megaup.net/1d04b/RimWorld.v1.4.3676.zip
91.209.70.182301 Moved Permanently 162 B URL HTTP/1.1 megaup.net/1d04b/RimWorld.v1.4.3676.zip
IP 91.209.70.182:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /1d04b/RimWorld.v1.4.3676.zip HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 28 Mar 2023 14:28:49 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2722
Expires: Tue, 28 Mar 2023 15:14:11 GMT
Date: Tue, 28 Mar 2023 14:28:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5558
Expires: Tue, 28 Mar 2023 16:01:27 GMT
Date: Tue, 28 Mar 2023 14:28:49 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 14:28:03 GMT
content-type: application/json
age: 46
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10896
Expires: Tue, 28 Mar 2023 17:30:25 GMT
Date: Tue, 28 Mar 2023 14:28:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iRTIWr2mJ2waDQ03QD2PHYWuL3pwHhnErtRF0XdnGfO9jrwdeP/e6+KadkuzUgYtqCOcCQ1Gt94=
x-amz-request-id: 8JNS4FQW53501ZJ0
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 13:56:14 GMT
age: 1955
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 2fdd88c5328a20e99bd682e34b8c0173
a6415caf042550cb51822e482d1f5b9178938ea3
f15a1244d7acc3b892df1a3ea767c24ce5f661e2e623fedc25ade8c7094c8af6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 14:28:50 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 27 Mar 2023 23:25:48 GMT
Expires: Mon, 03 Apr 2023 23:25:47 GMT
Etag: "a6415caf042550cb51822e482d1f5b9178938ea3"
Cache-Control: max-age=550016,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7af08fd49e1db4ff-OSL
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:49 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7e2d8156baac12231cc9cbfdefedacf1
62384d8842fb5b560ac39636bb519953e22dc664
ee4dbd79fc1569ab6ae0ea7b90b4b7d8dbb846296cf7fc68b24be78b7b95993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 14:28:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
megaup.net/themes/flow/images/main_logo_inverted.png
91.209.70.182200 OK 7.1 kB URL HTTP/2 megaup.net/themes/flow/images/main_logo_inverted.png
IP 91.209.70.182:0
File type PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d15526be10b904a6b48d1af04a10cc3
c09b6874359ac6d71db95593618a9acb55baa984
894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018
GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/loading_small.gif
91.209.70.182200 OK 184 kB URL HTTP/2 megaup.net/themes/flow/images/loading_small.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 64 x 64\012- data
Size 184 kB (184355 bytes)
Hash b0dd5b3af9c4c0644d7bddee83716209
30002468d0266b893b3559b8d0d260c6cbf0ad7c
2418224bb4d12c122ef3c54d2ee9edb5f6f28d539e91a166b0215553f8c7609d
GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-108868042-1
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash 930b430d76aee790ac3fa13efe7fc996
17f2f96106e06597d603f215751deb9d294afa6b
ab1e640a1817a67d0a8ba21e62fbdaf259e4a65d2126b450c83d28aa73e161f9
GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Mar 2023 14:28:50 GMT
expires: Tue, 28 Mar 2023 14:28:50 GMT
cache-control: private, max-age=900
last-modified: Tue, 28 Mar 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44885
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
91.209.70.182200 OK 40 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (464), with CRLF line terminators
Hash 145a0959d85783e8a988b8f1b3dcb8e6
20f91623e57d0c87789f74c83e70643bf150f21f
b9ff360744716582029c170926bc74cd1c4eb2fe6e586f8b9d9c8ab5097fb245
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-303b2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
91.209.70.182200 OK 1.6 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
IP 91.209.70.182:0
File type ASCII text, with very long lines (2241), with CRLF line terminators
Hash c6683ffc301e9934ffedb7142ba5cb0b
2684ff460b7511e071a2b88cbda731e564f679cf
1b71c73bbcdd839c18e895a66078b88a101c57283dc0f467024a69c3136e4e43
GET /themes/flow/frontend_assets/js/nav/jquery.scrollTo.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-981"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
91.209.70.182200 OK 2.4 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash ad503c3033cdcbfe81073854f0e8e967
3b2ce693bda8cfa388c69a961118620202fb609c
40ee1098236003d059bd40a822b439b3de22e5d36625d311afd535a6c1b30840
GET /themes/flow/frontend_assets/js/nav/jquery.nav.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1547"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
91.209.70.182200 OK 1.9 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
IP 91.209.70.182:0
Hash 7ac00fda464287a432566262c6ac718d
926fa52ed6d4a4a15015afcc1ba3d368de5f546d
560175f6e50fff1602d1d4d2bf6c73d0482ee82e2f04c8a6e072c93c0351c8b3
GET /themes/flow/frontend_assets/js/sticky/jquery.sticky.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1099"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
54.230.245.161200 OK 189 kB URL HTTP/2 dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
IP 54.230.245.161:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 189 kB (188679 bytes)
Hash 323358d9ae8b3000132fb320d72f7e95
7c50b8d307b30d2ed23900638b1141106654792f
5fdbcc610d426f3f8878b29db6dd72033a0e1c0936b5d7365aae3981e2c2eb90
GET /?kzmmd=761186 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 188679
date: Tue, 28 Mar 2023 14:28:50 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: icsPnvNG6Y1_ODs6vLsqpREkcVI6RGjI0zEWDDAdsQ8wGRUAA5GLAg==
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
91.209.70.182200 OK 35 kB URL HTTP/2 megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
IP 91.209.70.182:0
File type Unicode text, UTF-8 text, with very long lines (8746)
Hash 8937fa7af03c740e491f4117671dc51a
e8acb4fe959ef8e801bf458aabbe27aea0b0ad01
e35b1de954ca76e60652226b92f7ae4080721089d5fceb851b5f7a013e9ec629
GET /themes/flow/js/clipboardjs/clipboard.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2296"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff
91.209.70.182200 OK 31 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31344, version 1.1\012- data
Hash 21f79e4c0fbe54a555170aa70bb4c8b7
9d4aaf2016cd21f16bc45089a48de84dba951fa7
2b638674bc57ad355ef2ecbd68e78ecb36bc323aaaf4ddeb9cd4f61bc5f26c42
GET /themes/flow/frontend_assets/fonts/raleway_extrabold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: font/woff
content-length: 31344
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7a70"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31980, version 1.1\012- data
Hash 99ac81a158028ac2023fb3350d2497e7
f08c12c91ab29282a616c3ba8e533f49b5b433ca
92a8c8eca8cfcfc53855bc48ba50b866704a00323c4e3089b564c939a668925d
GET /themes/flow/frontend_assets/fonts/raleway_semibold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: font/woff
content-length: 31980
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7cec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
keydawnawe.com/gwZ1U5hjA8ii/32575
142.91.159.115200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 142.91.159.115:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 14:28:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Wed, 29-Mar-2023 14:28:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i8sKwjAURGuUYNVWBvwAf8D6QBdu1aXUhbgOtd6WYM0tTXzUr%2FcFruYwc8bzPDEIIXSJ3nIaLSfRfBZNF3M0c2KIeIdeylfjqlqZ5EKQMVf3pIasKNdsAnR%2FoFI%2BETrxbnQwZ8N38x8%2BtwCtVLs6gP%2BJrxu20dS2RLgq9GO45%2BLq3raFb8gpWxKd4K%2BTY0HjzX6L8N9%2Bz7KBtraqrPhRv7nv9IWebEhxlllyUqBxk%2BIFsdRBIw%3D%3D; expires=Wed, 29-Mar-2023 14:28:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
altowriestwispy.com/tysaSHG1FMaM/18410
23.109.248.184200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 23.109.248.184:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; GL_GI10=eJw9i8sKwjAURGuUYNVWBvwAf8D6QBdu1aXUhbgOtd6WYM0tTXzUr%2FcFruYwc8bzPDEIIXSJ3nIaLSfRfBZNF3M0c2KIeIdeylfjqlqZ5EKQMVf3pIasKNdsAnR%2FoFI%2BETrxbnQwZ8N38x8%2BtwCtVLs6gP%2BJrxu20dS2RLgq9GO45%2BLq3raFb8gpWxKd4K%2BTY0HjzX6L8N9%2Bz7KBtraqrPhRv7nv9IWebEhxlllyUqBxk%2BIFsdRBIw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 14:28:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 76a0aba3ddb470751c690f5a725159f2
8cb789e8e0dfa336270700ef1e607173f2aee6cd
e76de476654125a06994065d66e30c6fb6c354d0f67fd4e31a3f78679e2bfdcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E76DE476654125A06994065D66E30C6FB6C354D0F67FD4E31A3F78679E2BFDCB"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11265
Expires: Tue, 28 Mar 2023 17:36:35 GMT
Date: Tue, 28 Mar 2023 14:28:50 GMT
Connection: keep-alive
foreyeshehadtw.com/V3c2YlB4SFURbQQZe1EBZiUTUBYGAHxUMh9GciMYBRlQNyMTFHEVdiMeUl9oZUIPU2FxB18GbWRFEBEkNgNDEW1lRwZVdj4ZUA1tZVFAX2B5ThhTfmJRQ19hcQNGAzdqRhASJCMbC1Nmb0cGU2NgQgdRaWE
188.114.96.1204 No Content 0 B URL HTTP/2 foreyeshehadtw.com/V3c2YlB4SFURbQQZe1EBZiUTUBYGAHxUMh9GciMYBRlQNyMTFHEVdiMeUl9oZUIPU2FxB18GbWRFEBEkNgNDEW1lRwZVdj4ZUA1tZVFAX2B5ThhTfmJRQ19hcQNGAzdqRhASJCMbC1Nmb0cGU2NgQgdRaWE
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /V3c2YlB4SFURbQQZe1EBZiUTUBYGAHxUMh9GciMYBRlQNyMTFHEVdiMeUl9oZUIPU2FxB18GbWRFEBEkNgNDEW1lRwZVdj4ZUA1tZVFAX2B5ThhTfmJRQ19hcQNGAzdqRhASJCMbC1Nmb0cGU2NgQgdRaWE HTTP/1.1
Host: foreyeshehadtw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NYXGhWbfJ5YOFd1dKvJgPj5t69d0JH8BYDIfOkGNr6RViK%2BofiLqYHP%2F6JdB6hFvMzyjWMPlMv4%2FK%2F45mfSvmPo6QMs0foIZ3v4dAPkV%2FMQ2ptFblWLwAUWSBIvFyMOuLPPxmXE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af08fd8b9090b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
foreyeshehadtw.com/V0lnZ254dgQUUw0NAxI8LQsEJV9uMSYLKxARPy4qAT4hAw0GIkETBzN0UFFfZnFRQR4+LVpWSCQ9BhMbJHRWQQc5LwhaSCF0VkldY2dUVUBlbxJaX3E9FwYJanhBFxojJVpWWG95V1ZdYHxWVFlv
188.114.96.1204 No Content 0 B URL HTTP/2 foreyeshehadtw.com/V0lnZ254dgQUUw0NAxI8LQsEJV9uMSYLKxARPy4qAT4hAw0GIkETBzN0UFFfZnFRQR4+LVpWSCQ9BhMbJHRWQQc5LwhaSCF0VkldY2dUVUBlbxJaX3E9FwYJanhBFxojJVpWWG95V1ZdYHxWVFlv
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /V0lnZ254dgQUUw0NAxI8LQsEJV9uMSYLKxARPy4qAT4hAw0GIkETBzN0UFFfZnFRQR4+LVpWSCQ9BhMbJHRWQQc5LwhaSCF0VkldY2dUVUBlbxJaX3E9FwYJanhBFxojJVpWWG95V1ZdYHxWVFlv HTTP/1.1
Host: foreyeshehadtw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BMWhUYE6wgIvKFttmLnFS2ycIYBXZvQjRVF%2FmUwkSWWMTiGZ4%2FBk5wVmDjQkzX20rZTFOfTHtqQQYsWGdl6p5UTycX64u9fX%2Fu1Svg%2BtkFCnJcr1WyT%2BiVNR3gztNEsqhiN3554%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af08fd8a8fe0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
keydawnawe.com/gwZ1U5hjA8ii/32575
142.91.159.115200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 142.91.159.115:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; GL_GI10=eJw9i8sKwjAURGuUYNVWBvwAf8D6QBdu1aXUhbgOtd6WYM0tTXzUr%2FcFruYwc8bzPDEIIXSJ3nIaLSfRfBZNF3M0c2KIeIdeylfjqlqZ5EKQMVf3pIasKNdsAnR%2FoFI%2BETrxbnQwZ8N38x8%2BtwCtVLs6gP%2BJrxu20dS2RLgq9GO45%2BLq3raFb8gpWxKd4K%2BTY0HjzX6L8N9%2Bz7KBtraqrPhRv7nv9IWebEhxlllyUqBxk%2BIFsdRBIw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 14:28:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
foreyeshehadtw.com/cWRmRFBeWwU3bSUPCigCHFFRIQYzQVQCBh8IUxE+NwADHBYjADAddgUNAnloQ1FfdWFXFA8gbUJWQDckEBATN21AQg8qNh5ZQDJtQUpfamFfUUAxbUBCEjQxFllXYiAFEAp5YUdcVnRhQlNTdWNIUA
188.114.96.1204 No Content 0 B URL HTTP/2 foreyeshehadtw.com/cWRmRFBeWwU3bSUPCigCHFFRIQYzQVQCBh8IUxE+NwADHBYjADAddgUNAnloQ1FfdWFXFA8gbUJWQDckEBATN21AQg8qNh5ZQDJtQUpfamFfUUAxbUBCEjQxFllXYiAFEAp5YUdcVnRhQlNTdWNIUA
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cWRmRFBeWwU3bSUPCigCHFFRIQYzQVQCBh8IUxE+NwADHBYjADAddgUNAnloQ1FfdWFXFA8gbUJWQDckEBATN21AQg8qNh5ZQDJtQUpfamFfUUAxbUBCEjQxFllXYiAFEAp5YUdcVnRhQlNTdWNIUA HTTP/1.1
Host: foreyeshehadtw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bFfcy1s6gpMP9PLgeai2RoxM80%2BND0Tk9YDXKIk1urKy8h9zXnJf5Gh2NbgBm%2B0W9FHMc2St%2FVi84J2sUF8sN7hiUPI1wOEIGcm8msoNZCD3QEtxcjqKdHsbKEuOjCGEvBi%2FJc0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af08fd8b9050b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
foreyeshehadtw.com/U1lxZk98ZhIVcgkzKyIBFz0iInw8HTAwLAM6IC8ABS4nHA4CGFcSJjdkSVF5YGhJQD86PUxUdnUqBQc7JipMV2k6NxcJcnUvTFdhY3dHVmFgfwRbfnUtAQcobmhXFjsnNUxXeWtpQVd8ZGxAUn9m
188.114.96.1204 No Content 0 B URL HTTP/2 foreyeshehadtw.com/U1lxZk98ZhIVcgkzKyIBFz0iInw8HTAwLAM6IC8ABS4nHA4CGFcSJjdkSVF5YGhJQD86PUxUdnUqBQc7JipMV2k6NxcJcnUvTFdhY3dHVmFgfwRbfnUtAQcobmhXFjsnNUxXeWtpQVd8ZGxAUn9m
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /U1lxZk98ZhIVcgkzKyIBFz0iInw8HTAwLAM6IC8ABS4nHA4CGFcSJjdkSVF5YGhJQD86PUxUdnUqBQc7JipMV2k6NxcJcnUvTFdhY3dHVmFgfwRbfnUtAQcobmhXFjsnNUxXeWtpQVd8ZGxAUn9m HTTP/1.1
Host: foreyeshehadtw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2phmCLTvuBBbsG3xjoXBm2L%2BiIlCTcQ4XrL%2FG%2BB3uszTCG7YK2OP5BGbaGoGnkMLqX8%2FtWT7S5VLZmOO7Bc%2BC3SX5XBGL3GSB%2F2JLnVzjnEM6EZ7g3cxOKk4XDgy5muWyUW1whY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af08fd8b90d0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
