3lrVzhERggkBQ9JDzx1Wz8vM24cOg88YhwvHCcIOiFSAXtYOE0jUQ9EXGEJWkFdcUgCHVZmHhgNCiNNGERacVEFHwRqHh1EWnkLX1dZbhZbXx5qCU0NGzZfVkhNJ0wfFVZmDl1NXWEKUk1YbghY HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rk9b1C8mmWAUebI8a1sazw%2BF%2FSPjPnCuPSKQXzC%2F7e1mp27VyHbSUcv0fO5mQxJLWgVmoyms5liyJDi8SvJMmjAMnY0q1ZmKCT4kkWBKPiDc6ZUK0aAdMGI9636iU7qJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 753898decc01b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/UW9TTXR+UDA+STACBXkQYyUyGCElPwV8GAA7BhshBgMFASUHDHU5HTVSanlNaVlnawQ4C258THccJywAJBxufFI4ATUiSXcZbnxaYUFhY0R3Gm58UiUfMipJYEkjOQA9UmJ7QmVZZX9NZVxqfkE
172.67.189.15204 No Content 0 B URL HTTP/2 medadelem.xyz/UW9TTXR+UDA+STACBXkQYyUyGCElPwV8GAA7BhshBgMFASUHDHU5HTVSanlNaVlnawQ4C258THccJywAJBxufFI4ATUiSXcZbnxaYUFhY0R3Gm58UiUfMipJYEkjOQA9UmJ7QmVZZX9NZVxqfkE
IP 172.67.189.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UW9TTXR+UDA+STACBXkQYyUyGCElPwV8GAA7BhshBgMFASUHDHU5HTVSanlNaVlnawQ4C258THccJywAJBxufFI4ATUiSXcZbnxaYUFhY0R3Gm58UiUfMipJYEkjOQA9UmJ7QmVZZX9NZVxqfkE HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TLSCkng4bwg7yXYJhYz%2B7%2FbIAjdGQRLaItw97fSluNUo4lvF0h293X5ioJdRDUQcgaBEjHgqxH5lydzkwjn9YNBrpwahaeR5aSR%2BYGvej38RreDfDJCFDPOW5gTRWnNw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 753898dedc03b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/WGpYZ1R3VTsUaQFZKB8xHyAKMxEKJg5WHhU5DR81DS9pIAA0M34TPTxXb1FgaV5pQSQxDmVWciseORMhK1dpQT02DDdaci5XaUlnbERqXnpoTC1aZX4eKAYzZVt+FyAsBmVWYm5eblFmYV5rXmBu
172.67.189.15204 No Content 0 B URL HTTP/2 medadelem.xyz/WGpYZ1R3VTsUaQFZKB8xHyAKMxEKJg5WHhU5DR81DS9pIAA0M34TPTxXb1FgaV5pQSQxDmVWciseORMhK1dpQT02DDdaci5XaUlnbERqXnpoTC1aZX4eKAYzZVt+FyAsBmVWYm5eblFmYV5rXmBu
IP 172.67.189.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WGpYZ1R3VTsUaQFZKB8xHyAKMxEKJg5WHhU5DR81DS9pIAA0M34TPTxXb1FgaV5pQSQxDmVWciseORMhK1dpQT02DDdaci5XaUlnbERqXnpoTC1aZX4eKAYzZVt+FyAsBmVWYm5eblFmYV5rXmBu HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=61EZeyxPY83bVZvVE8SWvjIp6r2i4ijZ6nYlEUVrVcxl81DmqJhdvKVzF2rITtcyUwNVLxP6H%2FHeV7yaIjEvjR6XFav7SoOp%2B0%2FyXjyV9GF9rdGi9FBr21NOQyXrTTNB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 753898dedc0db4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/RU1VNndqcjZFShwVJQQidh8DZ0dwJgFgOQwcOEIwEhgbeRZ1fXNCHiFwbQRCfHxkEAcsKWgFRWM+IVcDMD5oBEd1enNfGSMiaARRM3BlGE9rfGUYR2M4aAdRMT00UUp0ayVCAylwZABBcXtjBE5xfmwERw
172.67.189.15204 No Content 0 B URL HTTP/2 medadelem.xyz/RU1VNndqcjZFShwVJQQidh8DZ0dwJgFgOQwcOEIwEhgbeRZ1fXNCHiFwbQRCfHxkEAcsKWgFRWM+IVcDMD5oBEd1enNfGSMiaARRM3BlGE9rfGUYR2M4aAdRMT00UUp0ayVCAylwZABBcXtjBE5xfmwERw
IP 172.67.189.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RU1VNndqcjZFShwVJQQidh8DZ0dwJgFgOQwcOEIwEhgbeRZ1fXNCHiFwbQRCfHxkEAcsKWgFRWM+IVcDMD5oBEd1enNfGSMiaARRM3BlGE9rfGUYR2M4aAdRMT00UUp0ayVCAylwZABBcXtjBE5xfmwERw HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dyk3TrqXU0vWUnAED0kJqxO6GBGONrkiOCB4rx5zcg8znNvQmj5E5gKMD1ReeyEOUZZHsxWktsAji%2BRjdBraHkZc4afJF1rkUl6bVBR9Yn0bv8CJUV%2Fxigv6NF00Rl8D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 753898dedc11b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/cHQ0M0dfS1dAej4ifQIKNht1aTATNVVidhg1ZVstMTN5ewUnHxJHLhRJDARxQ0UMFTcZEAkBflYHQFIzBQcJAmEZGlJcelYCCQJpQFoCA2lAUkEOdlYARFIgTUUSQzMEGAkCcUZAAgV1SUAHCnVI
172.67.189.15204 No Content 0 B URL HTTP/2 medadelem.xyz/cHQ0M0dfS1dAej4ifQIKNht1aTATNVVidhg1ZVstMTN5ewUnHxJHLhRJDARxQ0UMFTcZEAkBflYHQFIzBQcJAmEZGlJcelYCCQJpQFoCA2lAUkEOdlYARFIgTUUSQzMEGAkCcUZAAgV1SUAHCnVI
IP 172.67.189.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cHQ0M0dfS1dAej4ifQIKNht1aTATNVVidhg1ZVstMTN5ewUnHxJHLhRJDARxQ0UMFTcZEAkBflYHQFIzBQcJAmEZGlJcelYCCQJpQFoCA2lAUkEOdlYARFIgTUUSQzMEGAkCcUZAAgV1SUAHCnVI HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMl2SCErjM0gcim56YIjqiZM3hzh3GEcTEVicrG3TMZQ8aMaFJetf4sCutfOmWQEX900yHZjOpLblNd0Rc0ySFV22HGQbYxXyKl%2FKzmW%2Fn%2BE%2FgJz9tWAWZymFDFnkQMg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 753898dedc15b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
medadelem.xyz/RGhINTBrVytGDRJYHkdmAD4iU3YKAgxyZncwekJ4JlswYVIFH25BWSBVcAcFfVl5E0AtDHUGAmIbPFREMRt1BBYtBi5aDWIedQUefEZ5BR50Tj0IAWIcOFRXeVluRUQwBHUEBnJcfgMCfVx7DAF8
172.67.189.15204 No Content 0 B URL HTTP/2 medadelem.xyz/RGhINTBrVytGDRJYHkdmAD4iU3YKAgxyZncwekJ4JlswYVIFH25BWSBVcAcFfVl5E0AtDHUGAmIbPFREMRt1BBYtBi5aDWIedQUefEZ5BR50Tj0IAWIcOFRXeVluRUQwBHUEBnJcfgMCfVx7DAF8
IP 172.67.189.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RGhINTBrVytGDRJYHkdmAD4iU3YKAgxyZncwekJ4JlswYVIFH25BWSBVcAcFfVl5E0AtDHUGAmIbPFREMRt1BBYtBi5aDWIedQUefEZ5BR50Tj0IAWIcOFRXeVluRUQwBHUEBnJcfgMCfVx7DAF8 HTTP/1.1
Host: medadelem.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zoxSZjCBtr90OOdYHsjlgqJdy0lE04PfTIhUNBELAex%2FlotZc7a2OwMdL9zvsf6QcA3z8Q9eS%2FzQO%2FtWuZE9ErvcUj8P3XEXmGvo8uCKgMDetDZxAJBSv%2FI85Kb34j9O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 753898defc2fb4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/imageads/016.gif
91.209.70.182200 OK 182 kB URL HTTP/2 megaup.net/imageads/016.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 182 kB (182335 bytes)
Hash 1e5d4c866ac2251f3c1b3a1f41635342
28ffd76be745c43788989dd90e67c6c288cb7b91
34da64ce06a53d70447caffc449bfc4e4c0182df2e26ae86c58075c53f523f00
GET /imageads/016.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: image/gif
content-length: 182335
last-modified: Mon, 08 Mar 2021 17:23:54 GMT
vary: Accept-Encoding
etag: "60465daa-2c83f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c7ac9e29595749072622837820f8d808
191d4449aae47380468d57045d45cef96f6db384
bdb8c13be73e6d521c8a00aecfa51db277d908562bf1d31c675055f08868f215
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BDB8C13BE73E6D521C8A00AECFA51DB277D908562BF1D31C675055F08868F215"
Last-Modified: Thu, 29 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8146
Expires: Sun, 02 Oct 2022 00:38:13 GMT
Date: Sat, 01 Oct 2022 22:22:27 GMT
Connection: keep-alive
push.services.mozilla.com/
52.39.175.179101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.175.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yehhQleZvgfgJxEoOesAEw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TZeOqxa6gm6l/t//A18QawWTTRE=
platform.bidgear.com/media/img/b15.png
104.26.2.107200 OK 649 B URL HTTP/2 platform.bidgear.com/media/img/b15.png
IP 104.26.2.107:0
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash d832fb80c97ff291b952757bb98240d2
63732e61a0784ed68fde494f83e4686a5c4bf7fa
7b35c11af8accdb40a14303dd3ae2762a97d2527933c56b6c9be6da2d0d11943
GET /media/img/b15.png HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: image/png
content-length: 649
last-modified: Mon, 25 Jul 2022 09:43:33 GMT
etag: "62de65c5-289"
expires: Sun, 23 Oct 2022 09:44:55 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 736634
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XbsEgjK45x1tMGQjFXz373EuqZ2hKYTgyiwwgLqPaTSq%2FBysC9GW%2FVPU4luhdM6MNUvmfxYylLVy9wr1GGp1yVQtTYrNaGYBOxw37ohmdqpOhjHnsw1SXJ4OiHr8rTvVjEdsLrt9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 753898e078e4b509-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 159b79ad1ea6b5775e183f7cec043b4e
7defc3d25de90faf616497445c285e020627ba6c
805c0543d34ebb9710b2aa73d0cb38358831c630e7361fc38079b0c6ede4c3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "805C0543D34EBB9710B2AA73D0CB38358831C630E7361FC38079B0C6EDE4C3D1"
Last-Modified: Thu, 29 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4992
Expires: Sat, 01 Oct 2022 23:45:39 GMT
Date: Sat, 01 Oct 2022 22:22:27 GMT