itehappymutte.com/djI1NXYXUFZYSRcPVxMDBF4IEEQwFwdzEhtfT14QEgoHQhcPXBtWGhlHUVMEGVxBGxgTRhAHME9rXl04LwBWdzwPf3NiNC9afmNDJ2R9WU4hA3NwPxwGeHYkPAN8dEYBc21wFT9YDGY7NWtDeDQVFwdzFw5RUXcYIAtnZAUyeFxFEydjVlg6GgdiZzUdQnRjBiFQX14iNXNZBDgkZ3dwNTdYcl0VNHkHRiE0Xg1ZPx5ZenEfJ0FnWSMdVGJ7IidedwEsJGN6cTUBW3N3JD5XWwU4MwJRAxAgeG1hPh5dYHYgPldbBSMyVU0QRDRXYG8jP3UEEEQwZ00MIxB1GF0nPGdRAxAkd2dnRQV/YFkSLmhbBD0nXncBPRFrcHYlEl1gZjAnV31NIiADewEQM2hjYB9CWXBkPzN4T2MxIGFnABAgaH9gG0IGbVkvUFhGWhgGD1hbIRULZHQuRkpeeSEDRQ
13.33.141.109200 OK 1.2 kB URL HTTP/2 itehappymutte.com/djI1NXYXUFZYSRcPVxMDBF4IEEQwFwdzEhtfT14QEgoHQhcPXBtWGhlHUVMEGVxBGxgTRhAHME9rXl04LwBWdzwPf3NiNC9afmNDJ2R9WU4hA3NwPxwGeHYkPAN8dEYBc21wFT9YDGY7NWtDeDQVFwdzFw5RUXcYIAtnZAUyeFxFEydjVlg6GgdiZzUdQnRjBiFQX14iNXNZBDgkZ3dwNTdYcl0VNHkHRiE0Xg1ZPx5ZenEfJ0FnWSMdVGJ7IidedwEsJGN6cTUBW3N3JD5XWwU4MwJRAxAgeG1hPh5dYHYgPldbBSMyVU0QRDRXYG8jP3UEEEQwZ00MIxB1GF0nPGdRAxAkd2dnRQV/YFkSLmhbBD0nXncBPRFrcHYlEl1gZjAnV31NIiADewEQM2hjYB9CWXBkPzN4T2MxIGFnABAgaH9gG0IGbVkvUFhGWhgGD1hbIRULZHQuRkpeeSEDRQ
IP 13.33.141.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Hash d901a15e1970ac32d5f2bde58c65d03d
67752b6a8a1ebfac5599612460f61750c5f0ec2b
b760238dd418445eb295ea106cc4d62a85f603f4d9b61f77cda2b7f3ce16928f
GET /djI1NXYXUFZYSRcPVxMDBF4IEEQwFwdzEhtfT14QEgoHQhcPXBtWGhlHUVMEGVxBGxgTRhAHME9rXl04LwBWdzwPf3NiNC9afmNDJ2R9WU4hA3NwPxwGeHYkPAN8dEYBc21wFT9YDGY7NWtDeDQVFwdzFw5RUXcYIAtnZAUyeFxFEydjVlg6GgdiZzUdQnRjBiFQX14iNXNZBDgkZ3dwNTdYcl0VNHkHRiE0Xg1ZPx5ZenEfJ0FnWSMdVGJ7IidedwEsJGN6cTUBW3N3JD5XWwU4MwJRAxAgeG1hPh5dYHYgPldbBSMyVU0QRDRXYG8jP3UEEEQwZ00MIxB1GF0nPGdRAxAkd2dnRQV/YFkSLmhbBD0nXncBPRFrcHYlEl1gZjAnV31NIiADewEQM2hjYB9CWXBkPzN4T2MxIGFnABAgaH9gG0IGbVkvUFhGWhgGD1hbIRULZHQuRkpeeSEDRQ HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Tue, 28 Mar 2023 14:28:50 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: uL6MhD6lzYtS2sES2F4mW0frK6i-ZJJcFcsQZayA9MPwpEpyxGOawg==
X-Firefox-Spdy: h2
foreyeshehadtw.com/SThYRTBmBzs2DSgKbXZUJ0g7HXUTfwsDAR5paAd/HglhA2EMcX4xWS0FYXEJcQ5sY0AgXGV0CG9LLCREPEtldBYgVj4qDW9OZXQeeRZqawNvTWV0Fj1IOSINeB4oMUQlBWlzCHkIaXYHfAlsdAM
188.114.96.1204 No Content 0 B URL HTTP/2 foreyeshehadtw.com/SThYRTBmBzs2DSgKbXZUJ0g7HXUTfwsDAR5paAd/HglhA2EMcX4xWS0FYXEJcQ5sY0AgXGV0CG9LLCREPEtldBYgVj4qDW9OZXQeeRZqawNvTWV0Fj1IOSINeB4oMUQlBWlzCHkIaXYHfAlsdAM
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SThYRTBmBzs2DSgKbXZUJ0g7HXUTfwsDAR5paAd/HglhA2EMcX4xWS0FYXEJcQ5sY0AgXGV0CG9LLCREPEtldBYgVj4qDW9OZXQeeRZqawNvTWV0Fj1IOSINeB4oMUQlBWlzCHkIaXYHfAlsdAM HTTP/1.1
Host: foreyeshehadtw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M8WS%2FagcIYxmcJRfwwHmk4Imn%2FNjKdI9eFWpP3x1n0%2Fqz6sJq6AB8BJ%2FsrptVpJmP9Iu4d%2BNR%2FA5SUePItZRNn%2BzUKg5BBm4jvMGATJ2%2FzKWmGiPxS4j5U4VOJNL%2BvOCRWMur%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af08fd909640b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
foreyeshehadtw.com/TmtBdVVhVCIGaCsGeBQGGCELLWc2UyAeIRkJLxk8Gj01ADN8JmcBPCpWdkNhf19wUyUnD3xEcz0fIAEgPVZwUzwgDS5IczhWcFtmekVyR3t8TTRIZGgfMRQyc1pnBSE6B3xEY3ZbcURmeV5wQWd8
188.114.96.1204 No Content 0 B URL HTTP/2 foreyeshehadtw.com/TmtBdVVhVCIGaCsGeBQGGCELLWc2UyAeIRkJLxk8Gj01ADN8JmcBPCpWdkNhf19wUyUnD3xEcz0fIAEgPVZwUzwgDS5IczhWcFtmekVyR3t8TTRIZGgfMRQyc1pnBSE6B3xEY3ZbcURmeV5wQWd8
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TmtBdVVhVCIGaCsGeBQGGCELLWc2UyAeIRkJLxk8Gj01ADN8JmcBPCpWdkNhf19wUyUnD3xEcz0fIAEgPVZwUzwgDS5IczhWcFtmekVyR3t8TTRIZGgfMRQyc1pnBSE6B3xEY3ZbcURmeV5wQWd8 HTTP/1.1
Host: foreyeshehadtw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifZa2E2UKb5jyrkPHe45pfbK081ZCv%2Bv0MlmnLXDjOLntEzS9URj%2Fn9Xmcw35GODbDLU2Zb10cMsSg6mTxlok%2FdzpaJcGve4Ce%2FNebpM1m0bZqKvpb8sd6%2FIuBCuzNRqEN1QxYk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af08fd9096c0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
itehappymutte.com/SThQOVkoWjNUZigFMh8sO1RtHGsPHWJ/PSRVKlI/LQBiTjgwVn5aNSZNNF8rJlYkFzcsTHULHwddBWBsHnwRWBIfW3ULGw1PYE8BHm0ZbTcIczFoMS90FVZqEV88Dj0zTDZyM3B5Fm8XBGEVCTAffQILETNqAn8gDH02VQwRcgFrKQ9QN1AOe20VYSMDch4ILQxoOwF8e3oBURwmaRNRDQ5VEnQWGAgFcgwEQAh7DCdwF0lrHX83cz8YchpbMn1ACFFpOWw5Sg8aCwphFQtuHF0+IVcYUjUjezhWDxoLCnYUHw0AWjExSjNVIXl7A3geHW8dch4hbhxdMmRLJX8MJnATfj4PbmNgCC9pGnMQH09nbiETUhNBbQprCFoTKHkWcz0xQCF4G3FOA0NoHn46DTooVgpwPS5AYngfcUISfjJvUiNWNzkFHlo2GkEpdDp8
13.33.141.109200 OK 1.2 kB URL HTTP/2 itehappymutte.com/SThQOVkoWjNUZigFMh8sO1RtHGsPHWJ/PSRVKlI/LQBiTjgwVn5aNSZNNF8rJlYkFzcsTHULHwddBWBsHnwRWBIfW3ULGw1PYE8BHm0ZbTcIczFoMS90FVZqEV88Dj0zTDZyM3B5Fm8XBGEVCTAffQILETNqAn8gDH02VQwRcgFrKQ9QN1AOe20VYSMDch4ILQxoOwF8e3oBURwmaRNRDQ5VEnQWGAgFcgwEQAh7DCdwF0lrHX83cz8YchpbMn1ACFFpOWw5Sg8aCwphFQtuHF0+IVcYUjUjezhWDxoLCnYUHw0AWjExSjNVIXl7A3geHW8dch4hbhxdMmRLJX8MJnATfj4PbmNgCC9pGnMQH09nbiETUhNBbQprCFoTKHkWcz0xQCF4G3FOA0NoHn46DTooVgpwPS5AYngfcUISfjJvUiNWNzkFHlo2GkEpdDp8
IP 13.33.141.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3034), with no line terminators
Hash 44fbf5a30853941236be1a5a2e338f1f
90e7f830cfb91596636f64bd141755f6c7c9d302
29ae1a742dce9e6d0ecd97e339df671d6f932ceb2d77376b7652819757b8efe5
GET /SThQOVkoWjNUZigFMh8sO1RtHGsPHWJ/PSRVKlI/LQBiTjgwVn5aNSZNNF8rJlYkFzcsTHULHwddBWBsHnwRWBIfW3ULGw1PYE8BHm0ZbTcIczFoMS90FVZqEV88Dj0zTDZyM3B5Fm8XBGEVCTAffQILETNqAn8gDH02VQwRcgFrKQ9QN1AOe20VYSMDch4ILQxoOwF8e3oBURwmaRNRDQ5VEnQWGAgFcgwEQAh7DCdwF0lrHX83cz8YchpbMn1ACFFpOWw5Sg8aCwphFQtuHF0+IVcYUjUjezhWDxoLCnYUHw0AWjExSjNVIXl7A3geHW8dch4hbhxdMmRLJX8MJnATfj4PbmNgCC9pGnMQH09nbiETUhNBbQprCFoTKHkWcz0xQCF4G3FOA0NoHn46DTooVgpwPS5AYngfcUISfjJvUiNWNzkFHlo2GkEpdDp8 HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1186
date: Tue, 28 Mar 2023 14:28:50 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: dd1lbPwFB8AnksOrnmG69VTL3eZS7F5Tfo-mo2VUNz9G4d7YylEmsA==
X-Firefox-Spdy: h2
itehappymutte.com/Nkg4S3pXKlsmRVd1Wm0PRCQFbkhwbQoNHlslQiAcUnAKPBtPJhYoFlk9XC0IWSZMZRRTPB15PFksfgkxYyJxEypPGQgPK3d9dCZCehl/JwNsCWIYNVwjARM7ZDx1DyAOB0IRQ3MZYRI0ZytiDTt3OXQmQnUdUjwIZg5uAR5fcAAeL1ogWg80YQ5Vel8EClwOGWAqayhDZQoIczBcBWAZEmxtCg0cdwJqEhRGfmoZShN6egcQBw56eCwCEVQ8O1IQUCI7BhodeThTJlsJNFgeDBIRYyxoJQJbDggoKVR6eQg+cRIdeThSP315Hm4gURo7fHldGTdyGn8dEW8gTBkjWGVXeixOKw8BIlUJdSYwABFPAT9vEEghPAYSXwc+Qgl9HyNaA1AvPXAmTCI4BzhfKTlVGGoaXFw7VyUKCzJcBTVQf3t/FlMFcw
13.33.141.109200 OK 1.2 kB URL HTTP/2 itehappymutte.com/Nkg4S3pXKlsmRVd1Wm0PRCQFbkhwbQoNHlslQiAcUnAKPBtPJhYoFlk9XC0IWSZMZRRTPB15PFksfgkxYyJxEypPGQgPK3d9dCZCehl/JwNsCWIYNVwjARM7ZDx1DyAOB0IRQ3MZYRI0ZytiDTt3OXQmQnUdUjwIZg5uAR5fcAAeL1ogWg80YQ5Vel8EClwOGWAqayhDZQoIczBcBWAZEmxtCg0cdwJqEhRGfmoZShN6egcQBw56eCwCEVQ8O1IQUCI7BhodeThTJlsJNFgeDBIRYyxoJQJbDggoKVR6eQg+cRIdeThSP315Hm4gURo7fHldGTdyGn8dEW8gTBkjWGVXeixOKw8BIlUJdSYwABFPAT9vEEghPAYSXwc+Qgl9HyNaA1AvPXAmTCI4BzhfKTlVGGoaXFw7VyUKCzJcBTVQf3t/FlMFcw
IP 13.33.141.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash 8f89be2afedc35e086c0b420079de594
34e20d2ce98629fffdb1f9148bde330f76371257
c3da84870790ce4e9a24fea34cd5ad127b8d50d24f0571fa4e4190e3a885fecc
GET /Nkg4S3pXKlsmRVd1Wm0PRCQFbkhwbQoNHlslQiAcUnAKPBtPJhYoFlk9XC0IWSZMZRRTPB15PFksfgkxYyJxEypPGQgPK3d9dCZCehl/JwNsCWIYNVwjARM7ZDx1DyAOB0IRQ3MZYRI0ZytiDTt3OXQmQnUdUjwIZg5uAR5fcAAeL1ogWg80YQ5Vel8EClwOGWAqayhDZQoIczBcBWAZEmxtCg0cdwJqEhRGfmoZShN6egcQBw56eCwCEVQ8O1IQUCI7BhodeThTJlsJNFgeDBIRYyxoJQJbDggoKVR6eQg+cRIdeThSP315Hm4gURo7fHldGTdyGn8dEW8gTBkjWGVXeixOKw8BIlUJdSYwABFPAT9vEEghPAYSXwc+Qgl9HyNaA1AvPXAmTCI4BzhfKTlVGGoaXFw7VyUKCzJcBTVQf3t/FlMFcw HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1174
date: Tue, 28 Mar 2023 14:28:50 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: htg8_KyQfBDIMoDFHqE7A6sCcyBLnaFw7ZZQoJdXWSJgGS7eE3fTwQ==
X-Firefox-Spdy: h2
itehappymutte.com/c1d2RVUSNRUoahJqFGMgATtLYGc1ckQDMR46DC4zF29EMjQKOVgmORwiEiMnHDkCazsWI1N3EzsFISkZIRBCKBcaAh8QATYWOnY5KTRHdGMQEU8vFAkwBAQRJQI/ERgwHyIAOzo+OxQfQGcgAywHByY/YTgyMCkhOBZONxEdDR8GLAAcEisDOh03dSUWAQYvHSckBAcNFAUmFhwQGycmLD0WRigBCWMaECwUEDsWZTAcJy0gFz4eMgdAIx4dHSUVJgZlMh4nHG09ZwJ2AiACARZmFw0TKwcyMyM9YTE8AnYCJyACBB09MxQrNgAOMDFiIxEePQE7ehECBkAzLAoBORsSLD1FMzAxJyQAPC0NOwI5CTwQET0uLUYWGj1kJB8CdQ1AAS8nOykyPzIURh4nIiQ2AEN3HjsFLCM4AzIvPS1BMydjPwA4GDVoGSAaHQ0fMTsQG0UGDys
13.33.141.109200 OK 1.2 kB URL HTTP/2 itehappymutte.com/c1d2RVUSNRUoahJqFGMgATtLYGc1ckQDMR46DC4zF29EMjQKOVgmORwiEiMnHDkCazsWI1N3EzsFISkZIRBCKBcaAh8QATYWOnY5KTRHdGMQEU8vFAkwBAQRJQI/ERgwHyIAOzo+OxQfQGcgAywHByY/YTgyMCkhOBZONxEdDR8GLAAcEisDOh03dSUWAQYvHSckBAcNFAUmFhwQGycmLD0WRigBCWMaECwUEDsWZTAcJy0gFz4eMgdAIx4dHSUVJgZlMh4nHG09ZwJ2AiACARZmFw0TKwcyMyM9YTE8AnYCJyACBB09MxQrNgAOMDFiIxEePQE7ehECBkAzLAoBORsSLD1FMzAxJyQAPC0NOwI5CTwQET0uLUYWGj1kJB8CdQ1AAS8nOykyPzIURh4nIiQ2AEN3HjsFLCM4AzIvPS1BMydjPwA4GDVoGSAaHQ0fMTsQG0UGDys
IP 13.33.141.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3046), with no line terminators
Hash 08391b6806ae9fc736581a938de413e0
a64df16383c86ab74c00ad1daedac68cfdbcde88
58895ff9006d6bac48e28eb762c31dd5415952416aae7e738184678a9a9338a0
GET /c1d2RVUSNRUoahJqFGMgATtLYGc1ckQDMR46DC4zF29EMjQKOVgmORwiEiMnHDkCazsWI1N3EzsFISkZIRBCKBcaAh8QATYWOnY5KTRHdGMQEU8vFAkwBAQRJQI/ERgwHyIAOzo+OxQfQGcgAywHByY/YTgyMCkhOBZONxEdDR8GLAAcEisDOh03dSUWAQYvHSckBAcNFAUmFhwQGycmLD0WRigBCWMaECwUEDsWZTAcJy0gFz4eMgdAIx4dHSUVJgZlMh4nHG09ZwJ2AiACARZmFw0TKwcyMyM9YTE8AnYCJyACBB09MxQrNgAOMDFiIxEePQE7ehECBkAzLAoBORsSLD1FMzAxJyQAPC0NOwI5CTwQET0uLUYWGj1kJB8CdQ1AAS8nOykyPzIURh4nIiQ2AEN3HjsFLCM4AzIvPS1BMydjPwA4GDVoGSAaHQ0fMTsQG0UGDys HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1194
date: Tue, 28 Mar 2023 14:28:50 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: O4zaMl3jQwf57pewPvNsRv3nzv__KB9ocyv3p3X8yR20TZSKe_GYBQ==
X-Firefox-Spdy: h2
itehappymutte.com/elJrd0cbMAgaeBtvCVEyCD5WUnU8d1kxIxc/ERwhHmpZACYDPEUUKxUnDxE1FTwfWSkfJk5FATMLPkIsHhcyNA4rPTgSFS88KjIrX2ApInQONjkvIzIYKRQlMRAtDQ8+NSYwFiAEOjYoDRMCGGJIECklHkIDDDZ/OAolIhITPSo+BjQYMjYWHRBbG3QoK1M2ARQmPRYFOxcgJjcAFzkYLjgRDDkAEx8tFgU/BA4AMBIaA0c2PgFSNRUdED4uASgADzEBFxcTRyg4AS4jBUgcPxEgFRMyRglfYCkhEig9PiAzIhwGORMcOiYTDDw2XSYSGRc5Pz8vFiM1ERtjRhR1I2MlUnU4FAw9LS81UiEVMhw7ESxLAA8xAgoTORQzPj8fIAoUADkRdigXD0YBX2AtJhIgYCkOJC0XODYINDktMAY8EE5FBS8EG0UVACYxJRZcOBgYKQpvEzsNAhpaQwsrHiU9BA0g
13.33.141.109200 OK 1.2 kB URL HTTP/2 itehappymutte.com/elJrd0cbMAgaeBtvCVEyCD5WUnU8d1kxIxc/ERwhHmpZACYDPEUUKxUnDxE1FTwfWSkfJk5FATMLPkIsHhcyNA4rPTgSFS88KjIrX2ApInQONjkvIzIYKRQlMRAtDQ8+NSYwFiAEOjYoDRMCGGJIECklHkIDDDZ/OAolIhITPSo+BjQYMjYWHRBbG3QoK1M2ARQmPRYFOxcgJjcAFzkYLjgRDDkAEx8tFgU/BA4AMBIaA0c2PgFSNRUdED4uASgADzEBFxcTRyg4AS4jBUgcPxEgFRMyRglfYCkhEig9PiAzIhwGORMcOiYTDDw2XSYSGRc5Pz8vFiM1ERtjRhR1I2MlUnU4FAw9LS81UiEVMhw7ESxLAA8xAgoTORQzPj8fIAoUADkRdigXD0YBX2AtJhIgYCkOJC0XODYINDktMAY8EE5FBS8EG0UVACYxJRZcOBgYKQpvEzsNAhpaQwsrHiU9BA0g
IP 13.33.141.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 8759aca7065be63a090aba3cfb971053
e372bd84d5d3b7d0833be2a8d4b08ae1eb6a1b05
016f8e37b3d9f92b6b245a7e8a73daf2825910f1796150df873888bd8a6016ed
GET /elJrd0cbMAgaeBtvCVEyCD5WUnU8d1kxIxc/ERwhHmpZACYDPEUUKxUnDxE1FTwfWSkfJk5FATMLPkIsHhcyNA4rPTgSFS88KjIrX2ApInQONjkvIzIYKRQlMRAtDQ8+NSYwFiAEOjYoDRMCGGJIECklHkIDDDZ/OAolIhITPSo+BjQYMjYWHRBbG3QoK1M2ARQmPRYFOxcgJjcAFzkYLjgRDDkAEx8tFgU/BA4AMBIaA0c2PgFSNRUdED4uASgADzEBFxcTRyg4AS4jBUgcPxEgFRMyRglfYCkhEig9PiAzIhwGORMcOiYTDDw2XSYSGRc5Pz8vFiM1ERtjRhR1I2MlUnU4FAw9LS81UiEVMhw7ESxLAA8xAgoTORQzPj8fIAoUADkRdigXD0YBX2AtJhIgYCkOJC0XODYINDktMAY8EE5FBS8EG0UVACYxJRZcOBgYKQpvEzsNAhpaQwsrHiU9BA0g HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Tue, 28 Mar 2023 14:28:50 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: z2NeqyAKZXFJPgrZIWLMCxMDhbsJ_A3wHRgqB-umD1ynKKi-EPDOzQ==
X-Firefox-Spdy: h2
megaup.net/imageads/016.gif
91.209.70.182200 OK 182 kB URL HTTP/2 megaup.net/imageads/016.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 182 kB (182335 bytes)
Hash 1e5d4c866ac2251f3c1b3a1f41635342
28ffd76be745c43788989dd90e67c6c288cb7b91
34da64ce06a53d70447caffc449bfc4e4c0182df2e26ae86c58075c53f523f00
GET /imageads/016.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: image/gif
content-length: 182335
last-modified: Mon, 08 Mar 2021 17:23:54 GMT
vary: Accept-Encoding
etag: "60465daa-2c83f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
platform.bidgear.com/media/img/b15.png
104.26.2.107200 OK 649 B URL HTTP/2 platform.bidgear.com/media/img/b15.png
IP 104.26.2.107:0
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash d832fb80c97ff291b952757bb98240d2
63732e61a0784ed68fde494f83e4686a5c4bf7fa
7b35c11af8accdb40a14303dd3ae2762a97d2527933c56b6c9be6da2d0d11943
GET /media/img/b15.png HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: image/png
content-length: 649
last-modified: Mon, 25 Jul 2022 09:43:43 GMT
etag: "62de65cf-289"
expires: Fri, 21 Apr 2023 07:19:14 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 535394
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91w7D7TewvT5Z9Rf4WXPRiXhYwk6Qm9xEPZfJFxeakRDo5Fkoy1Gc79k%2FvUsNYIbAmaxFw7mJbh4EsprfsZ0PS8On08bRNLdozfmj2DtvkAWgyuCKuGN48XtGR5KQpCav1bzXHar"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08fdac973b4ee-OSL