Connection: keep-alive
platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664662944086
104.26.2.107200 OK 26 kB URL HTTP/2 platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664662944086
IP 104.26.2.107:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (4445), with no line terminators
Hash ec30040c3fd77428cdcf2ed64cbefcec
25899fd15d1f67b9c574377c85cd700a44595517
927349de0d1e94e69119cee481130ed6eca3f78a3d45c15eb549f6d6b5e6c163
GET /async.php?domainid=5593&sizeid=12&zoneid=6192&k=1664662944086 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AcfQ9e%2B1ybb4PRqWT%2Fh09vXRCkSxaE2H4L4fH%2FLXwRnJet0ZbprBhsPDOOMfB5tRHXn5W80xLvdyxn%2Bq7mCLLtSrLN2Or%2Fn6ZKwSm8wVzJOeKAtKdWvRsbPM1TfLV%2Bdv6pTRsKky"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 753898dfbfedb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/tMldwSEhROB4ud0Y+FHV/BGZBcH4UPQMnJkJqGhAJSj88B3pVDzN8bkYtFHV4FDsRJi8PcRUmKw9mViksUGpEbjxCOBt1LksyFioiVycDJW5HNk0lJ0g+HCQpF2U2fWYCckJ4YEpmQW17cHJCeCRbOQUwbQBnCHB+bWFEbXtwckJ4OkRyQwlxBHlAYW0AZx-ctK1k4VXoOAGdBeHgDZ0FtegIxGTotVDgIbXp0bkZmeBQiTXk
13.224.98.153200 OK 594 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/tMldwSEhROB4ud0Y+FHV/BGZBcH4UPQMnJkJqGhAJSj88B3pVDzN8bkYtFHV4FDsRJi8PcRUmKw9mViksUGpEbjxCOBt1LksyFioiVycDJW5HNk0lJ0g+HCQpF2U2fWYCckJ4YEpmQW17cHJCeCRbOQUwbQBnCHB+bWFEbXtwckJ4OkRyQwlxBHlAYW0AZx-ctK1k4VXoOAGdBeHgDZ0FtegIxGTotVDgIbXp0bkZmeBQiTXk
IP 13.224.98.153:0
File type ASCII text, with very long lines (828), with no line terminators
Hash 6d3100e77a90fb0f9159b55f4452a105
bf97b334b939a471e1c7fd695c49a009acb6fbe8
d8a0e90073b77633d804afd26eec733fe9822c7680c92a601f04402469f47be4
GET /tMldwSEhROB4ud0Y+FHV/BGZBcH4UPQMnJkJqGhAJSj88B3pVDzN8bkYtFHV4FDsRJi8PcRUmKw9mViksUGpEbjxCOBt1LksyFioiVycDJW5HNk0lJ0g+HCQpF2U2fWYCckJ4YEpmQW17cHJCeCRbOQUwbQBnCHB+bWFEbXtwckJ4OkRyQwlxBHlAYW0AZx-ctK1k4VXoOAGdBeHgDZ0FtegIxGTotVDgIbXp0bkZmeBQiTXk HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 594
date: Sat, 01 Oct 2022 22:22:27 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b78.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: rOvSd2A4yRflzIulW4RWyTc2X7ImUfa9PV5uaS7NWgCQNvNpHZM9xQ==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
91.209.70.182200 OK 951 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
IP 91.209.70.182:0
File type PNG image data, 114 x 114, 8-bit colormap, non-interlaced\012- data
Hash 76852bc6b2c028db97322a74e85bd020
ed52fb4de0d51f93277bbaae42fa80ba5f92c31e
8a5ef2ef8440c17db1b1b539065ba4a887e07a2c508b79c2d1659512e9016884
GET /themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: image/png
content-length: 951
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-3b7"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/dNUlFNFlWJitSZkEgIQlhB3x8BWgTIzZbN0V0IkJgcRgoZzV3Cglmf0EzIQlpEyUkWj4IbyBaOgh4Y1U9V3RxEi1FJi4JLFstIFIwWywhEixUdChbI1wlKVV8Bw9wGmkQe3UcIQR4YAcbEHt1WDBbPD0RawUxfQIGA31gBxsQe3VGLxB6BA1vG3lsEWsFLi-BXMlpsd3JrBXh1BGgFeGAGaVMgN1E/WjFgBh8Mf2sEf0B0dA
13.224.98.153200 OK 355 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/dNUlFNFlWJitSZkEgIQlhB3x8BWgTIzZbN0V0IkJgcRgoZzV3Cglmf0EzIQlpEyUkWj4IbyBaOgh4Y1U9V3RxEi1FJi4JLFstIFIwWywhEixUdChbI1wlKVV8Bw9wGmkQe3UcIQR4YAcbEHt1WDBbPD0RawUxfQIGA31gBxsQe3VGLxB6BA1vG3lsEWsFLi-BXMlpsd3JrBXh1BGgFeGAGaVMgN1E/WjFgBh8Mf2sEf0B0dA
IP 13.224.98.153:0
File type ASCII text, with very long lines (452), with no line terminators
Hash 96078d59da33ddc4b48bc74dcbd6ed38
e771aac76c82fa06a9612f000a13a7905a7e71a2
24eb9708616a999ec511b414676f3d7577b323bce49b9fac0851aa593f20ee2d
GET /dNUlFNFlWJitSZkEgIQlhB3x8BWgTIzZbN0V0IkJgcRgoZzV3Cglmf0EzIQlpEyUkWj4IbyBaOgh4Y1U9V3RxEi1FJi4JLFstIFIwWywhEixUdChbI1wlKVV8Bw9wGmkQe3UcIQR4YAcbEHt1WDBbPD0RawUxfQIGA31gBxsQe3VGLxB6BA1vG3lsEWsFLi-BXMlpsd3JrBXh1BGgFeGAGaVMgN1E/WjFgBh8Mf2sEf0B0dA HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 355
date: Sat, 01 Oct 2022 22:22:28 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b78.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: Ov5m9VaF2HvzSw4fc_6zLeKWInW0JUoKglJaXOOdFlWO63lsvpn0AA==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
91.209.70.182200 OK 59 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (464), with CRLF line terminators
Hash 4f3777e21e8016e8dcec382b83bdd3f5
7aa743d921d2198918b9ce1b2452ab0c6d18d88e
7f8e40c2dc5d933df665ace6d2e2c3ae149e5d5df7cb4aec7681ba5d478b0d05
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-303b2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/zZXplNVoGFQtTZRETAQhiUkxWBGJDEBZaNBVHCGcQUDsmZiMNHSxPFFZcEU8+WEpDWTsLHVgTPwsZWAR8BB4HCG5DDhVaMVgcHFA8BxAARSkIXBBUZwgVH1w2CRtABxxQVFUQaFVSHQRrQEknEGhVFgxbLx1fVwUiXUw6A25ASScQaFUIExBpJENTG2pMX1-cFPQAZDlp/VzxXBWtVSlQFa0BIVVMzFx8DWiJASCMMbEtKQ0BnVA
13.224.98.153200 OK 459 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/zZXplNVoGFQtTZRETAQhiUkxWBGJDEBZaNBVHCGcQUDsmZiMNHSxPFFZcEU8+WEpDWTsLHVgTPwsZWAR8BB4HCG5DDhVaMVgcHFA8BxAARSkIXBBUZwgVH1w2CRtABxxQVFUQaFVSHQRrQEknEGhVFgxbLx1fVwUiXUw6A25ASScQaFUIExBpJENTG2pMX1-cFPQAZDlp/VzxXBWtVSlQFa0BIVVMzFx8DWiJASCMMbEtKQ0BnVA
IP 13.224.98.153:0
File type ASCII text, with very long lines (594), with no line terminators
Hash 30422872aa2c3d6b5b6233f4df4f9533
7fe33bde6ab0c3c2d915668a3bf28c3d525d8ada
95edc26b3ebe4c0261736c1118df125520ba3adc05857b3f96cc0d3d29547330
GET /zZXplNVoGFQtTZRETAQhiUkxWBGJDEBZaNBVHCGcQUDsmZiMNHSxPFFZcEU8+WEpDWTsLHVgTPwsZWAR8BB4HCG5DDhVaMVgcHFA8BxAARSkIXBBUZwgVH1w2CRtABxxQVFUQaFVSHQRrQEknEGhVFgxbLx1fVwUiXUw6A25ASScQaFUIExBpJENTG2pMX1-cFPQAZDlp/VzxXBWtVSlQFa0BIVVMzFx8DWiJASCMMbEtKQ0BnVA HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 459
date: Sat, 01 Oct 2022 22:22:28 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b78.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: C5DeITmCC4TmLNRWX40E0trhsMIKA4JgV4yf-ym7bThTLlISVTB7Ig==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/1VDFVQU83XjsncCBYMXx4YgVkdX5yWyYuISQMJQQeI0JnLQgEQjQnaSBLMXx/cl00LyhpFzAvLGkAcyArNgxhZzskXj58KS1UMyMlMUEmLGkhUGgsIC5YOS0ucQMTdGFkFGdxZywAZGR8FhRncSM9XyA5amYBLXl5CwdhZHwWFGdxPSIUZgB2Yh9laGpmAT-IkLD9ecHMJZgFkcX9lAWRkfWRXPDMqMl4tZH0SCGNvf3JEaHA
13.224.98.153200 OK 595 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/1VDFVQU83XjsncCBYMXx4YgVkdX5yWyYuISQMJQQeI0JnLQgEQjQnaSBLMXx/cl00LyhpFzAvLGkAcyArNgxhZzskXj58KS1UMyMlMUEmLGkhUGgsIC5YOS0ucQMTdGFkFGdxZywAZGR8FhRncSM9XyA5amYBLXl5CwdhZHwWFGdxPSIUZgB2Yh9laGpmAT-IkLD9ecHMJZgFkcX9lAWRkfWRXPDMqMl4tZH0SCGNvf3JEaHA
IP 13.224.98.153:0
File type ASCII text, with very long lines (828), with no line terminators
Hash 4a43c11620ce4622eaa7462e8cf05293
a0f7cb3f2b41f7eda0c6b38082a7e2d41dc3bbdc
3d12407751f4df16c352bb360d1d58c05dcd1d579b7b99e936bfdec3754f7637
GET /1VDFVQU83XjsncCBYMXx4YgVkdX5yWyYuISQMJQQeI0JnLQgEQjQnaSBLMXx/cl00LyhpFzAvLGkAcyArNgxhZzskXj58KS1UMyMlMUEmLGkhUGgsIC5YOS0ucQMTdGFkFGdxZywAZGR8FhRncSM9XyA5amYBLXl5CwdhZHwWFGdxPSIUZgB2Yh9laGpmAT-IkLD9ecHMJZgFkcX9lAWRkfWRXPDMqMl4tZH0SCGNvf3JEaHA HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 595
date: Sat, 01 Oct 2022 22:22:28 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b78.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: F5X68qP15zeIEPgORBa_Y3FCK9V1AMBVFlSdOghku3j9HcL4lg_ohg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2406f709deebae46a57115b2a28c6dbe
c03cb7f48ebb34d140a0518ce5bdcbc592042913
b8d1f67bd3d1803167b7851e2e2eb69b0f2560aee0c27495b64b3cb993221a58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 22:22:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dmmzkfd82wayn.cloudfront.net/fYmVXVEMBCjkyfBYMM2l6VlxvYndEDyQ7LRJYJTEhBQ4ZAyYNVzITZRYfM2lzRAk2OiRfQzI6IF9UcTUnAFhjcjYDWDo7OQsJOzVmUCNienNHV2d8O1NUcmcBR1dnOCoMEC9xcVIdb2IcVFFyZwFHV2cmNUdWFm11TFV+cXFSAjI3KA1AZRJxUlRnZHJSVH-JmcwQMJTElDR1yZgVbU3lkZRdYZg
13.224.98.153200 OK 187 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/fYmVXVEMBCjkyfBYMM2l6VlxvYndEDyQ7LRJYJTEhBQ4ZAyYNVzITZRYfM2lzRAk2OiRfQzI6IF9UcTUnAFhjcjYDWDo7OQsJOzVmUCNienNHV2d8O1NUcmcBR1dnOCoMEC9xcVIdb2IcVFFyZwFHV2cmNUdWFm11TFV+cXFSAjI3KA1AZRJxUlRnZHJSVH-JmcwQMJTElDR1yZgVbU3lkZRdYZg
IP 13.224.98.153:0
File type ASCII text, with no line terminators
Hash 6b48b90c3133130c899a32852ff8e15f
7313a6c4cf308a22a82b939964d68bb219df4718
34aa703a8acf5cfab0782c148ae5ab4d2bd65db73f0a87909430e09cf79569f7
GET /fYmVXVEMBCjkyfBYMM2l6VlxvYndEDyQ7LRJYJTEhBQ4ZAyYNVzITZRYfM2lzRAk2OiRfQzI6IF9UcTUnAFhjcjYDWDo7OQsJOzVmUCNienNHV2d8O1NUcmcBR1dnOCoMEC9xcVIdb2IcVFFyZwFHV2cmNUdWFm11TFV+cXFSAjI3KA1AZRJxUlRnZHJSVH-JmcwQMJTElDR1yZgVbU3lkZRdYZg HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://begantotireo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 187
date: Sat, 01 Oct 2022 22:22:28 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b78.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: yo3PeZpODB08jfedNjRN1lqJAHgibE-f-dDmOzPJv9tpkgnGTWxH0g==
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sat, 01 Oct 2022 20:41:09 GMT
expires: Sat, 01 Oct 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 6079
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 280 B IP 104.18.32.68:0
Hash 8812897bca3236915e3d430052240422
699b40dce0d85bdfe92f407d2b962f0496b5070f
814e48413af6de66d4d014aa9f909b092564fc28253aa90cfda6de694563b73f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 22:22:28 GMT
Content-Type: application/ocsp-response
Content-Length: 280
Connection: keep-alive
Last-Modified: Fri, 30 Sep 2022 21:53:49 GMT
Expires: Fri, 07 Oct 2022 21:53:48 GMT
Etag: "699b40dce0d85bdfe92f407d2b962f0496b5070f"
Cache-Control: max-age=516079,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753898e049d10b49-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 76fda9bb7d23b03c4b8203e61267bdfb
37b1fcf2c92e99799ebca1623a646b255691cdc3
9782e91ebd1487e505b2009b9b9854d0d3f958a66d47fcceb368ad2eb2955d16
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5394
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 22:22:28 GMT
Last-Modified: Sat, 01 Oct 2022 20:52:34 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16441444a614c24e9dec5b59ca86d07c
135d180aed3bd344132c1305521407e498215d5c
7fcddd79a00a1550423d40ee04b1e4b595f5808c4c855389b5783056296a5878
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7FCDDD79A00A1550423D40EE04B1E4B595F5808C4C855389B5783056296A5878"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4359
Expires: Sat, 01 Oct 2022 23:35:07 GMT
Date: Sat, 01 Oct 2022 22:22:28 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2406f709deebae46a57115b2a28c6dbe
c03cb7f48ebb34d140a0518ce5bdcbc592042913
b8d1f67bd3d1803167b7851e2e2eb69b0f2560aee0c27495b64b3cb993221a58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 22:22:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16441444a614c24e9dec5b59ca86d07c
135d180aed3bd344132c1305521407e498215d5c
7fcddd79a00a1550423d40ee04b1e4b595f5808c4c855389b5783056296a5878
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7FCDDD79A00A1550423D40EE04B1E4B595F5808C4C855389B5783056296A5878"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4359
Expires: Sat, 01 Oct 2022 23:35:07 GMT
Date: Sat, 01 Oct 2022 22:22:28 GMT
Connection: keep-alive
begantotireo.xyz/utx?cb=EwQasyHGybTC&top=megaup.net&tid=761186
143.204.55.80204 No Content 0 B URL HTTP/2 begantotireo.xyz/utx?cb=EwQasyHGybTC&top=megaup.net&tid=761186
IP 143.204.55.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=EwQasyHGybTC&top=megaup.net&tid=761186 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 22:23:28 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7IvY9IJZv-KCQmTU1_clw5Mmwcc11OH_BzYbDNpWOjkgCGx9U24ejw==
X-Firefox-Spdy: h2
begantotireo.xyz/utx?cb=DLMNGQf1QCRq&top=megaup.net&tid=825911
143.204.55.80204 No Content 0 B URL HTTP/2 begantotireo.xyz/utx?cb=DLMNGQf1QCRq&top=megaup.net&tid=825911
IP 143.204.55.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=DLMNGQf1QCRq&top=megaup.net&tid=825911 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 22:23:28 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aqmCQfiH5nsXexIkFJ637Hq14AmUNEx9zwsAecXDw4miA2hLiF_LKw==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash 2a05a61102799985ea5212eab2c04b9a
3d6c4bb294264a6762bcc211c01b2f8b0e5b9c5f
29f31d7bed3af2e40298c74bfe972a79ba94511b99f53bbdf0891566c207fb6b
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 22:22:28 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1275907090%3A1664662948107267&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrRq9-fEFEluj5g0z9rEiM8ig1A0KoASqBSn_Up0C_EKDjSosMFJcoa_7GIjg8ZDdIZ29nD
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Q8bDqAQm4NjkXnlXyXpffg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:5MCpjCldUUe_hBwmfLyq1B0nJKQdEQ:yHmdZHtUZNn4phZN;Path=/;Expires=Mon, 30-Sep-2024 22:22:28 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j97&a=827583619&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2F1Nab1%2FSMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar&ul=en-us&de=UTF-8&dt=SMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=631762756&gjid=1568340167&cid=1405295481.1664662944&tid=UA-108868042-1&_gid=1035334986.1664662944&_r=1>m=2ou9s0&z=725104185
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j97&a=827583619&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2F1Nab1%2FSMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar&ul=en-us&de=UTF-8&dt=SMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=631762756&gjid=1568340167&cid=1405295481.1664662944&tid=UA-108868042-1&_gid=1035334986.1664662944&_r=1>m=2ou9s0&z=725104185
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j97&a=827583619&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2F1Nab1%2FSMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar&ul=en-us&de=UTF-8&dt=SMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=631762756&gjid=1568340167&cid=1405295481.1664662944&tid=UA-108868042-1&_gid=1035334986.1664662944&_r=1>m=2ou9s0&z=725104185 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain
Content-Length: 0
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://megaup.net
date: Sat, 01 Oct 2022 22:22:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash d0f698683b4ffa89e1828a94ef5b0f52
2e1268defc26c0e4801f088376ff7086f9a9c45c
99fdf370c2a29b4b3924419231770ac00077a78a444c88e56d39b33d6e94458c
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 22:22:28 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S235841065%3A1664662948163155&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrUCddLZv8YsCpWefF16aKzjLsk01m9hvVOcLjk0oDoOKI6r65plbq4h45VFgDYZC2ZEJ4h
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-w-nsuoRVHjANfTPoOSf5sQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:s6XvSH9QiNF-ppKr4WgS9cQR2Eukww:PwowV2sgGFjOLOwr;Path=/;Expires=Mon, 30-Sep-2024 22:22:28 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ab779588f01243aca896d41395f8bd90
b8ef2d7cdc6366c283db0d608766a126dce37164
5531deca73d8380883740395d82457f4d39761134404876881242e2135b1546a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 22:22:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dmmzkfd82wayn.cloudfront.net/