X-Firefox-Spdy: h2
cdn.purpleads.io/agent.js?publisherId=70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655
143.204.55.44200 OK 21 kB URL HTTP/2 cdn.purpleads.io/agent.js?publisherId=70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655
IP 143.204.55.44:0
File type Unicode text, UTF-8 text, with very long lines (65522), with no line terminators
Hash 7ff55b7265a6d704f52d31c2e9cb60be
ec4fb606ac1878527eaabd4719209d9784c4e590
78c81aa85b9e0ae10a4685a992396324c383b5691733f5cf15f20dab4de216c9
GET /agent.js?publisherId=70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655 HTTP/1.1
Host: cdn.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 21065
last-modified: Mon, 27 Mar 2023 13:10:03 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Tue, 28 Mar 2023 13:12:30 GMT
etag: "7ff55b7265a6d704f52d31c2e9cb60be"
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 00ygbQQ8ThjmzuLlSvCd9U_iFU_QNCLk1aHrYk5Bq-rSTkh87AN-wg==
age: 4582
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/9YkhNY2cBJyMFWBYhKV5QVHl8W1FEIj4MCRJ1IA0wAXEcIj9SMCYvMBc/axcdBnV9RQsDJipeQQcmLl5WRCkpAVpWbjkTCAl1NRUBECAjGhcBK2sWBl8lIhkODiQsRlUkfWNTQlB4ZRQODCwiFBRHen0NE0d6fVJXTHhoUCVHen0UDgx+eUZUIG1/Ux9UfG-hQJUd6fRERR3sMUldXZn1KQlB4KgYECSdoUSFQeHxTV1N4fEZVUi4kEQIEJzVGVSR5fVZJUm44XlY
54.230.245.161200 OK 608 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/9YkhNY2cBJyMFWBYhKV5QVHl8W1FEIj4MCRJ1IA0wAXEcIj9SMCYvMBc/axcdBnV9RQsDJipeQQcmLl5WRCkpAVpWbjkTCAl1NRUBECAjGhcBK2sWBl8lIhkODiQsRlUkfWNTQlB4ZRQODCwiFBRHen0NE0d6fVJXTHhoUCVHen0UDgx+eUZUIG1/Ux9UfG-hQJUd6fRERR3sMUldXZn1KQlB4KgYECSdoUSFQeHxTV1N4fEZVUi4kEQIEJzVGVSR5fVZJUm44XlY
IP 54.230.245.161:0
File type ASCII text, with very long lines (839), with no line terminators
Hash 26a8a862e43abb500732853cf8a89fbf
f31a06ef3984c7510e3811383d758b5ed20f6987
4f4d72d12e98acc7544786a02d01d6d241fa1368729f09d31ca6afd3518dfd0a
GET /9YkhNY2cBJyMFWBYhKV5QVHl8W1FEIj4MCRJ1IA0wAXEcIj9SMCYvMBc/axcdBnV9RQsDJipeQQcmLl5WRCkpAVpWbjkTCAl1NRUBECAjGhcBK2sWBl8lIhkODiQsRlUkfWNTQlB4ZRQODCwiFBRHen0NE0d6fVJXTHhoUCVHen0UDgx+eUZUIG1/Ux9UfG-hQJUd6fRERR3sMUldXZn1KQlB4KgYECSdoUSFQeHxTV1N4fEZVUi4kEQIEJzVGVSR5fVZJUm44XlY HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itehappymutte.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 608
date: Tue, 28 Mar 2023 14:28:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0-Q2mEdsrWtPF5dV9Hy5gXPNS_owc5wMla52tBJmFxEtDusxzAxVJQ==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/NeUY5WDAaKVc+Dw0vXWUITnAKaQhfLEo3Xgl7dztfKj9AFVNMYE0iVER2HzRRFyEEflUXJQRpFhgiW2UEXzJJN1tEPk8+QhEoQChTGmBMOQ0UKUMxXBUnHGp2TGgJfQJJbk4xXh0pTisVS3ZXLBVLdghoHkljChoVS3ZOMV5Pchxrclx0CSAGTWMKGhVLdk-suFUoHCGgFV3YQfQJJIVw7WxZjCx4CSXcJaAFJdxxqAB8vSz1WFj4canZIdgx2AF8zBGk
54.230.245.161200 OK 449 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/NeUY5WDAaKVc+Dw0vXWUITnAKaQhfLEo3Xgl7dztfKj9AFVNMYE0iVER2HzRRFyEEflUXJQRpFhgiW2UEXzJJN1tEPk8+QhEoQChTGmBMOQ0UKUMxXBUnHGp2TGgJfQJJbk4xXh0pTisVS3ZXLBVLdghoHkljChoVS3ZOMV5Pchxrclx0CSAGTWMKGhVLdk-suFUoHCGgFV3YQfQJJIVw7WxZjCx4CSXcJaAFJdxxqAB8vSz1WFj4canZIdgx2AF8zBGk
IP 54.230.245.161:0
File type ASCII text, with very long lines (589), with no line terminators
Hash ebf30e523774ee8eb41b938735e24323
5113413f804ff65739b676e7a82cbf092839cff0
a639e849a28b49088a4a03f910946222b0e7b2a6d8a382b40ebebfc9da15a897
GET /NeUY5WDAaKVc+Dw0vXWUITnAKaQhfLEo3Xgl7dztfKj9AFVNMYE0iVER2HzRRFyEEflUXJQRpFhgiW2UEXzJJN1tEPk8+QhEoQChTGmBMOQ0UKUMxXBUnHGp2TGgJfQJJbk4xXh0pTisVS3ZXLBVLdghoHkljChoVS3ZOMV5Pchxrclx0CSAGTWMKGhVLdk-suFUoHCGgFV3YQfQJJIVw7WxZjCx4CSXcJaAFJdxxqAB8vSz1WFj4canZIdgx2AF8zBGk HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itehappymutte.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 449
date: Tue, 28 Mar 2023 14:28:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: raWU9TPCqsqJ_kso3Mf7b_PkfpNrjelu8jZOXxTa8IO-A5lhH2_r6w==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/IYU5kdEYCIQoSeRUnAEl+U3tdRXdHJBcbKBFzHDgMGQZVQAowAio+BRY8QgA8BXNUUioAIANJYAQgB0l3Ry8AFntVaBAEKQpzERoiBCgNGiMFaBEVewwhHh0qDS9BRgBUYFRRdFFmEx0oBSETB2NTfgoAY1N+VURoUWtXNmNTfhMdKFd6QUcERHxUDHBVa1-c2Y1N+FgJjUg9VRHNPfk1RdFEpARctDmtWMnRRf1REd1F/QUZ2BycWESAONkFGAFB+UVp2RztZRQ
54.230.245.161200 OK 365 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/IYU5kdEYCIQoSeRUnAEl+U3tdRXdHJBcbKBFzHDgMGQZVQAowAio+BRY8QgA8BXNUUioAIANJYAQgB0l3Ry8AFntVaBAEKQpzERoiBCgNGiMFaBEVewwhHh0qDS9BRgBUYFRRdFFmEx0oBSETB2NTfgoAY1N+VURoUWtXNmNTfhMdKFd6QUcERHxUDHBVa1-c2Y1N+FgJjUg9VRHNPfk1RdFEpARctDmtWMnRRf1REd1F/QUZ2BycWESAONkFGAFB+UVp2RztZRQ
IP 54.230.245.161:0
File type ASCII text, with very long lines (471), with no line terminators
Hash 8c7bc7448921fe1dc8013aeefee37212
af39aef0c5a2a4ec62738fb428344a890cf6327f
4c7c62530d20db0beaa0adc26ce995184efeaf2efeece7a129935fa9ae6ae133
GET /IYU5kdEYCIQoSeRUnAEl+U3tdRXdHJBcbKBFzHDgMGQZVQAowAio+BRY8QgA8BXNUUioAIANJYAQgB0l3Ry8AFntVaBAEKQpzERoiBCgNGiMFaBEVewwhHh0qDS9BRgBUYFRRdFFmEx0oBSETB2NTfgoAY1N+VURoUWtXNmNTfhMdKFd6QUcERHxUDHBVa1-c2Y1N+FgJjUg9VRHNPfk1RdFEpARctDmtWMnRRf1REd1F/QUZ2BycWESAONkFGAFB+UVp2RztZRQ HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itehappymutte.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 365
date: Tue, 28 Mar 2023 14:28:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8TuGxV1ZBdC-5IGR7-6igpWzFS0ON9gnRDEdDBMpkN06RZKjhzR1Zg==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/odFBKUjIXPyQ0DQA5Lm8LQGlyZAZSOjk9XARtMDZ8OzZ9EQYYNQcZFAAqLm8CUjwrPFVJdi88UUlhbDNWFm1+dEcVbSc9SB08JjMXRhZ/fAJRYnp6RR0+Lj1FB3V4YlwAdXhiA0R+encBNnV4YkUdPnxmF0cSb2ACDGZ+dwE2dXhiQAJ1eRMDRGVkYhtRYn-o1Vxc7JXcAMmJ6YwJEYXpjF0ZgLDtAETYlKhdGFntiB1pgbCcPRQ
54.230.245.161200 OK 186 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/odFBKUjIXPyQ0DQA5Lm8LQGlyZAZSOjk9XARtMDZ8OzZ9EQYYNQcZFAAqLm8CUjwrPFVJdi88UUlhbDNWFm1+dEcVbSc9SB08JjMXRhZ/fAJRYnp6RR0+Lj1FB3V4YlwAdXhiA0R+encBNnV4YkUdPnxmF0cSb2ACDGZ+dwE2dXhiQAJ1eRMDRGVkYhtRYn-o1Vxc7JXcAMmJ6YwJEYXpjF0ZgLDtAETYlKhdGFntiB1pgbCcPRQ
IP 54.230.245.161:0
File type ASCII text, with no line terminators
Hash 4b88afd5dc6b378e4c521706a7206273
85db03618c1148cd92c0b2b07534d24de06e61a2
34d0ff7d46de0c5a73239cca533cc77f7fddd751b1d165a68b3dd655a9cd6aa6
GET /odFBKUjIXPyQ0DQA5Lm8LQGlyZAZSOjk9XARtMDZ8OzZ9EQYYNQcZFAAqLm8CUjwrPFVJdi88UUlhbDNWFm1+dEcVbSc9SB08JjMXRhZ/fAJRYnp6RR0+Lj1FB3V4YlwAdXhiA0R+encBNnV4YkUdPnxmF0cSb2ACDGZ+dwE2dXhiQAJ1eRMDRGVkYhtRYn-o1Vxc7JXcAMmJ6YwJEYXpjF0ZgLDtAETYlKhdGFntiB1pgbCcPRQ HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itehappymutte.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 186
date: Tue, 28 Mar 2023 14:28:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Y5DRlV2LA_oSaSIwKuhutGWRwPtRfvwmsEn7yhjb8YPV_qwSqlAuIQ==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/HRWlLRG4mBiUiUTEAL3lZc116cF9jAzgrADVUITMCHTEnIiMQJ30VFytPPz4KeFltKA8rDnZiCysKdnVIJA0peVpjHTsrBXgRPSIcLQcyNA0mTz4lUygGMS0CKQhudihwR3thXHVBPC0AIQY8N0t3WSUwS3dZenRAdUx4Bkt3WTwtAHNdbncsYFt7PFhxTH-gGS3dZOTJLdih6dFtrWWJhXHUOLicFKkx5Alx1WHt0X3VYbnZeIwA5IQgqEW52KHRZfmpeYxx2dQ
54.230.245.161200 OK 609 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/HRWlLRG4mBiUiUTEAL3lZc116cF9jAzgrADVUITMCHTEnIiMQJ30VFytPPz4KeFltKA8rDnZiCysKdnVIJA0peVpjHTsrBXgRPSIcLQcyNA0mTz4lUygGMS0CKQhudihwR3thXHVBPC0AIQY8N0t3WSUwS3dZenRAdUx4Bkt3WTwtAHNdbncsYFt7PFhxTH-gGS3dZOTJLdih6dFtrWWJhXHUOLicFKkx5Alx1WHt0X3VYbnZeIwA5IQgqEW52KHRZfmpeYxx2dQ
IP 54.230.245.161:0
File type ASCII text, with very long lines (834), with no line terminators
Hash 420b14d56b1e6f42107e6b886d1c1236
152a3c7292edf1d7bd63998d2c54e27433ea2f74
3413b212407ab0c9b15876799bbffbb9474b9cd4cf22ca33958fbf96d578680d
GET /HRWlLRG4mBiUiUTEAL3lZc116cF9jAzgrADVUITMCHTEnIiMQJ30VFytPPz4KeFltKA8rDnZiCysKdnVIJA0peVpjHTsrBXgRPSIcLQcyNA0mTz4lUygGMS0CKQhudihwR3thXHVBPC0AIQY8N0t3WSUwS3dZenRAdUx4Bkt3WTwtAHNdbncsYFt7PFhxTH-gGS3dZOTJLdih6dFtrWWJhXHUOLicFKkx5Alx1WHt0X3VYbnZeIwA5IQgqEW52KHRZfmpeYxx2dQ HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itehappymutte.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 609
date: Tue, 28 Mar 2023 14:28:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: r_g9LOs_28IJfHKGOXBhm8WrR5R5hm7pjm04O18NZxuE5Yh0rS5UYA==
X-Firefox-Spdy: h2
a.exdynsrv.com/ad-provider.js
205.185.216.10200 OK 27 kB URL HTTP/1.1 a.exdynsrv.com/ad-provider.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (52886)
Hash caff325c3dedde56662118710021ba52
e8ac8e95435ebffc411a75ba572b492079db0903
2599a4794875f4b05a6e1166832a35356a2144b6f6edabdf4016206cac7490bc
GET /ad-provider.js HTTP/1.1
Host: a.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 14:28:51 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 26741
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"11f47ce07ddb24215f4f3a5ce34"
X-HW: 1680013731.dop015.sk1.t,1680013731.cds221.sk1.shn,1680013731.dop015.sk1.t,1680013731.cds246.sk1.c
Access-Control-Allow-Origin: *, *
push.services.mozilla.com/
35.166.159.234101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.166.159.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: U8Qalh2K5ITrZSEMGoBPXw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: M+Pi5mivAFXXq4AyJgQ6i5ZqbsI=
megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
91.209.70.182200 OK 951 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
IP 91.209.70.182:0
File type PNG image data, 114 x 114, 8-bit colormap, non-interlaced\012- data
Hash 76852bc6b2c028db97322a74e85bd020
ed52fb4de0d51f93277bbaae42fa80ba5f92c31e
8a5ef2ef8440c17db1b1b539065ba4a887e07a2c508b79c2d1659512e9016884
GET /themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: image/png
content-length: 951
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-3b7"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 282 B IP 104.18.32.68:0
Hash d986f9507590f78cb7e62b4c0072268f
35d899ad0ed0d2d280d3fbe6d6def6774cc3ae7f
a05b3b8fba96a231b432c6f2918fd32283aca4d7f312e59949b1704e707f344d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 14:28:51 GMT
Content-Type: application/ocsp-response
Content-Length: 282
Connection: keep-alive
Last-Modified: Sun, 26 Mar 2023 16:43:16 GMT
Expires: Sun, 02 Apr 2023 16:43:15 GMT
Etag: "35d899ad0ed0d2d280d3fbe6d6def6774cc3ae7f"
Cache-Control: max-age=439463,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7af08fda5f19b4ff-OSL
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 600b67e46094ec7a1c3ae8d7ad2904d3
dd504ae4eb47813cf00a81aecd808c7a8ab5d434
3fe083b944c9bfe6d239e532f1356017758075193ee908cf9969cf07c5b0d269
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3827
Cache-Control: max-age=142185
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 14:28:51 GMT
Etag: "64227319-1d7"
Expires: Thu, 30 Mar 2023 05:58:36 GMT
Last-Modified: Tue, 28 Mar 2023 04:54:49 GMT
Server: ECAcc (ska/F757)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash db1f11cedde47cf778700089de6fe437
f275c6617546a36e66bba98d8909af268adac418
cba914b21c23042c7b2d1abdf15f91dc21371a3eb8221e71395ccf71f93b9e8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 14:28:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash db1f11cedde47cf778700089de6fe437
f275c6617546a36e66bba98d8909af268adac418
cba914b21c23042c7b2d1abdf15f91dc21371a3eb8221e71395ccf71f93b9e8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 14:28:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2653ae3f35a37459e9c7b0a77a3d1dc5
fc6b9892b60066c25f99992e16fda7538d22428c
af0fd846c2a9bab3b4ae27166a3326a037a6b8debd24298cc4339976762b2ee2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF0FD846C2A9BAB3B4AE27166A3326A037A6B8DEBD24298CC4339976762B2EE2"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18203
Expires: Tue, 28 Mar 2023 19:32:14 GMT
Date: Tue, 28 Mar 2023 14:28:51 GMT
Connection: keep-alive
imp9.bidgear.com/rec?t=1&z=6192&uuid=36892ce5c524464e94a4fec3bc897e84&p=28&g=NO&token=4a44335432&tbg=1680013730
104.26.2.107200 OK 599 B URL HTTP/2 imp9.bidgear.com/rec?t=1&z=6192&uuid=36892ce5c524464e94a4fec3bc897e84&p=28&g=NO&token=4a44335432&tbg=1680013730
IP 104.26.2.107:0
File type JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Hash ca49a7e783b806a4e8576ea80346203d
6fe9d083221dae98f6c76f7121c37bc884b02d82
3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28
GET /rec?t=1&z=6192&uuid=36892ce5c524464e94a4fec3bc897e84&p=28&g=NO&token=4a44335432&tbg=1680013730 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: image/jpeg
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=etKeIwm8FbDOTbooqXwzdOKNoFVoLknC8lVKCcZNW1c9jf0xXdiULHGqVgUrhgF32i3pY0h6MwKFCo1udDvDIuo5LqS2blZU24J3jv%2BnUO6VX7UizSXYd%2FIOBSm4gTUY8Ao%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af08fdaf9b7b4ee-OSL
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 28 Mar 2023 14:05:11 GMT