13.224.98.153200 OK 73 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/
IP 13.224.98.153:0
File type ASCII text, with no line terminators
Hash de37377b72195a4f064edf7ec8a76676
ed544d5b6a37acad78498099407c648a93316ddb
b3209cc0b1d1b71e85af4e843afe00a3079f3286d52b3fb47e72c6c5c48b8399
GET / HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 73
date: Sat, 01 Oct 2022 22:22:28 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b78.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: nrpxbM779vlG2Qy2Oa5Lr8H9f1HoggtcU-MfnYMagX9uvJLpaRN5-Q==
X-Firefox-Spdy: h2
ad.a-ads.com/1811811?size=300x250
136.243.14.10200 OK 5.9 kB URL HTTP/2 ad.a-ads.com/1811811?size=300x250
IP 136.243.14.10:0
ASN #24940 Hetzner Online GmbH
Hash 22b989858e44ad00875447aaec1527e2
ad7b89db687397abc583e8688cda180e315c3fb3
c3551b265e6958758cb1ab149ce7c5f011d6f610933b147281b9952f2bd66cd4
GET /1811811?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megaup.net/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
begantotireo.xyz/utx?cb=FXJludfStviI&top=megaup.net&tid=764141
143.204.55.80204 No Content 0 B URL HTTP/2 begantotireo.xyz/utx?cb=FXJludfStviI&top=megaup.net&tid=764141
IP 143.204.55.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=FXJludfStviI&top=megaup.net&tid=764141 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 22:23:28 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NxQnDFlTH1_jVISTdim8ObUbno1MEpPwsp9h4tOJf2lHS7AexWspPA==
X-Firefox-Spdy: h2
begantotireo.xyz/utx?cb=sVKLJY1oEfQz&top=megaup.net&tid=876318
143.204.55.80204 No Content 0 B URL HTTP/2 begantotireo.xyz/utx?cb=sVKLJY1oEfQz&top=megaup.net&tid=876318
IP 143.204.55.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=sVKLJY1oEfQz&top=megaup.net&tid=876318 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 22:23:28 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 32Xw0-JsbP4KqGGt2iUsBeZWS5qkxMxk9PePZLbHx8Q0AveSiA5wEA==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 103 kB IP 172.64.172.27:0
Size 103 kB (102871 bytes)
Hash 30d414396ec51501e75ab6f67391a366
9c83f91af0df6d67a5ebd763211b430614f977cd
0903b34c1629b727632c26b6466ed238a5c91c6f252b19c9d42c9a8b1dfe80d5
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4846
last-modified: Sat, 01 Oct 2022 21:01:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5kt%2Byq5YFRbVSRAje0MG8%2F2Se%2F9dtLA3qlq2Zz7tVXd%2F2hNIWcLb57S2k150zHwNJZYysBFz9eMvDhpxJIHwqN5rxsqT%2BewNRcW1k7OGGW8zTz447zicfXedWHE0cb%2F%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 753898e1e8c47545-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.exdynsrv.com/v1/api.php
95.211.229.247200 OK 2.4 kB URL HTTP/1.1 syndication.exdynsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5240), with no line terminators
Hash 1198ef08a65fe8bc7905f32649c260d3
d13222f2cd5d28d0cb54e2ab1c927fc0b1a1f482
ddddb810e31cdfa81953e00372b28fa949b71e8f96dfcd6e56a4e4137af78579
POST /v1/api.php HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 307
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 22:22:28 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226338bda4243f61.374889101535993444%22%3B%7D; expires=Mon, 30-Sep-2024 22:22:28 GMT; Max-Age=63072000; path=/; domain=exdynsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
static.a-ads.com/a-ads-banners/217388/300x250?region=eu-central-1
136.243.14.10200 OK 513 kB URL HTTP/2 static.a-ads.com/a-ads-banners/217388/300x250?region=eu-central-1
IP 136.243.14.10:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Size 513 kB (512868 bytes)
Hash d8740ea9f630dbf2b635424c34b5fb5f
f5b14ed1856ce8ede75643d3076fe639b3b21b81
78bee7d5eaa0bb8e522cfbdc85a78d98a6381dd7823b0216b761e557116bfee4
GET /a-ads-banners/217388/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: image/gif
content-length: 512868
x-amz-id-2: FKL5iUx6gEGuERKl8DHnUUbaBquGuFoJTRV5xn2XNN8S7mVXU//RkKUezfBRcSmDbxePxVbLBDg=
x-amz-request-id: V9EC9HNA5W01HZDR
x-amz-replication-status: COMPLETED
last-modified: Sun, 11 Jul 2021 13:31:49 GMT
etag: "d8740ea9f630dbf2b635424c34b5fb5f"
cache-control: max-age=315360000
x-amz-version-id: IM1hs549ltWXfjQ_A5SLwzNwHHxFsfUH
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01O7UoEMQx8FV9gSz67zf32t4LiA7S7PX95CCoozMPb7uFhhoS0mUxGSGRhWojvuJxETlIQnIKSSWI3PDw+wRhv/bV+vadL/4Q7G2XkCLJBViuSYZaNS4YzwyUkBmN1dcqrgB0KGhBXs9klImIuKISX5/sjeUAIo86TGD5s9PQ990Jb5R6ufW1bUT5vjfaItWnndae5Sv8t0hWJc/iU/fuAsqmYYOHbwzCCcIzrx89lA270q1n4oaBgMxpyfa/UdFeLyr5VJ1Nvca4etfTayy/ufJnaVAEAAA==
95.211.229.247200 OK 48 B URL HTTP/1.1 syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01O7UoEMQx8FV9gSz67zf32t4LiA7S7PX95CCoozMPb7uFhhoS0mUxGSGRhWojvuJxETlIQnIKSSWI3PDw+wRhv/bV+vadL/4Q7G2XkCLJBViuSYZaNS4YzwyUkBmN1dcqrgB0KGhBXs9klImIuKISX5/sjeUAIo86TGD5s9PQ990Jb5R6ufW1bUT5vjfaItWnndae5Sv8t0hWJc/iU/fuAsqmYYOHbwzCCcIzrx89lA270q1n4oaBgMxpyfa/UdFeLyr5VJ1Nvca4etfTayy/ufJnaVAEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash 0d90ef592de1d8b0052261798a2c25c6
8d0fc5eb95ca5a33c0eff89c948930e4f76d144b
7b561a23f773b7f7eac1f3cd7cce118323ef102b8aad7d0c9a0cb9d982a9315f
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01O7UoEMQx8FV9gSz67zf32t4LiA7S7PX95CCoozMPb7uFhhoS0mUxGSGRhWojvuJxETlIQnIKSSWI3PDw+wRhv/bV+vadL/4Q7G2XkCLJBViuSYZaNS4YzwyUkBmN1dcqrgB0KGhBXs9klImIuKISX5/sjeUAIo86TGD5s9PQ990Jb5R6ufW1bUT5vjfaItWnndae5Sv8t0hWJc/iU/fuAsqmYYOHbwzCCcIzrx89lA270q1n4oaBgMxpyfa/UdFeLyr5VJ1Nvca4etfTayy/ufJnaVAEAAA== HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226338bda4243f61.374889101535993444%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 22:22:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226338bda4243f61.374889101535993444%22%3B%7D; expires=Mon, 30 Sep 2024 22:22:28 GMT; path=; domain=.exdynsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226338bda4243f61.374889101535993444%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22511.0199%22%7D; expires=Mon, 30 Sep 2024 22:22:28 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
fhisladyloveh.xyz/utx?tid=832633&top=megaup.net&cb=M6khf2OUXvF5
54.230.111.27204 No Content 0 B URL HTTP/2 fhisladyloveh.xyz/utx?tid=832633&top=megaup.net&cb=M6khf2OUXvF5
IP 54.230.111.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=832633&top=megaup.net&cb=M6khf2OUXvF5 HTTP/1.1
Host: fhisladyloveh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 01 Oct 2022 22:22:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 01 Oct 2022 22:23:28 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: urh2d1GvOUGY_n-HVAqtHnK9K5yTwb3iTTvNLIE5FBSYfyINEDdBkg==
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/551406/df77b12b1430519b8a4ad553ee1c08c5abcc34f5.jpg
185.76.9.14200 OK 12 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/551406/df77b12b1430519b8a4ad553ee1c08c5abcc34f5.jpg
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 47b239f5f7f93527c72c9b1b87999a0c
df77b12b1430519b8a4ad553ee1c08c5abcc34f5
5f674910cc840142adf59454d0c5f799549c7ada943c49f07ccca90086f05f60
GET /library/551406/df77b12b1430519b8a4ad553ee1c08c5abcc34f5.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: image/jpeg
content-length: 11616
last-modified: Wed, 08 Jun 2022 05:29:21 GMT
etag: "62a033b1-2d60"
expires: Fri, 30 Jun 2023 18:20:00 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688300730
server: CDN77-Turbo
x-77-nzt: AblMCQ0W8nL/aoR4AA
x-77-nzt-ray: 2G2CFJHx5/A
x-cache: HIT
x-age: 7898218
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 49c9481e383702626ca5f785cef0b5c4