expires: Tue, 28 Mar 2023 16:05:11 GMT
cache-control: public, max-age=7200
age: 1420
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=1949582778&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2F1d04b%2FRimWorld.v1.4.3676.zip&ul=en-us&de=UTF-8&dt=RimWorld.v1.4.3676.zip%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAUABAAAAACAAI~&jid=1988438353&gjid=791780483&cid=275354674.1680013222&tid=UA-108868042-1&_gid=648505740.1680013222&_r=1>m=457e33r0&jsscut=1&z=1575429659
142.250.74.110200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1949582778&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2F1d04b%2FRimWorld.v1.4.3676.zip&ul=en-us&de=UTF-8&dt=RimWorld.v1.4.3676.zip%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAUABAAAAACAAI~&jid=1988438353&gjid=791780483&cid=275354674.1680013222&tid=UA-108868042-1&_gid=648505740.1680013222&_r=1>m=457e33r0&jsscut=1&z=1575429659
IP 142.250.74.110:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j99&a=1949582778&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2F1d04b%2FRimWorld.v1.4.3676.zip&ul=en-us&de=UTF-8&dt=RimWorld.v1.4.3676.zip%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAUABAAAAACAAI~&jid=1988438353&gjid=791780483&cid=275354674.1680013222&tid=UA-108868042-1&_gid=648505740.1680013222&_r=1>m=457e33r0&jsscut=1&z=1575429659 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain
Content-Length: 0
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://megaup.net
date: Tue, 28 Mar 2023 14:28:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
itehappymutte.com/utx?cb=GodTdwiIh9KQ&top=megaup.net&tid=825911
13.33.141.109204 No Content 0 B URL HTTP/2 itehappymutte.com/utx?cb=GodTdwiIh9KQ&top=megaup.net&tid=825911
IP 13.33.141.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=GodTdwiIh9KQ&top=megaup.net&tid=825911 HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:51 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 28 Mar 2023 14:29:51 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: gEdQrQ3Rt1YrCGoWTZXV_XxEkXy0OoGTarqdbOtJp-5FAfWt1Mtv2A==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7S8mBLCNizUnW9VFn0RF2FvrTbEk9IE2bz_DZigrHb3OulXKOKsJGaam1Sa0Eod9qEIyebC
142.250.74.109302 Found 395 B URL HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7S8mBLCNizUnW9VFn0RF2FvrTbEk9IE2bz_DZigrHb3OulXKOKsJGaam1Sa0Eod9qEIyebC
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (382)
Hash cb7eff95324edafcc5581982f2239a9f
9a7f4a43e92d6e41024c4aaa487b5f9dd4ad151d
1ede023064f3c4d73b1de172532dd7bf548dee80742e62d4c7c646a8bbe2a96d
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7S8mBLCNizUnW9VFn0RF2FvrTbEk9IE2bz_DZigrHb3OulXKOKsJGaam1Sa0Eod9qEIyebC HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 28 Mar 2023 14:28:51 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-687149229%3A1680013731221982&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QO1G9IDdJatGNw2iCu9mMdA7FdreF1iATVI11SAOBHru03ftABHZF0NA60eUYD18obZurf&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-ZrByZFEchaSP8AV2A-albA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:U6ExQUqirHy7y_LoVWjpnmRht9f0lQ:fhvdc65hbYMORwxN;Path=/;Expires=Thu, 27-Mar-2025 14:28:51 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7Q86v_-vYCwx9Kz3EzPDqgVgvzYDWrxin277iI162fu5nXLBMp4vsjR1MM63i5tpsZfJszz
142.250.74.109302 Found 394 B URL HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7Q86v_-vYCwx9Kz3EzPDqgVgvzYDWrxin277iI162fu5nXLBMp4vsjR1MM63i5tpsZfJszz
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash bab3b9934a7e58eca7f23529dc5b07e6
cdc9d1b5a8895b7fc51b44fea6ada018c5790400
cf49cd2c3c64e132344cd81013c8b7f3f13da7999f6fa48470959c9fe7224e3d
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7Q86v_-vYCwx9Kz3EzPDqgVgvzYDWrxin277iI162fu5nXLBMp4vsjR1MM63i5tpsZfJszz HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 28 Mar 2023 14:28:51 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1124288330%3A1680013731226955&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QPqzvA6VnI_JJ6_THYOLdcYGva4MACsWJ3jlpcbNTp_l6FJ11gTNluIh6cPx3aT3FyH0JD&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-9kYGUuhlMiNQTO4C87if3Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:pJ9Xwu512U8bVXNaQbat2UVlAsKBkw:mENi0yQrX4nKaXhf;Path=/;Expires=Thu, 27-Mar-2025 14:28:51 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
91.209.70.182200 OK 749 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
IP 91.209.70.182:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash a30f92c7bee0fd0cf547455aa2c70dc5
2fe0565e5dc63c9daa9ba969fcb6600db4fb88ab
dc78980ca091d119ccc23a103f38334a6899ccaa69666c35ba7d6ba63435f391
GET /themes/flow/frontend_assets/images/icons/favicon/favicon.ico HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: image/x-icon
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-47e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/responsive.css
91.209.70.182200 OK 1.5 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/responsive.css
IP 91.209.70.182:0
File type assembler source, ASCII text
Hash 755ce965df0e5e9d6a5236b86e563e05
8913ff5c54ea2b0c4051f62ffe621b4e47216a92
2cc2ef90de070ca3c5b94ef5207e09ea72630229e71b654048b2ceece6703e33
GET /themes/flow/frontend_assets/css/responsive.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-e56"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
syndication.exdynsrv.com/v1/api.php
95.211.229.247200 OK 927 B URL HTTP/1.1 syndication.exdynsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1219), with no line terminators
Hash e1d1dbf5183acad35e36da8df2a4c418
9961b08708ddce51e8b857870b536e9105ec6084
3e37e1f5aab9cd9a61bf23574159f987b65ae4e781981aae6ee813d4c5cf738e
POST /v1/api.php HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 319
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 14:28:51 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226422f9a33cbe49.115074911297353148%22%3B%7D; expires=Thu, 27-Mar-2025 14:28:51 GMT; Max-Age=63072000; path=/; domain=exdynsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 600b67e46094ec7a1c3ae8d7ad2904d3
dd504ae4eb47813cf00a81aecd808c7a8ab5d434
3fe083b944c9bfe6d239e532f1356017758075193ee908cf9969cf07c5b0d269
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4727
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 14:28:51 GMT
Last-Modified: Tue, 28 Mar 2023 13:10:04 GMT
Server: ECAcc (ska/F73A)
X-Cache: HIT
Content-Length: 471
itehappymutte.com/utx?cb=msJtxwNDE3NZ&top=megaup.net&tid=761186
13.33.141.109204 No Content 0 B URL HTTP/2 itehappymutte.com/utx?cb=msJtxwNDE3NZ&top=megaup.net&tid=761186
IP 13.33.141.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=msJtxwNDE3NZ&top=megaup.net&tid=761186 HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:51 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 28 Mar 2023 14:29:51 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: kRhnKmWICmSKH7vn6EBYhoAWx__TeGhIpbFskZVOtCeqPxpMtGKMhg==
X-Firefox-Spdy: h2
itehappymutte.com/utx?cb=Li6IsqyAaLY2&top=megaup.net&tid=876318
13.33.141.109204 No Content 0 B URL HTTP/2 itehappymutte.com/utx?cb=Li6IsqyAaLY2&top=megaup.net&tid=876318
IP 13.33.141.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Li6IsqyAaLY2&top=megaup.net&tid=876318 HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:51 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 28 Mar 2023 14:29:51 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: F8vJ9J2wPD60kCk9jCnfKiSmelN8IhqIRGfkUC_6WMIV1g_LjwM9Qg==
X-Firefox-Spdy: h2
itehappymutte.com/utx?cb=NHlcOFyFeAal&top=megaup.net&tid=764141
13.33.141.109204 No Content 0 B URL HTTP/2 itehappymutte.com/utx?cb=NHlcOFyFeAal&top=megaup.net&tid=764141
IP 13.33.141.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=NHlcOFyFeAal&top=megaup.net&tid=764141 HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:51 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 28 Mar 2023 14:29:51 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: -69kCf_fH_TzLoLA9Wfr04Iicmp_6OhzoQcZtzpra36NJYupYVXw_g==
X-Firefox-Spdy: h2
syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OW0oDQRC8ihfIUP2YV779VlA8wM7Mxi+DYIQIdXhnNxLsoulHdVe3Qu0AO2h5EBy1HKOwSqgIrkGi8+n5hS78WN+X789wXi9MqiVXplrhhdW8aKJ7cimJUYRubqhKrxlaZJKgERMazX3LAiAs4Nvr4+4yoTTgqhEz365SMDVmgeu220aT3taWh6d8culDJS7tJMnyGOjb4P83cUOASN3V/xo0cVNXHuReOKeBO718/Zw7eR+/Ie4C8033LbBj7WbSLMKb9sVc0hKjwdc0cmm/xHRVOVgBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OW0oDQRC8ihfIUP2YV779VlA8wM7Mxi+DYIQIdXhnNxLsoulHdVe3Qu0AO2h5EBy1HKOwSqgIrkGi8+n5hS78WN+X789wXi9MqiVXplrhhdW8aKJ7cimJUYRubqhKrxlaZJKgERMazX3LAiAs4Nvr4+4yoTTgqhEz365SMDVmgeu220aT3taWh6d8culDJS7tJMnyGOjb4P83cUOASN3V/xo0cVNXHuReOKeBO718/Zw7eR+/Ie4C8033LbBj7WbSLMKb9sVc0hKjwdc0cmm/xHRVOVgBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01OW0oDQRC8ihfIUP2YV779VlA8wM7Mxi+DYIQIdXhnNxLsoulHdVe3Qu0AO2h5EBy1HKOwSqgIrkGi8+n5hS78WN+X789wXi9MqiVXplrhhdW8aKJ7cimJUYRubqhKrxlaZJKgERMazX3LAiAs4Nvr4+4yoTTgqhEz365SMDVmgeu220aT3taWh6d8culDJS7tJMnyGOjb4P83cUOASN3V/xo0cVNXHuReOKeBO718/Zw7eR+/Ie4C8033LbBj7WbSLMKb9sVc0hKjwdc0cmm/xHRVOVgBAAA= HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226422f9a33cbe49.115074911297353148%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Mar 2023 14:28:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22511.0199%22%7D; expires=Thu, 27 Mar 2025 14:28:51 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 1e450df39afcb7a94ea40b4db83584cb
bf5dae5f9c5ecd382806d8273732f14c83c43402
47672835925a643ece7932bcc8f42a54a33c6c4af9065ab79f8e3b8b40335fdd
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=158030
Date: Tue, 28 Mar 2023 14:28:51 GMT
Etag: "6422b69e-1d7"
Expires: Thu, 30 Mar 2023 10:22:41 GMT
Last-Modified: Tue, 28 Mar 2023 09:42:54 GMT
Server: ECAcc (dcb/7FE5)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: coaFfzLllV7FM5c8hrOWi03m9k8aJwxQ0XxgulGHGI85ijIxkLGOuA==
Age: 2387
static.a-ads.com/a-ads-banners/426618/300x250?region=eu-central-1
148.251.192.72200 OK 500 kB URL HTTP/2 static.a-ads.com/a-ads-banners/426618/300x250?region=eu-central-1
IP 148.251.192.72:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Size 500 kB (499628 bytes)
Hash e4eb2c4ec1794d4e05b77ec20607b881
4abdedcc14882e200a685cfd4240e69c60732aea
4f2c5f4d5efd47fd8d0fc9e0ceca3d637d907a682b748102378c2aa677395efe
GET /a-ads-banners/426618/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: image/gif
content-length: 499628
x-amz-id-2: qTuWKrHZgjNEm2JQ1EzEtOFCAiCVWBwOfJPkgtCFs+UGhZAFuLEmmvQxf9pg6ltgR7ocNBgww70=
x-amz-request-id: XKD5JQQE8GHPE52E
x-amz-replication-status: COMPLETED
last-modified: Sun, 20 Nov 2022 16:37:46 GMT
etag: "e4eb2c4ec1794d4e05b77ec20607b881"
cache-control: max-age=315360000
x-amz-version-id: aMmfct8jferkXctt.IjET.eVL2M61OoN
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.132.29200 OK 29 B IP 172.64.132.29:0
File type ASCII text, with no line terminators
Hash bd7dcc08245c2524bc0cb620e0142df2
aff1763a1a602b04747fb961ac39f1f491fe4278
6756a5e70e526674f03b5ce9b036cca13fb8a6a72a9dfa124b785cdc85ea7464
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: text/plain
set-cookie: csu=2077554532770554@1@1680013731; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cwc223hBBJbn5m9AQU%2F2KBy2aWYZt6pPOQzNkh5Rx9rwlmnC8EhzxQBogkM5H7wt490ymrIc6jzM4cUROUfSbUqdK9%2FCeQKdpeEx4YDVjEQQ1atFCXFBRbBzyiquiD23"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af08fdbe81576e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/622879/03e1912f6befa7b6d96b64100b2a9cc7319609cb.mp4
185.76.9.24206 Partial Content 49 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/622879/03e1912f6befa7b6d96b64100b2a9cc7319609cb.mp4
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 1c7b47fa8b272142464b6e44c99df845
03e1912f6befa7b6d96b64100b2a9cc7319609cb
9677018c54351cef34c293ef6e8bd1248e877d82da912471d5cea374d3354c9d
GET /library/622879/03e1912f6befa7b6d96b64100b2a9cc7319609cb.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: video/mp4
content-length: 48724
last-modified: Sat, 27 Mar 2021 13:35:05 GMT
etag: "605f3489-be54"
expires: Wed, 25 Oct 2023 04:33:12 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCRRTnCj/QW2RAA
x-77-nzt-ray: af585630e405635ea3f9226425a4691f
x-accel-expires: @1702019042
x-cache: HIT
x-age: 9530689
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-48723/48724
X-Firefox-Spdy: h2
theharityhild.buzz/SFVFM0EzdzZEHj0nKRF7aj0xRzE7b2ocLC0yJEYxZjsgR247ImtZMmp5Z0AsLnd%2FAm1qJihFY3J3cR1yanlnRyAvCixXY3J3fQBzfmZ2EW1qJjBRHiExdxF7ajN9AHIrZXFRbH4wdVFsfDEnA2xxYX0EbC5jIFYkKzAmUCIrMGdO
52.20.131.174502 Bad Gateway 0 B URL HTTP/2 theharityhild.buzz/SFVFM0EzdzZEHj0nKRF7aj0xRzE7b2ocLC0yJEYxZjsgR247ImtZMmp5Z0AsLnd%2FAm1qJihFY3J3cR1yanlnRyAvCixXY3J3fQBzfmZ2EW1qJjBRHiExdxF7ajN9AHIrZXFRbH4wdVFsfDEnA2xxYX0EbC5jIFYkKzAmUCIrMGdO
IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SFVFM0EzdzZEHj0nKRF7aj0xRzE7b2ocLC0yJEYxZjsgR247ImtZMmp5Z0AsLnd%2FAm1qJihFY3J3cR1yanlnRyAvCixXY3J3fQBzfmZ2EW1qJjBRHiExdxF7ajN9AHIrZXFRbH4wdVFsfDEnA2xxYX0EbC5jIFYkKzAmUCIrMGdO HTTP/1.1
Host: theharityhild.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 502 Bad Gateway
set-cookie: 51fa56404f11790070ae5421d1626141=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
X-Firefox-Spdy: h2
api.purpleads.io/x/init?ts=1680013751805
34.236.45.130200 OK 145 B URL HTTP/2 api.purpleads.io/x/init?ts=1680013751805
IP 34.236.45.130:0
Hash 562bfcc5bf7015bc1f76752f620f31be
e78f5716bd28a7bdae8ce649de403cd25a020f53
f6e2221befc8c96856d42968d4e1fe5454d95f18f00a071d831bf7936dbca52d
GET /x/init?ts=1680013751805 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: application/json
x-purpleads-version: 2.5.11
x-request-url: aHR0cHM6Ly9tZWdhdXAubmV0LzFkMDRiL1JpbVdvcmxkLnYxLjQuMzY3Ni56aXA=
Authorization: Bearer 70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: application/json; charset=utf-8
content-length: 87
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-expose-headers: pa-user-id
x-request-id: 88d0c4ce-cdd5-45d3-8c47-0d3e0cfbb2de
x-api-version: 0.46.10
etag: W/"57-rJEPlnm9gFYJQ15PqJcM33T6S4Y"
vary: Accept-Encoding
X-Firefox-Spdy: h2
api.purpleads.io/x/b/?idx=0&pid=c732a112e014401eb898d68973e02b66&sizes=[[300,250],[300,250],[200,200],[250,250],[300,100]]&slotid=331eb83c-e92c-489c-8059-9968127d24d2&ts=1680013752038
34.236.45.130200 OK 3.1 kB URL HTTP/2 api.purpleads.io/x/b/?idx=0&pid=c732a112e014401eb898d68973e02b66&sizes=[[300,250],[300,250],[200,200],[250,250],[300,100]]&slotid=331eb83c-e92c-489c-8059-9968127d24d2&ts=1680013752038
IP 34.236.45.130:0
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6355), with no line terminators
Hash ee9e44ef97ab027e7445a73f9b5e0b5e
8a2ab6da8ed3e34f1c946fe63ea73a35c72a1974
dfa97de217106a6821b94e6d67318113cb28b2021ca456c280237024a1f1120a
GET /x/b/?idx=0&pid=c732a112e014401eb898d68973e02b66&sizes=[[300,250],[300,250],[200,200],[250,250],[300,100]]&slotid=331eb83c-e92c-489c-8059-9968127d24d2&ts=1680013752038 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: application/json
x-purpleads-version: 2.5.11
x-request-url: aHR0cHM6Ly9tZWdhdXAubmV0LzFkMDRiL1JpbVdvcmxkLnYxLjQuMzY3Ni56aXA=
Authorization: Bearer 70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-expose-headers: pa-user-id
x-request-id: 6c9c351a-87cf-4bfd-94f3-210b5efd49ed
x-api-version: 0.46.10
set-cookie: pa-user-id=30c76c81-14b0-4b90-b13d-6f4e41a653f7; Domain=.purpleads.io; Path=/
pa-user-id: 30c76c81-14b0-4b90-b13d-6f4e41a653f7
etag: W/"bfc-rBpkZk4extNLsvey4htD3HCtEgQ"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
theharityhild.buzz/
52.20.131.174200 OK 0 B IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: theharityhild.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Content-Length: 392
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-687149229%3A1680013731221982&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QO1G9IDdJatGNw2iCu9mMdA7FdreF1iATVI11SAOBHru03ftABHZF0NA60eUYD18obZurf&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
142.250.74.109403 Forbidden 809 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-687149229%3A1680013731221982&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QO1G9IDdJatGNw2iCu9mMdA7FdreF1iATVI11SAOBHru03ftABHZF0NA60eUYD18obZurf&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash 73239eb6259e20af2accdc861665a47f
6256ab4e9952a956550414d5b23e05d8f5808997
778f226292253105f33cbe7caff4535f58fe153f64e5ecbc28b590c9a34c18a8
GET /v3/signin/identifier?dsh=S-687149229%3A1680013731221982&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QO1G9IDdJatGNw2iCu9mMdA7FdreF1iATVI11SAOBHru03ftABHZF0NA60eUYD18obZurf&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 28 Mar 2023 14:28:51 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-vWGQneiW7AiiLN_XEKxYNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.prplads.com/prebid-2023-03-22.js
172.67.74.93200 OK 134 kB URL HTTP/2 cdn.prplads.com/prebid-2023-03-22.js
IP 172.67.74.93:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 134 kB (133866 bytes)
Hash 23e42440a2338534074085b1adf77a3b
d6abb8b0a6e8cad97e4a1016fb097bf8da0065bc
54ed61936255867a53ebbb14bc23077f511907688d8071351184b6a8031dc049
GET /prebid-2023-03-22.js HTTP/1.1
Host: cdn.prplads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: application/javascript
cache-control: max-age=1209600
cf-bgj: minify
cf-polished: origSize=375127
etag: W/"99f3c3ccaab6ea63fe6fdc9617e04981"
last-modified: Wed, 22 Mar 2023 16:08:32 GMT
x-amz-id-2: tfIde3Z15D2eLP//UJilb9u8uhCt0yPvOj1j2aVDRqen5Y9+IRpaxx2/c6GWQPnFpjKeKpG02Ro=
x-amz-request-id: WEEHEZZ3GQGXCX9S
cf-cache-status: HIT
age: 90980
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRCQzDVSq9wpSbzbPPRSjolzweEKTv0Ein09r%2FKJBm%2FcnuP1AIgHpnJAL9g5ik5pHOfBQR%2B0c6BrDQei5TCwIH0BMWeqUExRQJe5zlr1kjN%2FiYt29IGPI%2F8fxU0E7XfTdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08fdf7b73b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31568, version 1.1\012- data
Hash e0c4ac0e73196bd0469c5c33304b7773
bb071565f82907d117b0732dca8013409162c67d
ff3bf3a4a1bf2b922157b18d0e8cddd95f2fc2dfe09c30a3ce67bc11a84c67af
GET /themes/flow/frontend_assets/fonts/raleway_bold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: font/woff
content-length: 31568
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7b50"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 23 kB URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
Hash 0ffb2c9b6dd933ae18ab7dc729d58e69
bb88b2f3fc47452873348d1cdcb7ea3d4a2bbc10
0cd0e55fa43693dfe4b04a225bf7774eb3f66e232828f8d661547728475a12f2
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 28 Mar 2023 14:28:51 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7S8mBLCNizUnW9VFn0RF2FvrTbEk9IE2bz_DZigrHb3OulXKOKsJGaam1Sa0Eod9qEIyebC
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-nf2Q0r9x23QkPcK91Vkhew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy: unsafe-none
content-type: application/binary
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:GMcQSUfm1gc4MKdbub61tPKtgoAU_Q:BMz7QY0mCIToPKNJ; Expires=Thu, 27-Mar-2025 14:28:51 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mp.4dex.io/prebid
104.18.3.114204 No Content 0 B IP 104.18.3.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid HTTP/1.1
Host: mp.4dex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1990
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:51 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin, Accept-Encoding
x-err: Parsing the Prebid Request. org/site not found
x-version: 3.0.0-gcp-ams
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7af08fe0591bb4fd-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31f12960d4e4973b55043b56857153d4
c1674efeea8484a084a0e484419823945c9599e8
4663da139746b8cc83b19817a8527ccc3f7f128735574d2ac2d854f6b5b4d0ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4663DA139746B8CC83B19817A8527CCC3F7F128735574D2AC2D854F6B5B4D0FF"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2320
Expires: Tue, 28 Mar 2023 15:07:31 GMT
Date: Tue, 28 Mar 2023 14:28:51 GMT
Connection: keep-alive
prebid.a-mo.net/a/c
147.75.85.234204 No Content 0 B IP 147.75.85.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /a/c HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1412
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: max-age=0, private, must-revalidate
date: Tue, 28 Mar 2023 14:28:51 GMT
server: envoy
vary: origin, Accept-Encoding
x-nbr: 1
x-envoy-upstream-service-time: 0
set-cookie: X-Contour-Session-Affinity="22996c8e75b30138"; Path=/; HttpOnly
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 60b4b07d59dbdd7807e3bc9ceb40c3ba
fdcd14cfb7e0693a81abe2553421455edca61336
8f95b92305d4ee2fbaca71d9fb696702756333cdddce943a1975affaa9f917da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2137
Cache-Control: max-age=127191
Content-Type: application/ocsp-response
Date: Tue, 28 Mar 2023 14:28:51 GMT
Etag: "64223f21-1d7"
Expires: Thu, 30 Mar 2023 01:48:42 GMT
Last-Modified: Tue, 28 Mar 2023 01:13:05 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471
api.purpleads.io/x/init?ts=1680013751805
34.236.45.130200 OK 0 B URL HTTP/2 api.purpleads.io/x/init?ts=1680013751805
IP 34.236.45.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /x/init?ts=1680013751805 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-expose-headers: pa-user-id
x-request-id: 8ba5c6cf-f67a-4122-bdfd-68de3b17aac6
x-api-version: 0.46.10
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 696
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:52 GMT
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
6.adsco.re/
104.17.166.186200 OK 0 B IP 104.17.166.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:52 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://megaup.net
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08fe1db430b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11512
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
itehappymutte.com/floater?cs=YVg1ZW5UaABcVlZoAlJdVmABVlY&abt=0&red=1&sm=83&k=download%20file%203676%20rimworld&v=0.9.1.5&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=141.04372355430183&ref=https%3A%2F%2Fmegaup.net%2F1d04b%2FRimWorld.v1.4.3676.zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_XO53=1680013752136&crc=1
13.33.141.109200 OK 5.4 kB URL HTTP/2 itehappymutte.com/floater?cs=YVg1ZW5UaABcVlZoAlJdVmABVlY&abt=0&red=1&sm=83&k=download%20file%203676%20rimworld&v=0.9.1.5&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=141.04372355430183&ref=https%3A%2F%2Fmegaup.net%2F1d04b%2FRimWorld.v1.4.3676.zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_XO53=1680013752136&crc=1
IP 13.33.141.109:0
File type ASCII text, with very long lines (8479), with no line terminators
Hash 9bf807a97a2f1c6c6c7ed4a33e7a6451
13f66169e02cd1284e9a3c34282bb40ee0965ded
da6c1169a7a7d25246782d2bec11f5adf8d3cb7b8d54f9ac187a6ba6beaf6d52
GET /floater?cs=YVg1ZW5UaABcVlZoAlJdVmABVlY&abt=0&red=1&sm=83&k=download%20file%203676%20rimworld&v=0.9.1.5&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=141.04372355430183&ref=https%3A%2F%2Fmegaup.net%2F1d04b%2FRimWorld.v1.4.3676.zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_XO53=1680013752136&crc=1 HTTP/1.1
Host: itehappymutte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 5419
date: Tue, 28 Mar 2023 14:28:52 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=2c48e102-28c9-4ed5-9c34-0f887e214cd4
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5f054515672e497f7035c066a262245c.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: Rbwnl8GIP-a00MWZhZShrHLtA-XM5fNfEHFN1JIRc5hRwthhH5ho0g==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11512
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11512
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11512
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11512
Expires: Tue, 28 Mar 2023 17:40:44 GMT
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
api.purpleads.io/x/init?ts=1680013752560
34.236.45.130200 OK 87 B URL HTTP/2 api.purpleads.io/x/init?ts=1680013752560
IP 34.236.45.130:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1225a48532b67fd812920a47e3557ed4
ac910f9679bd805609435e4fa8970cdf74fa4b86
4cdf058286dcc09e5511ec4f021ce5ce4d22052312bf08ce7b672e08eb5a4a9f
GET /x/init?ts=1680013752560 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: application/json
x-purpleads-version: 2.5.11
x-request-url: aHR0cHM6Ly9tZWdhdXAubmV0LzFkMDRiL1JpbVdvcmxkLnYxLjQuMzY3Ni56aXA=
Authorization: Bearer 70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:52 GMT
content-type: application/json; charset=utf-8
content-length: 87
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-expose-headers: pa-user-id
x-request-id: bb2c06ea-2cb2-4c87-9424-c60df4ff951e
x-api-version: 0.46.10
etag: W/"57-rJEPlnm9gFYJQ15PqJcM33T6S4Y"
vary: Accept-Encoding
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
34.120.237.76200 OK 20 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e093e7b5c12cfc2aee601f823ea47e
d76b3958471b2ed70a2b52f078ec638748fdb441
de4fc669195611c4ea6fe7d920482987aef077973b4973c01e2f362aeb18c2ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 20349
x-amzn-requestid: 8e810007-5602-40d0-b103-da5421381d67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbpjHdcoAMFSuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca3-22f4671a5cd5fab36268ae3f;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:39 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: -rX6JXPNzVJyz9ykqPUCTNBUK9NOK2CAwrrVNPsoVfCDIEeH3AS3bQ==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:55:30 GMT