b9edb478f361f6ed4402227a196f319b4dce4395
3204f6d27c12a24bf2b1774245be8047a49bb2b8be0a417090626cc39b195c63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3204F6D27C12A24BF2B1774245BE8047A49BB2B8BE0A417090626CC39B195C63"
Last-Modified: Thu, 29 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1792
Expires: Sat, 01 Oct 2022 22:52:20 GMT
Date: Sat, 01 Oct 2022 22:22:28 GMT
Connection: keep-alive
begantotireo.xyz/multi?cs=cnR3SkpHQUV6eUpHQ3JzR0VFf3k&abt=0&red=1&sm=76&k=download%20file%20smodysey%20nswtch%20base%20ziperto%20part1&v=1.0.60.0&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&u=1863718914516983&agec=1664662948&fs=1&mbkb=155.27950310559007&ref=https%3A%2F%2Fmegaup.net%2F1Nab1%2FSMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_5q8V=1664662944799&crc=1
143.204.55.80200 OK 1.5 kB URL HTTP/2 begantotireo.xyz/multi?cs=cnR3SkpHQUV6eUpHQ3JzR0VFf3k&abt=0&red=1&sm=76&k=download%20file%20smodysey%20nswtch%20base%20ziperto%20part1&v=1.0.60.0&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&u=1863718914516983&agec=1664662948&fs=1&mbkb=155.27950310559007&ref=https%3A%2F%2Fmegaup.net%2F1Nab1%2FSMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_5q8V=1664662944799&crc=1
IP 143.204.55.80:0
File type ASCII text, with very long lines (3191), with no line terminators
Hash d9797f23b8b7ed6c408735be3d9a8cef
e85c04a1bc45d6ab5f3b44420630d5ac539665ae
917cfc036fd0a8eabc765be393d91d72021af3fc893d1dbc04a79549b29ac353
GET /multi?cs=cnR3SkpHQUV6eUpHQ3JzR0VFf3k&abt=0&red=1&sm=76&k=download%20file%20smodysey%20nswtch%20base%20ziperto%20part1&v=1.0.60.0&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&u=1863718914516983&agec=1664662948&fs=1&mbkb=155.27950310559007&ref=https%3A%2F%2Fmegaup.net%2F1Nab1%2FSMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_5q8V=1664662944799&crc=1 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1490
date: Sat, 01 Oct 2022 22:22:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=54e3675c-50b4-4e5e-82bf-08c84caefd39
csu=1863718914516983
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NtdLnF_Olsk63hspcJy4gsS4ble0yMuXGEDaQxUmlR4GIZco-CDFhQ==
X-Firefox-Spdy: h2
tsapphires.buzz/
44.195.137.121200 OK 0 B IP 44.195.137.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Content-Length: 382
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31568, version 1.1\012- data
Hash e0c4ac0e73196bd0469c5c33304b7773
bb071565f82907d117b0732dca8013409162c67d
ff3bf3a4a1bf2b922157b18d0e8cddd95f2fc2dfe09c30a3ce67bc11a84c67af
GET /themes/flow/frontend_assets/fonts/raleway_bold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5; _ga=GA1.2.1405295481.1664662944; _gid=GA1.2.1035334986.1664662944; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: font/woff
content-length: 31568
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7b50"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
tsapphires.buzz/
44.195.137.121200 OK 0 B IP 44.195.137.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://megaup.net
Content-Length: 351
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
begantotireo.xyz/floater?cs=a2ZHcnpfX39FQ1lUc0pIU19%2FSkM&abt=0&red=1&sm=83&k=download%20file%20smodysey%20nswtch%20base%20ziperto%20part1&v=0.8.10.0&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&u=1863718914516983&agec=1664662948&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=155.27950310559007&ref=https%3A%2F%2Fmegaup.net%2F1Nab1%2FSMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_Gw0F=1664662944798&crc=1
143.204.55.80200 OK 5.9 kB URL HTTP/2 begantotireo.xyz/floater?cs=a2ZHcnpfX39FQ1lUc0pIU19%2FSkM&abt=0&red=1&sm=83&k=download%20file%20smodysey%20nswtch%20base%20ziperto%20part1&v=0.8.10.0&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&u=1863718914516983&agec=1664662948&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=155.27950310559007&ref=https%3A%2F%2Fmegaup.net%2F1Nab1%2FSMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_Gw0F=1664662944798&crc=1
IP 143.204.55.80:0
File type ASCII text, with very long lines (9179), with no line terminators
Hash ace2606f71ae8fed4be674dc452ae235
7c6ffa7d43734d214783057c2d1896deea9ee114
9dd7d2af2e0bf496ecf695d9eb5838930f0860c7a1dac71db6fb96bfa7ce7ece
GET /floater?cs=a2ZHcnpfX39FQ1lUc0pIU19%2FSkM&abt=0&red=1&sm=83&k=download%20file%20smodysey%20nswtch%20base%20ziperto%20part1&v=0.8.10.0&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&u=1863718914516983&agec=1664662948&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=155.27950310559007&ref=https%3A%2F%2Fmegaup.net%2F1Nab1%2FSMODYSEY-NSwTcH-%5BBASE%5D-NSP-Ziperto.part1.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_Gw0F=1664662944798&crc=1 HTTP/1.1
Host: begantotireo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 5853
date: Sat, 01 Oct 2022 22:22:29 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=e4b05f43-eeed-4b2d-9108-94fae29df06a
csu=1863718914516983
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QxVyz7-JEe1qTocVqhosAf7GCP2hPixO2FbQghoQgbCf7TeG5anLZg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8257
Expires: Sun, 02 Oct 2022 00:40:06 GMT
Date: Sat, 01 Oct 2022 22:22:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8257
Expires: Sun, 02 Oct 2022 00:40:06 GMT
Date: Sat, 01 Oct 2022 22:22:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8257
Expires: Sun, 02 Oct 2022 00:40:06 GMT
Date: Sat, 01 Oct 2022 22:22:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8257
Expires: Sun, 02 Oct 2022 00:40:06 GMT
Date: Sat, 01 Oct 2022 22:22:29 GMT
Connection: keep-alive
tsapphires.buzz/Z2NrMFE8QVMDY1FQWBJ9RUFHEjdTB1IFYAIHRgNhV1pGBGlQBUYIN1FWRghgBVoKB2YCUl5TN0VPSQRnBVANBzJRTloEN1ZOXwliUU5SU2FWTlMDaFICX1IzXltaAnNLQRhHc0tBH0MwFxMDWSMCEEVSJB0ZSRxzVlNFBXNLBQpcIgJPDVE9FAZHVjALEA5t
44.195.137.121200 OK 28 kB URL HTTP/2 tsapphires.buzz/Z2NrMFE8QVMDY1FQWBJ9RUFHEjdTB1IFYAIHRgNhV1pGBGlQBUYIN1FWRghgBVoKB2YCUl5TN0VPSQRnBVANBzJRTloEN1ZOXwliUU5SU2FWTlMDaFICX1IzXltaAnNLQRhHc0tBH0MwFxMDWSMCEEVSJB0ZSRxzVlNFBXNLBQpcIgJPDVE9FAZHVjALEA5t
IP 44.195.137.121:0
Hash 5b9d6be9dc11f9bf40b4b01cf73e980c
c3ca35f6699f61ddc6b6447ff0d593758cc0c5d1
0bbf0b0d5af5afd5f42e26c35c46a42347a9a361e00c8f702a06b4c723546a23
GET /Z2NrMFE8QVMDY1FQWBJ9RUFHEjdTB1IFYAIHRgNhV1pGBGlQBUYIN1FWRghgBVoKB2YCUl5TN0VPSQRnBVANBzJRTloEN1ZOXwliUU5SU2FWTlMDaFICX1IzXltaAnNLQRhHc0tBH0MwFxMDWSMCEEVSJB0ZSRxzVlNFBXNLBQpcIgJPDVE9FAZHVjALEA5t HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 2ef7d1321c1b8e07dca35814d5137bc9=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8445-9zw7/UN/Ei9trxTeiebrsdsdeos"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7a6e7d5-efdf-4904-b660-ffb0d8ffd4d3.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7a6e7d5-efdf-4904-b660-ffb0d8ffd4d3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e711c6bf0d0808f0b5c57b80916eba4d
36c8dcdfdc2c59246ba9d999ddffd5387f68155e
e252f3c857e18ddaea7059bfb19826ac5e47c694ce57068d85f60bd1ac5f6c25
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7a6e7d5-efdf-4904-b660-ffb0d8ffd4d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6101
x-amzn-requestid: 0edbc5d1-324f-4b4f-a55c-b9333f2bb6a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpnFumIAMFoEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-1422f70670e89174415c1aba;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hG5L6pTNHLcM-nBovmH6kFuFK5oXJuxVWsnaffj6L8bDlGnpFVJFKg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:55:55 GMT
age: 1594