age: 59602
etag: "d76b3958471b2ed70a2b52f078ec638748fdb441"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada29e049501b12a35b0bcc5f68e3e57
5c1ba9bffbcc9007e7f119dbb3197db34a12f8da
b45583b5845129386a456e03fbdba25305c8d6d9fb5a8f01d783816ced080629
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10744
x-amzn-requestid: d693d820-7eed-47a3-9b0b-8f43c141bd3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbogF0poAMFTAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-22ab350146e8a3a606f74c42;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: KAI78tfv0ATn1DQvBGyodBs9UWsIGdj1Fa50KowbUAO4ab2ceaYhMw==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:49:26 GMT
age: 59966
etag: "5c1ba9bffbcc9007e7f119dbb3197db34a12f8da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fdd8a3f935830ca9e5ffdb5824acebc
39caaddec703fdad962d03fff8687bad2c1df4ad
6fe6301fb3610c3e8a9b62671579db53189bb62ead4cf5ab30a1f1e0b90b8ca2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7537
x-amzn-requestid: 2fb06f69-4757-4ba5-9f20-6e829127b931
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqWETgoAMFV5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca8-6421e38b3a0ac0590ffa8b52;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:44 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: JZfiBSqQdWXqpaxSlepC6hEJ888ja6o10GW0KziDifD8KdTmDTn0eQ==
via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:05:18 GMT
age: 59014
etag: "39caaddec703fdad962d03fff8687bad2c1df4ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d89be83374f516673ad6ebb04ffda31
ca8c9c5379c564e5c8be32958a4490df00262963
4dc9662f6e9e21f8437f844c47540efbb247eefe0250c9906baccb48eb084b38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4DC9662F6E9E21F8437F844C47540EFBB247EEFE0250C9906BACCB48EB084B38"
Last-Modified: Sun, 26 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12012
Expires: Tue, 28 Mar 2023 17:49:04 GMT
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1da68df9d96e2758e37b9f15daab027b
5ff19ed6dc5752aa4b15fb88da972b736fd55783
ad924425946dbdf309c764e7097e676185516301feb7722b30d95ffd50b4353f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 85a30298-4613-4a96-bdba-0899fe9f9475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdcsgGZsoAMFQkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220e4f-10db431e7632048d7b15e0ec;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:44:47 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: JDa9YUJ9xo5mo8tb7poZC8XJDp6USTidZjWEwTZCrioJxR7vur6uJw==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:00:12 GMT
age: 59320
etag: "5ff19ed6dc5752aa4b15fb88da972b736fd55783"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 789f11978a1149984408fbbb9a2b3f81
078bd523107096bab5e26d42b18e316c253f1ca7
7974980290443b64126f512686261150cd27331cb7b32a96d1167a97d046e8a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 9277e35d-8fe8-482e-b65c-b132dfcbd87e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqBGl0IAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca6-7869936b33cbf3633c68e7ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Xz5zjv-po5mgSFz_kkZZ5Hvw9SxY-3d-J2DpvFWxM-iI4jXTsUbiyg==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 10:16:22 GMT
age: 15150
etag: "078bd523107096bab5e26d42b18e316c253f1ca7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: I3GuoZ4ZxAtz0sKe3wrW67aitLlCAbaZkiPw23fl0F3FoumJDEnXiQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 10:12:21 GMT
age: 15391
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash a684f3b449a125d2285678a6be0172a9
f5ba7774839ee9f45e1f2a88d322d3c3cfcc971f
91945112515f30fe6017f31f87a483adb2040d8435fce14fe9c44e89cf433b2c
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 14:28:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
rotdoiqgslfa.l4.adsco.re/
185.200.118.90200 OK 0 B URL HTTP/1.1 rotdoiqgslfa.l4.adsco.re/
IP 185.200.118.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: rotdoiqgslfa.l4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 14:28:52 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Tue, 31 Jul 2018 22:16:15 GMT
Connection: close
ETag: "5b60dfaf-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e19e7ae3b7d1ffbcd7ab25777f91e0df
1e8290ce881dce150849c1863620e0c426bd30eb
e08227903eb1191994dcd343220e9e2dc48bb94946cb6c676630c24ae8ec7ae8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E08227903EB1191994DCD343220E9E2DC48BB94946CB6C676630C24AE8EC7AE8"
Last-Modified: Sun, 26 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12387
Expires: Tue, 28 Mar 2023 17:55:19 GMT
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
script.4dex.io/localstore.js
172.67.75.241304 Not Modified 0 B URL HTTP/1.1 script.4dex.io/localstore.js
IP 172.67.75.241:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /localstore.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 23 Nov 2022 15:43:18 GMT
If-None-Match: W/"922cffdd75f7192f75231d92684885aa"
HTTP/1.1 304 Not Modified
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
Cache-Control: public, max-age=1800
ETag: W/"922cffdd75f7192f75231d92684885aa"
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 412407
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zl6d5ixN110fFaOh%2FtvAgbWOJCZypAKaoTg4oriOnVW6hxd%2BmHHyQpeO%2BmonV3vQuN6SjBWX5tN5ZLAr2kwxkNqlVyaCuN2b%2Fy%2FXd2QDqfLps6ugWSsvEwVapikxWoo3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7af08fe548361c12-OSL
script.4dex.io/adagio.js
172.67.75.241304 Not Modified 0 B IP 172.67.75.241:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adagio.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 23 Nov 2022 15:43:17 GMT
If-None-Match: W/"c56b6332dacf72f135afcd153ae22448"
HTTP/1.1 304 Not Modified
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Last-Modified: Wed, 23 Nov 2022 15:43:17 GMT
Vary: Origin, Accept-Encoding
Access-Control-Expose-Headers:
CF-Cache-Status: HIT
Age: 1336244
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hgnFgYZXm9D9cfd%2B8pt%2BiZv6Sz6fa1ykIzXSg1jWN1pM%2BiE2vhwv4XXeE7lDyOZyCwDgvw4pEjUQao5Q9Zg4hM5CaHH6u6ZRKHqnFUxx%2FdyhphL3GuyMQZWG4Kdjmgdw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7af08fe56f1b0b69-OSL
prebid.a-mo.net/a/c
147.75.85.234204 No Content 0 B IP 147.75.85.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /a/c HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1373
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: max-age=0, private, must-revalidate
date: Tue, 28 Mar 2023 14:28:52 GMT
server: envoy
vary: origin, Accept-Encoding
x-nbr: 1
x-envoy-upstream-service-time: 1
set-cookie: X-Contour-Session-Affinity="22996c8e75b30138"; Path=/; HttpOnly
X-Firefox-Spdy: h2
mp.4dex.io/prebid
104.18.3.114204 No Content 0 B IP 104.18.3.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid HTTP/1.1
Host: mp.4dex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 2066
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:52 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin, Accept-Encoding
x-err: Parsing the Prebid Request. org/site not found
x-version: 3.0.0-gcp-ams
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7af08fe55881b4fd-OSL
X-Firefox-Spdy: h2
rotdoiqgslfa.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 rotdoiqgslfa.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: rotdoiqgslfa.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 14:28:52 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 709
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 28 Mar 2023 14:28:52 GMT
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
adsco.re/p
162.252.214.5200 OK 132 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash c50476b8db5a308ab4201a49fbd047b5
1999c7e35c837752c83a8e386e9806298d3c9dd2
d2aba9d5d05327a221db985aaaa3ef475a000d9e53da3c5297678846d1bc6433
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Length: 1993
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 14:28:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ac8d9cdf223e611b7f8416c986c1b2e
22410c6eb7ebc2e9ea54618ec5aca74fa46dbeaa
ad997ef489632d7cf36a034a50b1926463ef042bfe9064156514903b90d0e4a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD997EF489632D7CF36A034A50B1926463EF042BFE9064156514903B90D0E4A7"
Last-Modified: Sun, 26 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2976
Expires: Tue, 28 Mar 2023 15:18:28 GMT
Date: Tue, 28 Mar 2023 14:28:52 GMT
Connection: keep-alive
api.purpleads.io/x/b/?idx=1&pid=c732a112e014401eb898d68973e02b66&sizes=[[300,250],[300,250],[200,200],[250,250],[300,100]]&slotid=331eb83c-e92c-489c-8059-9968127d24d2&demand=unifiedPb&ts=1680013753249
34.236.45.130200 OK 121 B URL HTTP/2 api.purpleads.io/x/b/?idx=1&pid=c732a112e014401eb898d68973e02b66&sizes=[[300,250],[300,250],[200,200],[250,250],[300,100]]&slotid=331eb83c-e92c-489c-8059-9968127d24d2&demand=unifiedPb&ts=1680013753249
IP 34.236.45.130:0
File type JSON data\012- , ASCII text, with no line terminators
Hash cfb27a4194811c92b180b98dc2d7a854
6a61982ed2c5174b34e641188ae8e76e48691d74
c25e6e196f7e8bc475ff59424ccde25adf9bbd323a521d80d99f872d111c4dbf
OPTIONS /x/b/?idx=1&pid=c732a112e014401eb898d68973e02b66&sizes=[[300,250],[300,250],[200,200],[250,250],[300,100]]&slotid=331eb83c-e92c-489c-8059-9968127d24d2&demand=unifiedPb&ts=1680013753249 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:52 GMT
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-expose-headers: pa-user-id
x-request-id: 60b1120f-6706-4c3d-b53c-d23bbc531397
x-api-version: 0.46.10
X-Firefox-Spdy: h2
engine.4dsply.com/verify?sig=BAYAZCL5pAFkIvmkgAGBAcAAIFV1NZ4Z41-wOiYNGcdwqlZUIAa74CmEdg0CjjkNXlRQwQAg8zyRWaxHWqxzesjZLPD0BtvhHbcZAUt_4hnafBYV05c
104.16.159.17200 OK 17 B URL HTTP/2 engine.4dsply.com/verify?sig=BAYAZCL5pAFkIvmkgAGBAcAAIFV1NZ4Z41-wOiYNGcdwqlZUIAa74CmEdg0CjjkNXlRQwQAg8zyRWaxHWqxzesjZLPD0BtvhHbcZAUt_4hnafBYV05c
IP 104.16.159.17:0
File type JSON data\012- , ASCII text, with no line terminators
Hash f9bf086d73f8b7cc483324aedb224ed0
be03b282679354a90df7b59b4c92da6e8caeaccc
39ca3c85734717cf31f55ab2e7d04d8ad2438a3bd9f6f46fae350d12506b4699
GET /verify?sig=BAYAZCL5pAFkIvmkgAGBAcAAIFV1NZ4Z41-wOiYNGcdwqlZUIAa74CmEdg0CjjkNXlRQwQAg8zyRWaxHWqxzesjZLPD0BtvhHbcZAUt_4hnafBYV05c HTTP/1.1
Host: engine.4dsply.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:52 GMT
content-type: application/json
content-length: 17
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: Content-Type
access-control-allow-methods: GET
x-adscore-status: bot
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08fe6ab48fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.purpleads.io/x/b/?idx=1&pid=c732a112e014401eb898d68973e02b66&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=6411a0ba-5b9d-4146-a312-33be8d725b86&demand=unifiedPb&ts=1680013753572
34.236.45.130200 OK 121 B URL HTTP/2 api.purpleads.io/x/b/?idx=1&pid=c732a112e014401eb898d68973e02b66&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=6411a0ba-5b9d-4146-a312-33be8d725b86&demand=unifiedPb&ts=1680013753572
IP 34.236.45.130:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 346ca4a8b2caa8448ac0debe99698fb9
d3f5d8e46edf4049ce3aba1d80b9c674e4d10c35
9bc18dfec65bc7f78a86dfdbf3af70f4dd1fa55729896d88d39617221dfb4c5c
GET /x/b/?idx=1&pid=c732a112e014401eb898d68973e02b66&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=6411a0ba-5b9d-4146-a312-33be8d725b86&demand=unifiedPb&ts=1680013753572 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: application/json
x-purpleads-version: 2.5.11
x-request-url: aHR0cHM6Ly9tZWdhdXAubmV0LzFkMDRiL1JpbVdvcmxkLnYxLjQuMzY3Ni56aXA=
Authorization: Bearer 70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:53 GMT
content-type: application/json; charset=utf-8
content-length: 121
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-expose-headers: pa-user-id
x-request-id: 37fcf7a6-bd91-43d9-ad52-430ebd8485a9
x-api-version: 0.46.10
set-cookie: pa-user-id=512c7cb6-7887-47cb-b8af-c069530a0bb9; Domain=.purpleads.io; Path=/
pa-user-id: 512c7cb6-7887-47cb-b8af-c069530a0bb9
etag: W/"79-0/XY5G7fQEnOOrodgLnGdOTRDDU"
vary: Accept-Encoding
X-Firefox-Spdy: h2
rotdoiqgslfa.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 rotdoiqgslfa.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: rotdoiqgslfa.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 14:28:53 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