etag: "36c8dcdfdc2c59246ba9d999ddffd5387f68155e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash edded48f558f739287a040151349ef67
d63b6ba630736d32c364b0e6a369274b2389b7ff
33b4a459df0ba7b36b907ba96d74e08660cc75640c42a5748b97d18ec2e9d533
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11083
x-amzn-requestid: 53e2c961-bcc0-4977-8648-ee3c1aed9cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHRFWfIAMFhlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3c7-070212d7386d5efa1b4aa8d3;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1KmxHJh9QNfg5x0enkqOjbmiqHvg7nlQiMnuDuCRNWQUBFEiKELbw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
etag: "d63b6ba630736d32c364b0e6a369274b2389b7ff"
content-type: image/jpeg
age: 1734
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tsapphires.buzz/
44.195.137.121200 OK 0 B IP 44.195.137.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://megaup.net
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11f2e40823827b62bca89d18ee279cb2
fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38
c7811cb947483a033f31ff1e93b813f1bbc49b03ed78fcedab2090c71e5c4d1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: e83a86d3-f5ab-4645-92df-4b2da3d4afa3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDgmFdlIAMFzQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2d0-48c3fa150800475c790b95bd;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: f1aqkuvCub_vq9gBDgA4VL8hNf16FXzXhQjSHC1yDLISm85uOqJF9w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:54:50 GMT
etag: "fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38"
content-type: image/jpeg
age: 1659
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4230b0ca-f194-4ba4-bdd1-69ebd8421799.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4230b0ca-f194-4ba4-bdd1-69ebd8421799.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91c3d94a9442b6a9c2103c8cda90ddcd
335a691d7ca92b74a69c349d7a25a8a15dbda5c8
38018ebad5d3ad8ad02c5bc732d0879a3275c28795e9dc141e35f673a03ce349
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4230b0ca-f194-4ba4-bdd1-69ebd8421799.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6942
x-amzn-requestid: 312f14b3-7734-4013-a652-1e0132f247eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpnGewIAMF_1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-49ec997d74e55c63500e960f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: wowfOaUJdM-_XK1Tp8R6ItYDYUfRUmWLEyUhvfcLK6WHGzSw_1_vtw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:52:27 GMT
age: 1802
etag: "335a691d7ca92b74a69c349d7a25a8a15dbda5c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: f0791b53-3c5f-4d94-954d-992a529ebb60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPnunF35oAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63361ff6-2adb303349153ced73ccecf6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 22:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: F3fk5JnJ9ZFNPan-8DuLb4kuTiYKfniBar3qNlsuqd8a0saW3sEGvQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 04:41:31 GMT
age: 63658
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2f7b4ee2e38889b89193a93851cb79c7
73bf86be268a4dde44f91b499e89d94939daa6ba
e5bd035cf5a76f7116b4b01301658e4bb4c807d585fa8262ea8a53d918e4dcf9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E5BD035CF5A76F7116B4B01301658E4BB4C807D585FA8262EA8A53D918E4DCF9"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15947
Expires: Sun, 02 Oct 2022 02:48:18 GMT
Date: Sat, 01 Oct 2022 22:22:31 GMT
Connection: keep-alive
stunningruin.com/winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu%2Bf32snhRWQ%2FCCuNNQSbdk9lJj4sEYzYSzG6WXRc9KdVV1ZPX9FQ1VV3Tk5yCguxJRjz4ceo8%2BUJdZf0DXKWz4CEgZG4Rzd2TorBnmTFm9IXm%2FXjew9Pv89T72%2F6UBfD8ZPG62aQ05TNXGkH9uTfD8Gp9hbQf1AdR%2B%2B1262rd9l%2FstBvB8%2FVXlVg3M80gDIIwCOtLZFViBjNjEJTd64SNTtBoNRvhlRYGtoTzNTheg%2ByfsidBcnThYe0SSFTQvfuLyq3nJnvhWs%2BnPDcWfXlwR69rU2j0pmVia0j0wdk2jDteegCj9yYUYfrnizGNWO2HB4j1wRkxxP3dCbc4hdKI5WMo%2BhVUWoF4BWHeA8ljBgiJG6vQvf0bxhZ842%2BUj9ERu%2FDoT1AxYhd%2BuQTd%2B3ohpUH9tkl9TkY7DJISNKhA3QqZP0S%2ByUDFIUT%2BLkj%2ByGYerUD3dlddakCynPw7UQVKKqRqCO4Y%2FPgjBp%2FU4LMaevKkLsIwnAuk4EHUEWJWzqm4LYOQzyUhD4N2BC%2FG9IbIsyFEOoSwW8jsFtZpCOs%2FALkKnpegrETm9qPmlU4YQomj%2BV8%2FHcdn4HRSbwUtMReqmLdaoWjHTdWO4iSZ5XGUtKMwVojpaH7eP379zjNrSIlB8aPvfmeTgNMltC93tKUSVh2xs9ixMj%2BaP99aK%2BEkg8sZ%2BrJEoRgKx1BwhoIYipyh6Jd7MnVNV%2B7L1Pk4PMvNszxb7pi8W%2B6ZvKs0285O2RMTbf4Qb2FdndSTQDSjpNOabUatTieOZGtuth21pQhlpFqRhKN%2FLkDuf%2BCuhk0asad%2B%2Fg3Z2DXyI8T8EC49hKBnwf1l8KIEXyuxqUtIc9%2FlXmvSXetJN4TpIcsvIt%2Bobaen7OkJl%2FYnd%2F9zXmFLZLbEO%2FSQoZve3bllCrZ7yxSOfbOa5dSjTT720O2c5%2Br%2FX7ymNgpj5fKiG37%2BshgD4%2FLe68rlK1xL0l3HvlwgKZVdMlYo9u2ye0PFN71bW%2FBW%2B2zl5itLy73MKufI6Aqcjq99DEEjdvHDnyaP4%2FJXL4FsBetL9Py5XCBTQWRbcNl05gyDTad9nDEUvtyxzXg6HBsineoOHpdw%2F%2Brjab3tvoejErljfwEAAP%2F%2FAQAA%2F%2F%2BA5BnSeQQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1664662948&pid=91283&sub2=icon&auid=404c71eba441c6b2e68bff3ab8f681be&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
192.243.61.228307 Temporary Redirect 0 B URL HTTP/1.1 stunningruin.com/winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu%2Bf32snhRWQ%2FCCuNNQSbdk9lJj4sEYzYSzG6WXRc9KdVV1ZPX9FQ1VV3Tk5yCguxJRjz4ceo8%2BUJdZf0DXKWz4CEgZG4Rzd2TorBnmTFm9IXm%2FXjew9Pv89T72%2F6UBfD8ZPG62aQ05TNXGkH9uTfD8Gp9hbQf1AdR%2B%2B1262rd9l%2FstBvB8%2FVXlVg3M80gDIIwCOtLZFViBjNjEJTd64SNTtBoNRvhlRYGtoTzNTheg%2ByfsidBcnThYe0SSFTQvfuLyq3nJnvhWs%2BnPDcWfXlwR69rU2j0pmVia0j0wdk2jDteegCj9yYUYfrnizGNWO2HB4j1wRkxxP3dCbc4hdKI5WMo%2BhVUWoF4BWHeA8ljBgiJG6vQvf0bxhZ842%2BUj9ERu%2FDoT1AxYhd%2BuQTd%2B3ohpUH9tkl9TkY7DJISNKhA3QqZP0S%2ByUDFIUT%2BLkj%2ByGYerUD3dlddakCynPw7UQVKKqRqCO4Y%2FPgjBp%2FU4LMaevKkLsIwnAuk4EHUEWJWzqm4LYOQzyUhD4N2BC%2FG9IbIsyFEOoSwW8jsFtZpCOs%2FALkKnpegrETm9qPmlU4YQomj%2BV8%2FHcdn4HRSbwUtMReqmLdaoWjHTdWO4iSZ5XGUtKMwVojpaH7eP379zjNrSIlB8aPvfmeTgNMltC93tKUSVh2xs9ixMj%2BaP99aK%2BEkg8sZ%2BrJEoRgKx1BwhoIYipyh6Jd7MnVNV%2B7L1Pk4PMvNszxb7pi8W%2B6ZvKs0285O2RMTbf4Qb2FdndSTQDSjpNOabUatTieOZGtuth21pQhlpFqRhKN%2FLkDuf%2BCuhk0asad%2B%2Fg3Z2DXyI8T8EC49hKBnwf1l8KIEXyuxqUtIc9%2FlXmvSXetJN4TpIcsvIt%2Bobaen7OkJl%2FYnd%2F9zXmFLZLbEO%2FSQoZve3bllCrZ7yxSOfbOa5dSjTT720O2c5%2Br%2FX7ymNgpj5fKiG37%2BshgD4%2FLe68rlK1xL0l3HvlwgKZVdMlYo9u2ye0PFN71bW%2FBW%2B2zl5itLy73MKufI6Aqcjq99DEEjdvHDnyaP4%2FJXL4FsBetL9Py5XCBTQWRbcNl05gyDTad9nDEUvtyxzXg6HBsineoOHpdw%2F%2Brjab3tvoejErljfwEAAP%2F%2FAQAA%2F%2F%2BA5BnSeQQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1664662948&pid=91283&sub2=icon&auid=404c71eba441c6b2e68bff3ab8f681be&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 192.243.61.228:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu%2Bf32snhRWQ%2FCCuNNQSbdk9lJj4sEYzYSzG6WXRc9KdVV1ZPX9FQ1VV3Tk5yCguxJRjz4ceo8%2BUJdZf0DXKWz4CEgZG4Rzd2TorBnmTFm9IXm%2FXjew9Pv89T72%2F6UBfD8ZPG62aQ05TNXGkH9uTfD8Gp9hbQf1AdR%2B%2B1262rd9l%2FstBvB8%2FVXlVg3M80gDIIwCOtLZFViBjNjEJTd64SNTtBoNRvhlRYGtoTzNTheg%2ByfsidBcnThYe0SSFTQvfuLyq3nJnvhWs%2BnPDcWfXlwR69rU2j0pmVia0j0wdk2jDteegCj9yYUYfrnizGNWO2HB4j1wRkxxP3dCbc4hdKI5WMo%2BhVUWoF4BWHeA8ljBgiJG6vQvf0bxhZ842%2BUj9ERu%2FDoT1AxYhd%2BuQTd%2B3ohpUH9tkl9TkY7DJISNKhA3QqZP0S%2ByUDFIUT%2BLkj%2ByGYerUD3dlddakCynPw7UQVKKqRqCO4Y%2FPgjBp%2FU4LMaevKkLsIwnAuk4EHUEWJWzqm4LYOQzyUhD4N2BC%2FG9IbIsyFEOoSwW8jsFtZpCOs%2FALkKnpegrETm9qPmlU4YQomj%2BV8%2FHcdn4HRSbwUtMReqmLdaoWjHTdWO4iSZ5XGUtKMwVojpaH7eP379zjNrSIlB8aPvfmeTgNMltC93tKUSVh2xs9ixMj%2BaP99aK%2BEkg8sZ%2BrJEoRgKx1BwhoIYipyh6Jd7MnVNV%2B7L1Pk4PMvNszxb7pi8W%2B6ZvKs0285O2RMTbf4Qb2FdndSTQDSjpNOabUatTieOZGtuth21pQhlpFqRhKN%2FLkDuf%2BCuhk0asad%2B%2Fg3Z2DXyI8T8EC49hKBnwf1l8KIEXyuxqUtIc9%2FlXmvSXetJN4TpIcsvIt%2Bobaen7OkJl%2FYnd%2F9zXmFLZLbEO%2FSQoZve3bllCrZ7yxSOfbOa5dSjTT720O2c5%2Br%2FX7ymNgpj5fKiG37%2BshgD4%2FLe68rlK1xL0l3HvlwgKZVdMlYo9u2ye0PFN71bW%2FBW%2B2zl5itLy73MKufI6Aqcjq99DEEjdvHDnyaP4%2FJXL4FsBetL9Py5XCBTQWRbcNl05gyDTad9nDEUvtyxzXg6HBsineoOHpdw%2F%2Brjab3tvoejErljfwEAAP%2F%2FAQAA%2F%2F%2BA5BnSeQQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1664662948&pid=91283&sub2=icon&auid=404c71eba441c6b2e68bff3ab8f681be&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: stunningruin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Sat, 01 Oct 2022 22:22:31 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9c1bc202be0d57bedacc5683bc64e9a4
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3ac6b2ffa7527d2b4a73da615e7c2e6d
23510e23ed963463bd5b401f5a4b865015cf72a7
e6c40842ed4f61767f82457728ff9a8ef2bc92ffd74b4e70c1fd32553f3efdcf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6C40842ED4F61767F82457728FF9A8EF2BC92FFD74B4E70C1FD32553F3EFDCF"
Last-Modified: Fri, 30 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10468
Expires: Sun, 02 Oct 2022 01:16:59 GMT
Date: Sat, 01 Oct 2022 22:22:31 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
45.133.44.9200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Hash 70cf8250da1a25a7b445231428af7828
a849d338423d2919949340838c768bba90b9081c
b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:31 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Mon, 03 Oct 2022 22:22:31 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31900, version 1.1\012- data
Hash 1b285c8e5b7445a8e434b2cdf036bab2
c97d4772fbb5c5637d466b5f991bc7ec28830b32
09b979826f2ac158a63ba234042c66414c21282d0bb46eadc62c64a873778825
GET /themes/flow/frontend_assets/fonts/raleway_medium.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5; _ga=GA1.2.1405295481.1664662944; _gid=GA1.2.1035334986.1664662944; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:33 GMT
content-type: font/woff
content-length: 31900
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c9c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 61e845561ee0b34521ccd8136d6181c5
da8bb664d728679756bf4a8aaad11b2be7a9c0fd
21e1487804f5b17ba9dfe85351f47fa252f92c85932499ee2cced9ff40e02dde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "21E1487804F5B17BA9DFE85351F47FA252F92C85932499EE2CCED9FF40E02DDE"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13685
Expires: Sun, 02 Oct 2022 02:10:40 GMT
Date: Sat, 01 Oct 2022 22:22:35 GMT
Connection: keep-alive
agagraveleran.com/icon?ctx=6SLfRIUt1s6c-7qooRqKyc4hLG09d0SRYpEHXldjPZmtUWgoSPIWOTgivarp6V6MRwT1RxeWL00ce_ICnZZBSdWjg-ik05HZfShWu6B8XqJJSZrqYuqhG1GcJJgj94vM2RwKo4kaFQoEhCsHy9FEbKmHk5ZJ0p0sjPctQA-a7cMD8Jq5B2qMPZdvWF1d_nN2JgS-2Aq4FWSidRgn7Or6aqJxIZeq5MsTjocmdReE3UV3OKeXtCJ1k7ifPewEC2fuCK187bstQ4a3uRJ_PuUbWiLIP7MZILFd&z=3324887
139.45.195.6301 Moved Permanently 0 B URL HTTP/1.1 agagraveleran.com/icon?ctx=6SLfRIUt1s6c-7qooRqKyc4hLG09d0SRYpEHXldjPZmtUWgoSPIWOTgivarp6V6MRwT1RxeWL00ce_ICnZZBSdWjg-ik05HZfShWu6B8XqJJSZrqYuqhG1GcJJgj94vM2RwKo4kaFQoEhCsHy9FEbKmHk5ZJ0p0sjPctQA-a7cMD8Jq5B2qMPZdvWF1d_nN2JgS-2Aq4FWSidRgn7Or6aqJxIZeq5MsTjocmdReE3UV3OKeXtCJ1k7ifPewEC2fuCK187bstQ4a3uRJ_PuUbWiLIP7MZILFd&z=3324887
IP 139.45.195.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /icon?ctx=6SLfRIUt1s6c-7qooRqKyc4hLG09d0SRYpEHXldjPZmtUWgoSPIWOTgivarp6V6MRwT1RxeWL00ce_ICnZZBSdWjg-ik05HZfShWu6B8XqJJSZrqYuqhG1GcJJgj94vM2RwKo4kaFQoEhCsHy9FEbKmHk5ZJ0p0sjPctQA-a7cMD8Jq5B2qMPZdvWF1d_nN2JgS-2Aq4FWSidRgn7Or6aqJxIZeq5MsTjocmdReE3UV3OKeXtCJ1k7ifPewEC2fuCK187bstQ4a3uRJ_PuUbWiLIP7MZILFd&z=3324887 HTTP/1.1
Host: agagraveleran.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 01 Oct 2022 22:22:35 GMT
Content-Length: 0
Connection: keep-alive
Location: https://outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b65ba8b4c7b201d01732d77ac1e10727
767762baaba5f4a669f15024850b84ebd7889084
6d32c7731d9ef9c64ae737e67e5faef34c28dcfde6441af9f8445ac7848f3a1d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6D32C7731D9EF9C64AE737E67E5FAEF34C28DCFDE6441AF9F8445AC7848F3A1D"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17324
Expires: Sun, 02 Oct 2022 03:11:19 GMT
Date: Sat, 01 Oct 2022 22:22:35 GMT
Connection: keep-alive
outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
104.22.28.221200 OK 23 kB URL HTTP/2 outsimiseara.com/www/images/7a555faea541a27da9de79a0e67abf9b.jpeg
IP 104.22.28.221:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 7a555faea541a27da9de79a0e67abf9b
c6650bdf11a8badb1f4ea8eff3003928c5df877f
170b360c4605bbcc8939aa230ff5bb5d274bb6163e50cf47c6e00d3284e4c01e
GET /www/images/7a555faea541a27da9de79a0e67abf9b.jpeg HTTP/1.1
Host: outsimiseara.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:35 GMT
content-type: image/jpeg
content-length: 23018
cache-control: max-age=86400
cf-bgj: h2pri
etag: "5e240fa2-59ea"
expires: Sun, 02 Oct 2022 13:58:33 GMT
last-modified: Sun, 19 Jan 2020 08:13:22 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 30240
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7538990e8f94b4fa-OSL
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/responsive.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/responsive.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/responsive.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-e56"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.tmpl.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.tmpl.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.tmpl.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3cb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-process.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-process.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-process.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/nav/jquery.nav.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1547"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3ead"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
societingna.info/d212WFAMTwUvDwIfGnpqVQUCLCAEV1l3PRIKFy0gWQMTLH8EGlgyI1VBVCs9EU9MaXxVGRc%2FDx4JVGJyT15EbmNET1p6IwIPKTE0RU9MejZDCU9tYRIJW2tgR1RbbGhAC1tgNkFYW2BhFVQXb2cSXEM7NlUQ
44.195.137.121200 OK 0 B URL HTTP/2 societingna.info/d212WFAMTwUvDwIfGnpqVQUCLCAEV1l3PRIKFy0gWQMTLH8EGlgyI1VBVCs9EU9MaXxVGRc%2FDx4JVGJyT15EbmNET1p6IwIPKTE0RU9MejZDCU9tYRIJW2tgR1RbbGhAC1tgNkFYW2BhFVQXb2cSXEM7NlUQ
IP 44.195.137.121:0
Analyzer Verdict Alert fortinet Malware
GET /d212WFAMTwUvDwIfGnpqVQUCLCAEV1l3PRIKFy0gWQMTLH8EGlgyI1VBVCs9EU9MaXxVGRc%2FDx4JVGJyT15EbmNET1p6IwIPKTE0RU9MejZDCU9tYRIJW2tgR1RbbGhAC1tgNkFYW2BhFVQXb2cSXEM7NlUQ HTTP/1.1
Host: societingna.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: a758898c25738f5257bad7530f0bf739=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e0fa-11S+Ou82K6trc2ug5sZbbGZb9Bo"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/custom.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/custom.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/custom.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3577"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.iframe-transport.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.iframe-transport.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.iframe-transport.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2427"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cdf"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/gauge.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/gauge.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/gauge.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45b8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/images/icons/favicon/favicon.ico HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: image/x-icon