bookadil.com/winnotice?sid=H4sIAAAAAAAC%2F1RTy4scRRivifEQPPhAD0KE8aYgs93T8%2BgxSDAmkWAeSx7sTaiu6t79Mj1VTVX39OyeFgXJSUY8mGPtb1%2Boq5g%2FQJReL7IgZC6yovsvKArBo8xkzOgH3d%2Fj91H86vt%2B9dFWccI8FPx4%2BZreoDTlS%2B2GV39thZTUpa1fv133vYZ3rr5CqtM6Vx9Nf2b4pu%2B1G97r9Xdj0ddLTc%2F3PN%2Fz65fJxIkeLc1QUHbQ8xs9r9FqNvx2CyPjYIsaLK9BDk%2FYCyA5eXrtxwcgUUENvrkY236uszcuDYqU59pgKPfvqL7SpcJgESamhkTtz7uh7YSx%2B6eg1f6cNfRwZ8oaEU1Y7WcfkdqfU0M03H3MLkoRK0TyGZTDCnFagXgFoT8EyYcMEBLXb0AN9q5rU%2FL1xyifohN2%2BtFfoHLCTv%2F2ItTg6wspjeq3dFrkpJXFKHGgUQVarZAVh8g3GKg8hMg%2FAMmf2NKjq1CDnRs21SDpZrcnqkBJhTQeg1uGYvoRQ5HUUGQ1DORxnbd7ied1kygJgrAlhAgCIdphR7Zl0AoTD4WY0hsjz8YQ6RjCbCIzm%2BjTGKb4GGQrFNyBMofM7oXNds%2F3EYuj83%2BzmYHTcZ13g56MgiTqdIJe0pR%2Bp9sNOzLhoed3ExkgoqPzzxbPXbvzyl2kxBDzo%2B%2F%2BmB9glYMq3LYy5GDiIza3bSPzo%2FNPutYcrGSwOcNQOpQxQ2kZSs5QEkOZM5RDtytT27RuT6a2iPy5b8594LZ1vup2db4aK7aVnbDnZ7v5U7yPfnxcTzzRDJNeK2iGrV4vCmWrG3TCjhS%2BDONWKGHp3wmQPQVua9igCXvp19%2BRTWUjP0XED2HTQwh6Fbw4C1468DWHDeUg9UGkdZ9LShtCD5DlZ5Cv17bSE%2FbyjEfn%2Fr3%2FjVYYh8w43KUfGFbTe9s3dcl2burSsgc3spwGtMGn%2BrmV8zx%2B6ov34vVSG3nloh1%2F%2FraYAtPw4HZs86tcSVKrln15gaSMzWVtRMy%2BvWJX4mi5sGsXCqOK7OryO5evDDITW0taVeD08NJnEDRhZz75ZfYyzn71FshUMIXDoHiyKpCuILJN2GxRs5rBpIs8yhjKwm2bZrQoTsWQLnYOHjnY%2F%2BTRIt6y38OSQ27ZPwAAAP%2F%2FAQAA%2F%2F860hpAgwQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1680013731&pid=91283&sub2=icon&auid=a739db3fb6639f2d167786dfa8017fd3&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
104.21.9.93307 Temporary Redirect 0 B URL HTTP/2 bookadil.com/winnotice?sid=H4sIAAAAAAAC%2F1RTy4scRRivifEQPPhAD0KE8aYgs93T8%2BgxSDAmkWAeSx7sTaiu6t79Mj1VTVX39OyeFgXJSUY8mGPtb1%2Boq5g%2FQJReL7IgZC6yovsvKArBo8xkzOgH3d%2Fj91H86vt%2B9dFWccI8FPx4%2BZreoDTlS%2B2GV39thZTUpa1fv133vYZ3rr5CqtM6Vx9Nf2b4pu%2B1G97r9Xdj0ddLTc%2F3PN%2Fz65fJxIkeLc1QUHbQ8xs9r9FqNvx2CyPjYIsaLK9BDk%2FYCyA5eXrtxwcgUUENvrkY236uszcuDYqU59pgKPfvqL7SpcJgESamhkTtz7uh7YSx%2B6eg1f6cNfRwZ8oaEU1Y7WcfkdqfU0M03H3MLkoRK0TyGZTDCnFagXgFoT8EyYcMEBLXb0AN9q5rU%2FL1xyifohN2%2BtFfoHLCTv%2F2ItTg6wspjeq3dFrkpJXFKHGgUQVarZAVh8g3GKg8hMg%2FAMmf2NKjq1CDnRs21SDpZrcnqkBJhTQeg1uGYvoRQ5HUUGQ1DORxnbd7ied1kygJgrAlhAgCIdphR7Zl0AoTD4WY0hsjz8YQ6RjCbCIzm%2BjTGKb4GGQrFNyBMofM7oXNds%2F3EYuj83%2BzmYHTcZ13g56MgiTqdIJe0pR%2Bp9sNOzLhoed3ExkgoqPzzxbPXbvzyl2kxBDzo%2B%2F%2BmB9glYMq3LYy5GDiIza3bSPzo%2FNPutYcrGSwOcNQOpQxQ2kZSs5QEkOZM5RDtytT27RuT6a2iPy5b8594LZ1vup2db4aK7aVnbDnZ7v5U7yPfnxcTzzRDJNeK2iGrV4vCmWrG3TCjhS%2BDONWKGHp3wmQPQVua9igCXvp19%2BRTWUjP0XED2HTQwh6Fbw4C1468DWHDeUg9UGkdZ9LShtCD5DlZ5Cv17bSE%2FbyjEfn%2Fr3%2FjVYYh8w43KUfGFbTe9s3dcl2burSsgc3spwGtMGn%2BrmV8zx%2B6ov34vVSG3nloh1%2F%2FraYAtPw4HZs86tcSVKrln15gaSMzWVtRMy%2BvWJX4mi5sGsXCqOK7OryO5evDDITW0taVeD08NJnEDRhZz75ZfYyzn71FshUMIXDoHiyKpCuILJN2GxRs5rBpIs8yhjKwm2bZrQoTsWQLnYOHjnY%2F%2BTRIt6y38OSQ27ZPwAAAP%2F%2FAQAA%2F%2F860hpAgwQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1680013731&pid=91283&sub2=icon&auid=a739db3fb6639f2d167786dfa8017fd3&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 104.21.9.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /winnotice?sid=H4sIAAAAAAAC%2F1RTy4scRRivifEQPPhAD0KE8aYgs93T8%2BgxSDAmkWAeSx7sTaiu6t79Mj1VTVX39OyeFgXJSUY8mGPtb1%2Boq5g%2FQJReL7IgZC6yovsvKArBo8xkzOgH3d%2Fj91H86vt%2B9dFWccI8FPx4%2BZreoDTlS%2B2GV39thZTUpa1fv133vYZ3rr5CqtM6Vx9Nf2b4pu%2B1G97r9Xdj0ddLTc%2F3PN%2Fz65fJxIkeLc1QUHbQ8xs9r9FqNvx2CyPjYIsaLK9BDk%2FYCyA5eXrtxwcgUUENvrkY236uszcuDYqU59pgKPfvqL7SpcJgESamhkTtz7uh7YSx%2B6eg1f6cNfRwZ8oaEU1Y7WcfkdqfU0M03H3MLkoRK0TyGZTDCnFagXgFoT8EyYcMEBLXb0AN9q5rU%2FL1xyifohN2%2BtFfoHLCTv%2F2ItTg6wspjeq3dFrkpJXFKHGgUQVarZAVh8g3GKg8hMg%2FAMmf2NKjq1CDnRs21SDpZrcnqkBJhTQeg1uGYvoRQ5HUUGQ1DORxnbd7ied1kygJgrAlhAgCIdphR7Zl0AoTD4WY0hsjz8YQ6RjCbCIzm%2BjTGKb4GGQrFNyBMofM7oXNds%2F3EYuj83%2BzmYHTcZ13g56MgiTqdIJe0pR%2Bp9sNOzLhoed3ExkgoqPzzxbPXbvzyl2kxBDzo%2B%2F%2BmB9glYMq3LYy5GDiIza3bSPzo%2FNPutYcrGSwOcNQOpQxQ2kZSs5QEkOZM5RDtytT27RuT6a2iPy5b8594LZ1vup2db4aK7aVnbDnZ7v5U7yPfnxcTzzRDJNeK2iGrV4vCmWrG3TCjhS%2BDONWKGHp3wmQPQVua9igCXvp19%2BRTWUjP0XED2HTQwh6Fbw4C1468DWHDeUg9UGkdZ9LShtCD5DlZ5Cv17bSE%2FbyjEfn%2Fr3%2FjVYYh8w43KUfGFbTe9s3dcl2burSsgc3spwGtMGn%2BrmV8zx%2B6ov34vVSG3nloh1%2F%2FraYAtPw4HZs86tcSVKrln15gaSMzWVtRMy%2BvWJX4mi5sGsXCqOK7OryO5evDDITW0taVeD08NJnEDRhZz75ZfYyzn71FshUMIXDoHiyKpCuILJN2GxRs5rBpIs8yhjKwm2bZrQoTsWQLnYOHjnY%2F%2BTRIt6y38OSQ27ZPwAAAP%2F%2FAQAA%2F%2F860hpAgwQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3577992&sub3=1680013731&pid=91283&sub2=icon&auid=a739db3fb6639f2d167786dfa8017fd3&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: bookadil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Tue, 28 Mar 2023 14:28:54 GMT
content-length: 0
location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
x-request-id: 5a5d264939045490736584038755b2a2
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMTgiAPWjndYosZINoBbmQ9oy0R%2FKrzzNt%2BXUJgKiKFwvs5G%2FRCWLUhAyl0PqJ5U41AqlmQ8osxO8rckVykejlcOyaUqrmj%2FPwPgrPQSnM%2Fm3%2FzBbAJFhdi73vM7p8c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08ff098bcb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6208588e2c801b0c7ec557287d80f166
71079a8192940c19ab84d33039fc1fa437066cb3
c169a24f728f1679d861ab53a26a09ece1905057c53a6a316229cf493317e41a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C169A24F728F1679D861AB53A26A09ECE1905057C53A6A316229CF493317E41A"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16138
Expires: Tue, 28 Mar 2023 18:57:52 GMT
Date: Tue, 28 Mar 2023 14:28:54 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Hash 70cf8250da1a25a7b445231428af7828
a849d338423d2919949340838c768bba90b9081c
b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:54 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Thu, 30 Mar 2023 14:28:54 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
147.75.85.234204 No Content 0 B URL HTTP/2 prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
IP 147.75.85.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid= HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: max-age=0, private, must-revalidate
date: Tue, 28 Mar 2023 14:28:54 GMT
server: envoy
x-envoy-upstream-service-time: 2
set-cookie: X-Contour-Session-Affinity="22996c8e75b30138"; Path=/; HttpOnly
vary: Accept-Encoding
X-Firefox-Spdy: h2
prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
147.75.85.234204 No Content 0 B URL HTTP/2 prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
IP 147.75.85.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid= HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: max-age=0, private, must-revalidate
date: Tue, 28 Mar 2023 14:28:55 GMT
server: envoy
x-envoy-upstream-service-time: 0
set-cookie: X-Contour-Session-Affinity="22996c8e75b30138"; Path=/; HttpOnly
vary: Accept-Encoding
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31900, version 1.1\012- data
Hash 1b285c8e5b7445a8e434b2cdf036bab2
c97d4772fbb5c5637d466b5f991bc7ec28830b32
09b979826f2ac158a63ba234042c66414c21282d0bb46eadc62c64a873778825
GET /themes/flow/frontend_assets/fonts/raleway_medium.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222; _gat_gtag_UA_108868042_1=1; a=GPkgnBONEZEVeUkHxLl8bhRsXc8HcvJT; token_QlJAAAAAAAAArRMIRsGBk-hpXXMDyS9EWV8qBEI=BAYAZCL5pAFkIvmkgAGBAcAAIFV1NZ4Z41-wOiYNGcdwqlZUIAa74CmEdg0CjjkNXlRQwQAg8zyRWaxHWqxzesjZLPD0BtvhHbcZAUt_4hnafBYV05c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:56 GMT
content-type: font/woff
content-length: 31900
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c9c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5bfc1f8d0fdd92d6b0d8b3d68143b988
f4454ccf4f4bd78c59d6fe672db04aa10a3d5b87
103bb019b207d97ae013cfe0455384af90cee8686a6de0251cc0409865f43e6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "103BB019B207D97AE013CFE0455384AF90CEE8686A6DE0251CC0409865F43E6F"
Last-Modified: Sun, 26 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=991
Expires: Tue, 28 Mar 2023 14:45:29 GMT
Date: Tue, 28 Mar 2023 14:28:58 GMT
Connection: keep-alive
imgspics.com/ie?v=4&c=78l4gH8IzCu9Nho06MXbUlFtbcXv8q5Tvlk1eowevR74JEC8US2xHoiC9BqU7m9pGqKPOo_FSWOC9qeMqgkJBjn6r489odANb0Vol6MsK6qcjqaD4aKpzYlhH8DN-JdctECsLXgoHKSMyjbr-YbK6hduRwK0QMlUcPcYLmwszj1fENkSR86sNFuRfVVNK_rCGOlAhqG3XmDS1oPZPwrctKCunbEQXmhbHXOOwq3VsIkpEyqtW6-Zwk0LBQIkDFGg-MR78vK5LYFY1JK0urxH7lwKzOJCAWfKFvwL9SZvDwjF-9x0dXBPpxelB0qvr3n8jqIE68OuAk_nE-VQCaPEm0g0YgUuI8OpwGAVkrBVNPQDWRNV77mUSE_mjclpYUizPF1NhZhl2WRKh-I_fDJP8ha6kM89NY1N8Xfc9zpNMcU=&v1=79&v2=68678
162.55.246.161301 Moved Permanently 0 B URL HTTP/1.1 imgspics.com/ie?v=4&c=78l4gH8IzCu9Nho06MXbUlFtbcXv8q5Tvlk1eowevR74JEC8US2xHoiC9BqU7m9pGqKPOo_FSWOC9qeMqgkJBjn6r489odANb0Vol6MsK6qcjqaD4aKpzYlhH8DN-JdctECsLXgoHKSMyjbr-YbK6hduRwK0QMlUcPcYLmwszj1fENkSR86sNFuRfVVNK_rCGOlAhqG3XmDS1oPZPwrctKCunbEQXmhbHXOOwq3VsIkpEyqtW6-Zwk0LBQIkDFGg-MR78vK5LYFY1JK0urxH7lwKzOJCAWfKFvwL9SZvDwjF-9x0dXBPpxelB0qvr3n8jqIE68OuAk_nE-VQCaPEm0g0YgUuI8OpwGAVkrBVNPQDWRNV77mUSE_mjclpYUizPF1NhZhl2WRKh-I_fDJP8ha6kM89NY1N8Xfc9zpNMcU=&v1=79&v2=68678
IP 162.55.246.161:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=78l4gH8IzCu9Nho06MXbUlFtbcXv8q5Tvlk1eowevR74JEC8US2xHoiC9BqU7m9pGqKPOo_FSWOC9qeMqgkJBjn6r489odANb0Vol6MsK6qcjqaD4aKpzYlhH8DN-JdctECsLXgoHKSMyjbr-YbK6hduRwK0QMlUcPcYLmwszj1fENkSR86sNFuRfVVNK_rCGOlAhqG3XmDS1oPZPwrctKCunbEQXmhbHXOOwq3VsIkpEyqtW6-Zwk0LBQIkDFGg-MR78vK5LYFY1JK0urxH7lwKzOJCAWfKFvwL9SZvDwjF-9x0dXBPpxelB0qvr3n8jqIE68OuAk_nE-VQCaPEm0g0YgUuI8OpwGAVkrBVNPQDWRNV77mUSE_mjclpYUizPF1NhZhl2WRKh-I_fDJP8ha6kM89NY1N8Xfc9zpNMcU=&v1=79&v2=68678 HTTP/1.1
Host: imgspics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Tue, 28 Mar 2023 14:28:58 GMT
content-length: 0
location: https://img.vmmcdn.com/get/7609021/200747_icon.png
x-app-id: 11
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 977a2c61e109239bb66548ccad2311bd
ab1fe6851d94f0e1a2a2533904cf2e6b949e1517
dd8c545be4e585123ebccce3989ce46d66b7b0ac521ef23a6a2e46f64da4ff8a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD8C545BE4E585123EBCCCE3989CE46D66B7B0AC521EF23A6A2E46F64DA4FF8A"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15801
Expires: Tue, 28 Mar 2023 18:52:19 GMT
Date: Tue, 28 Mar 2023 14:28:58 GMT
Connection: keep-alive
img.vmmcdn.com/get/7609021/200747_icon.png
46.4.121.113200 OK 78 kB URL HTTP/2 img.vmmcdn.com/get/7609021/200747_icon.png
IP 46.4.121.113:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 53282b73b589873fa79c738c03b4e47d
ca5ab91a4e36ebddd6b326fa67071e915415085d
530d10989a16c4cbdec879d1f82bb200fe63f5fb111179d873354058460dacc8
GET /get/7609021/200747_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.1
date: Tue, 28 Mar 2023 14:28:58 GMT
content-type: image/png
content-length: 78410
last-modified: Mon, 07 Nov 2022 15:29:52 GMT
cache-control: public, max-age=604800
etag: "63692470-1324a"
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
api.purpleads.io/x/b/?idx=0&pid=c732a112e014401eb898d68973e02b66&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=6411a0ba-5b9d-4146-a312-33be8d725b86&ts=1680013752773
34.236.45.130200 OK 0 B URL HTTP/2 api.purpleads.io/x/b/?idx=0&pid=c732a112e014401eb898d68973e02b66&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=6411a0ba-5b9d-4146-a312-33be8d725b86&ts=1680013752773
IP 34.236.45.130:0
GET /x/b/?idx=0&pid=c732a112e014401eb898d68973e02b66&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=6411a0ba-5b9d-4146-a312-33be8d725b86&ts=1680013752773 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: application/json
x-purpleads-version: 2.5.11
x-request-url: aHR0cHM6Ly9tZWdhdXAubmV0LzFkMDRiL1JpbVdvcmxkLnYxLjQuMzY3Ni56aXA=
Authorization: Bearer 70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:52 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-expose-headers: pa-user-id
x-request-id: 5d02431c-4318-46df-9695-0d22f07715a8
x-api-version: 0.46.10
set-cookie: pa-user-id=d81c5abb-f422-4718-b220-7f950ec44469; Domain=.purpleads.io; Path=/
pa-user-id: d81c5abb-f422-4718-b220-7f950ec44469
etag: W/"c02-zGpFbKs8dGK82xER3nMrOpjYr0E"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cc1b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/animations/animate.min.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-bc86"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/custom.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/custom.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/custom.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3577"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/global.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/global.js
IP 91.209.70.182:0
GET /themes/flow/js/global.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-d59"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/sw.js
91.209.70.182200 OK 0 B IP 91.209.70.182:0
GET /sw.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 20 Dec 2022 16:15:31 GMT
vary: Accept-Encoding
etag: W/"63a1dfa3-1927c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3ead"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/gauge.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/gauge.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/gauge.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45b8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-59d6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/isotope/isotope-style.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-af3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1680013751538