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-47e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/file-upload.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/styles/file-upload.css
IP 91.209.70.182:0
GET /themes/flow/styles/file-upload.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-21ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.dataTables.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.dataTables.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.dataTables.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-10fe4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/load-image.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/load-image.min.js
IP 91.209.70.182:0
GET /themes/flow/js/load-image.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-9f2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
IP 91.209.70.182:0
GET /themes/flow/js/zeroClipboard/ZeroClipboard.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3bd2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/css/settings.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-ce4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4846
last-modified: Sat, 01 Oct 2022 21:01:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jcz0LlLTsbLc%2FioKCMwNeLlT24Ioo56KYC48VxPktQ7j4%2B3FwgA6dmbcZPLSJhHD91txjRzt1Ydzxoa0s6nz8zLebpWDDMJVlGhRknyyGIuCH%2FGY6ynfTdyEthVPrqCS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 753898e1e8c57545-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: text/plain
set-cookie: csu=1728531329201461@1@1664662948; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9zVLnAUnNUv960p30Vg6Y7tpTxIco70oDEIub%2BdU9TIeFZoJlNYUB7CtAr1ao9XLPPmr0j3ygK3tV6VPJ%2BuQU05rKVU7JT7nnSEZ7CFlMvF74wJSxSdSVCXR%2FsisznKQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 753898e1e8c77545-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
IP 91.209.70.182:0
GET /1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5; expires=Sun, 02-Oct-2022 22:22:26 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/All-stylesheets.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-153"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/colors/flow.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/colors/flow.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/colors/flow.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-a83"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-61ef"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.221.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: gxDPJXAL8q6X3yN48pPoka4nePtiCWgrhioGLlJ3I0Ke6PvOoG+JiHIKMi7vWIHcVeKmH+v2vXoVgMwhOV213Q==
date: Sat, 01 Oct 2022 22:22:28 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/retina/retina.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/retina/retina.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/retina/retina.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-52e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/custom/custom.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/custom/custom.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/custom/custom.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1420"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
IP 91.209.70.182:0
GET /themes/flow/js/clipboardjs/clipboard.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2296"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-8d4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-1.11.0.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-1.11.0.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery-1.11.0.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1787d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6a684"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/canvas-to-blob.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/canvas-to-blob.min.js
IP 91.209.70.182:0
GET /themes/flow/js/canvas-to-blob.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-408"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/global.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/global.js
IP 91.209.70.182:0
GET /themes/flow/js/global.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-d59"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/sw.js
91.209.70.182200 OK 0 B IP 91.209.70.182:0
GET /sw.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:52 GMT
vary: Accept-Encoding
etag: W/"60758f38-12fe6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4846
last-modified: Sat, 01 Oct 2022 21:01:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4T3KfPVUsguuYMNL2c3jDJ0tX57PV1o6HmLEWeFvMj0NmJXPCtDKXBp2WMeqh38GZ98Ex3JjnqCekuAXfzoe1XlhmhXKi8Ok%2Fs1zVjLXy3v8KXZkZD4qy6zBt18t%2BKG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 753898e1e8c37545-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/sticky/jquery.sticky.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1099"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
IP 91.209.70.182:0
GET /themes/flow/styles/font-icons/entypo/css/entypo.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:26 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45f5"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-dbd4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1275907090%3A1664662948107267&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrRq9-fEFEluj5g0z9rEiM8ig1A0KoASqBSn_Up0C_EKDjSosMFJcoa_7GIjg8ZDdIZ29nD
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1275907090%3A1664662948107267&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrRq9-fEFEluj5g0z9rEiM8ig1A0KoASqBSn_Up0C_EKDjSosMFJcoa_7GIjg8ZDdIZ29nD
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S1275907090%3A1664662948107267&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrRq9-fEFEluj5g0z9rEiM8ig1A0KoASqBSn_Up0C_EKDjSosMFJcoa_7GIjg8ZDdIZ29nD HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 01 Oct 2022 22:22:28 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-gBVuoYiTP4tEIBPSAK9Dcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=i2AlzoGexyoz-bG3YIz4QcqJg3OLGw-k8cfyscXwsAULXZsJ2fdPmTHjQPJ3yjUC8AgXg46IPfR21oRz6XeJl9uoz4L35tR7rUhM8P3ZTy9NAxjmSQZr3i6S5NLxLMtt-gzbyPalwpjNJBEXgNyGrkorHEZ7j-RJjhzeNnJhJHw; expires=Sun, 02-Apr-2023 22:22:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14cc1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Oct 2022 22:22:28 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4846
last-modified: Sat, 01 Oct 2022 21:01:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9I621hAz3km8xQe9J4%2FsrQo9dinBEMwxLzYvvZzJy95UHJXZyWp5E95HFbNVKA1hF6kPvi%2FO6ZhQxMoE6Ztc1uG%2FoipX65VSMAQkcj%2FH%2BxjxP8nBtzGPVVtRmt7w5SfL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 753898e1e8c17545-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/custom-isotope.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1Nab1/SMODYSEY-NSwTcH-[BASE]-NSP-Ziperto.part1.rar
Connection: keep-alive
Cookie: filehosting=9jn1ijlf2t5c8d0rks2m9jg0r5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 22:22:27 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2