104.26.2.107200 OK 0 B URL HTTP/2 platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1680013751538
IP 104.26.2.107:0
GET /async.php?domainid=5593&sizeid=12&zoneid=6192&k=1680013751538 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=20D1CwNTi5zMP6AXWJqjbbm7EWvB3Jk9RPFXlhbU5ax7UeXNz%2Fs8AYzPvMLl3cLHakg9TpfiirsMZFvmjtCGjDr0x5ylPSxA4i4wD3e21zYtAa2bYFBHaQYyf%2FIjoYgWzirltD7I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af08fd9d843b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.132.29200 OK 0 B IP 172.64.132.29:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3080
last-modified: Tue, 28 Mar 2023 13:37:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=buC4U5LgnARqI7Jr7rsfb1pTCyAA%2F4DD05uumBgBWADp2eS8M2KjfVtOUfLgIo1gn6eBf71F%2Br%2Fcdb1sZ%2FacWftfWlMsf70DlvMTIISsgIJZI0NU5TaEidri2M%2BHcNQT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08fdc082e76e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
theharityhild.buzz/VXl2VTUOW05mB2NKRXcZd1tad1NtSkU2BWEbW2NQZRtbYVE3SVtsAW1OWzMDMBwTNlA2GhU2UHdVVGBUMEtDZAExVBUzDTdUQmEEYVRPYlE2VE5iB21AEGICYRwVYhd5WwUiF3lbAj1QPRgEPEEsER85UXsbAy9Pd1VUZAV7TFR5UzQVBTAZMxgaJlB5Hxc5RjAk
52.20.131.174200 OK 0 B URL HTTP/2 theharityhild.buzz/VXl2VTUOW05mB2NKRXcZd1tad1NtSkU2BWEbW2NQZRtbYVE3SVtsAW1OWzMDMBwTNlA2GhU2UHdVVGBUMEtDZAExVBUzDTdUQmEEYVRPYlE2VE5iB21AEGICYRwVYhd5WwUiF3lbAj1QPRgEPEEsER85UXsbAy9Pd1VUZAV7TFR5UzQVBTAZMxgaJlB5Hxc5RjAk
IP 52.20.131.174:0
GET /VXl2VTUOW05mB2NKRXcZd1tad1NtSkU2BWEbW2NQZRtbYVE3SVtsAW1OWzMDMBwTNlA2GhU2UHdVVGBUMEtDZAExVBUzDTdUQmEEYVRPYlE2VE5iB21AEGICYRwVYhd5WwUiF3lbAj1QPRgEPEEsER85UXsbAy9Pd1VUZAV7TFR5UzQVBTAZMxgaJlB5Hxc5RjAk HTTP/1.1
Host: theharityhild.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 087ab4289112caf78f5d759ff808adc0=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8449-zKQg3QFfkBLueatWQf8Ich+52aI"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/colors/flow.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/colors/flow.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/colors/flow.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-a83"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-1.11.0.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-1.11.0.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery-1.11.0.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1787d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-61ef"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
IP 91.209.70.182:0
GET /themes/flow/js/zeroClipboard/ZeroClipboard.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3bd2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14cc1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
api.purpleads.io/x/init?ts=1680013752560
34.236.45.130200 OK 0 B URL HTTP/2 api.purpleads.io/x/init?ts=1680013752560
IP 34.236.45.130:0
OPTIONS /x/init?ts=1680013752560 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-expose-headers: pa-user-id
x-request-id: 78235f53-b906-4a83-9cb6-3d956c55faab
x-api-version: 0.46.10
X-Firefox-Spdy: h2
api.purpleads.io/x/b/?idx=1&pid=c732a112e014401eb898d68973e02b66&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=6411a0ba-5b9d-4146-a312-33be8d725b86&demand=unifiedPb&ts=1680013753572
34.236.45.130200 OK 0 B URL HTTP/2 api.purpleads.io/x/b/?idx=1&pid=c732a112e014401eb898d68973e02b66&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=6411a0ba-5b9d-4146-a312-33be8d725b86&demand=unifiedPb&ts=1680013753572
IP 34.236.45.130:0
OPTIONS /x/b/?idx=1&pid=c732a112e014401eb898d68973e02b66&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=6411a0ba-5b9d-4146-a312-33be8d725b86&demand=unifiedPb&ts=1680013753572 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:52 GMT
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-expose-headers: pa-user-id
x-request-id: d3a4ed36-4b9f-4579-9a1f-bd981ccc2c22
x-api-version: 0.46.10
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cdf"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1124288330%3A1680013731226955&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QPqzvA6VnI_JJ6_THYOLdcYGva4MACsWJ3jlpcbNTp_l6FJ11gTNluIh6cPx3aT3FyH0JD&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1124288330%3A1680013731226955&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QPqzvA6VnI_JJ6_THYOLdcYGva4MACsWJ3jlpcbNTp_l6FJ11gTNluIh6cPx3aT3FyH0JD&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S1124288330%3A1680013731226955&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QPqzvA6VnI_JJ6_THYOLdcYGva4MACsWJ3jlpcbNTp_l6FJ11gTNluIh6cPx3aT3FyH0JD&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 28 Mar 2023 14:28:51 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-qh2Q3ayEDda8rK89j6CAOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:52 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Fri, 28 Apr 2023 14:28:52 GMT
etag: W/"cMPvpvd3jDHdlppiuYNttw=="
cf-cache-status: HIT
age: 316369
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08fe11ed60b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.iframe-transport.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.iframe-transport.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.iframe-transport.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2427"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/animation/jquery.appear.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-5c6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 0 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 28 Mar 2023 14:28:51 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7Q86v_-vYCwx9Kz3EzPDqgVgvzYDWrxin277iI162fu5nXLBMp4vsjR1MM63i5tpsZfJszz
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-tdEHZJqfSkJekWwYEwcWqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
content-type: application/binary
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:7IGjgTtuifmeivycCuz7oTOr4iFhnA:WYa86tYzBh1hLCOs; Expires=Thu, 27-Mar-2025 14:28:51 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: NRX5lujXp/FVCAYRWG18t2bbwn231+zOHm7sAttE9mzHjz6buYwHsb3e6ooeOnxDUuyxFhDFqynyfX68OnpPnA==
date: Tue, 28 Mar 2023 14:28:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/custom-isotope.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/custom/custom.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/custom/custom.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/custom/custom.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1420"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
IP 91.209.70.182:0
GET /themes/flow/styles/font-icons/entypo/css/entypo.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45f5"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.dataTables.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.dataTables.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.dataTables.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-10fe4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.132.29200 OK 0 B IP 172.64.132.29:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3080
last-modified: Tue, 28 Mar 2023 13:37:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H4F9sF2S28Dnp8W7ighaIA%2Fj7%2FePZdOpEzvmT%2BcKryo117lji3d3vHhI%2FGYgRTuJkiNHg3TPMVRN4yzX3HQ2hRqrDTU8t0P08g4xqlMTTtrgRT7%2FSRj3qif2pB5ZXdwX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08fdc082a76e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ad.a-ads.com/1811811?size=300x250
148.251.192.72200 OK 0 B URL HTTP/2 ad.a-ads.com/1811811?size=300x250
IP 148.251.192.72:0
ASN #24940 Hetzner Online GmbH
GET /1811811?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megaup.net/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.132.29200 OK 0 B IP 172.64.132.29:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3080
last-modified: Tue, 28 Mar 2023 13:37:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=34SjyZ5tuWdQxMqvn9dL3Z48Sjr4M2RW3p77Y%2BS9iZ7n1%2FpaFG%2FaJt4hH9EY1jLSC2ppMXmpmxGUWPCpVBLnC8v2txlBfF7g2O97ootJV0OFmpQqF92uwqh0lAQDa88i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08fdc083876e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/All-stylesheets.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-153"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.tmpl.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.tmpl.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.tmpl.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3cb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/load-image.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/load-image.min.js
IP 91.209.70.182:0
GET /themes/flow/js/load-image.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-9f2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/canvas-to-blob.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/canvas-to-blob.min.js
IP 91.209.70.182:0
GET /themes/flow/js/canvas-to-blob.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-408"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-process.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-process.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-process.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/1d04b/RimWorld.v1.4.3676.zip
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/1d04b/RimWorld.v1.4.3676.zip
IP 91.209.70.182:0
GET /1d04b/RimWorld.v1.4.3676.zip HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/file-upload.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/styles/file-upload.css
IP 91.209.70.182:0
GET /themes/flow/styles/file-upload.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-21ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-resize.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-resize.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-resize.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1f7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/stylesheet.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/stylesheet.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/stylesheet.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6c82"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6a684"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-dbd4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/retina/retina.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/retina/retina.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/retina/retina.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-52e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
api.purpleads.io/x/b/?idx=0&pid=c732a112e014401eb898d68973e02b66&sizes=[[300,250],[300,250],[200,200],[250,250],[300,100]]&slotid=331eb83c-e92c-489c-8059-9968127d24d2&ts=1680013752038
34.236.45.130200 OK 0 B URL HTTP/2 api.purpleads.io/x/b/?idx=0&pid=c732a112e014401eb898d68973e02b66&sizes=[[300,250],[300,250],[200,200],[250,250],[300,100]]&slotid=331eb83c-e92c-489c-8059-9968127d24d2&ts=1680013752038
IP 34.236.45.130:0
OPTIONS /x/b/?idx=0&pid=c732a112e014401eb898d68973e02b66&sizes=[[300,250],[300,250],[200,200],[250,250],[300,100]]&slotid=331eb83c-e92c-489c-8059-9968127d24d2&ts=1680013752038 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-expose-headers: pa-user-id
x-request-id: e7f7bdb8-d173-4264-b463-7b9ab960be29
x-api-version: 0.46.10
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.132.29200 OK 0 B IP 172.64.132.29:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 28 Mar 2023 14:28:51 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://megaup.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3080
last-modified: Tue, 28 Mar 2023 13:37:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLYi5yj0DyZoEXhTizsgopsqn1xP9loRTOaoxiExC%2FDBjIwbn%2Bhc%2BV4eSAWmXAkNi08R%2FhVf7kWZr%2FUm5IwFS3Vle3A%2F8DefvMDf7%2B%2By0ME%2BJ9AKAtNwG3al%2BCzMeVJh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af08fdc083f76e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-validate.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-validate.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-validate.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1d04b/RimWorld.v1.4.3676.zip
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-fea"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
Connection: keep-alive
Cookie: filehosting=3ki9pp00dgmj0daanfdp55l6l2; _ga=GA1.2.275354674.1680013222; _gid=GA1.2.648505740.1680013222
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 14:28:50 GMT
content-type: font/woff
content-length: 20972
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-51ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2