megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
91.209.70.182301 Moved Permanently 162 B URL HTTP/1.1 megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
IP 91.209.70.182:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /S54v/Subnoodlev1CIA-pokemonerdotcom.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 13 Nov 2022 13:20:46 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11433
Expires: Sun, 13 Nov 2022 16:31:19 GMT
Date: Sun, 13 Nov 2022 13:20:46 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1e969be0f3201087da138cbc8b89f10
d0a27f525f2b242b5dafa157f126c2ba880c8809
f7e5f39372b5adcc30c27e727eee1b19e6d13ed1b54fa1ad67235dc8ee08ac51
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4415
Cache-Control: max-age=167050
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:46 GMT
Etag: "6370c779-1d7"
Expires: Tue, 15 Nov 2022 11:44:56 GMT
Last-Modified: Sun, 13 Nov 2022 10:31:21 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5076aaa9f4ccd602540286ce0590cb9a
bbf7936a8413a564478971d9e19beb6338cbc869
00e3b967c579b0ccf709b78d497a43d95646b16eb50925fef1e2694c58f290b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5015
Expires: Sun, 13 Nov 2022 14:44:21 GMT
Date: Sun, 13 Nov 2022 13:20:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 13 Nov 2022 12:44:20 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2186
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2TvEvPrmcKsLGZt0YmFuCNW8okCv5l4hfEA7SPc+ppTuMgXySbYN3IYPY/8j5zWGihcKiGVsOyM=
x-amz-request-id: NH47VDK451Z60317
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 13 Nov 2022 12:50:41 GMT
age: 1805
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 00ef638feb957daef2ace22ca312f3ea
ee327b82ee7da17198e99257df9e06269bf298d6
a3e536f0bfa0267f9f7574391ca99c5c0985a8467f43e91473bdb8383b410ef8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:20:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 11 Nov 2022 11:25:44 GMT
Expires: Fri, 18 Nov 2022 11:25:43 GMT
Etag: "ee327b82ee7da17198e99257df9e06269bf298d6"
Cache-Control: max-age=424495,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7697ce856b8fb518-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1eef2be0906afad91d14b08cf95f8984
b8aad5030d175dc80c1b0acd20dd9120000ccb3b
114485c1a718bb0fd6a8258120c28e6a98383495374ec0b29676ee65a7b2dd5d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "114485C1A718BB0FD6A8258120C28E6A98383495374EC0B29676EE65A7B2DD5D"
Last-Modified: Sun, 13 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14487
Expires: Sun, 13 Nov 2022 17:22:14 GMT
Date: Sun, 13 Nov 2022 13:20:47 GMT
Connection: keep-alive
keydawnawe.com/gwZ1U5hjA8ii/32575
23.109.82.38200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 23.109.82.38:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 13 Nov 2022 13:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
altowriestwispy.com/tysaSHG1FMaM/18410
142.91.159.114200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 142.91.159.114:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 13 Nov 2022 13:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash d6dcd32d23f1840e1ed591b30b098bb6
98defcbcd3ae6d45e12b7ed0a55d7d32da675289
f7a78d0502af553972a836a0deb4a0239a3506fcf962f23f58c73fbb84c2313b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Retry-After, ETag, Alert, Expires, Backoff, Content-Type, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 13 Nov 2022 12:25:00 GMT
cache-control: public,max-age=3600
age: 3347
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-108868042-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 2240d1e8ff6e504108681a1548b8efe3
d358ef81ac166672bc2488715beed0fc608cc30b
598400ff7d2e4180a3b9b017fc67b1765c3c0bca6306f30633d3555420347ac2
GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 13 Nov 2022 13:20:47 GMT
expires: Sun, 13 Nov 2022 13:20:47 GMT
cache-control: private, max-age=900
last-modified: Sun, 13 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash d6dcd32d23f1840e1ed591b30b098bb6
98defcbcd3ae6d45e12b7ed0a55d7d32da675289
f7a78d0502af553972a836a0deb4a0239a3506fcf962f23f58c73fbb84c2313b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3cc4a825f6c4319d606a8aba8e6274e
6978c6e411912704dbe65df805371a709e12e343
a04c7d88f474477125e6090f952ccb3268a14e38bfd5ba447f97268156cfe1b7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A04C7D88F474477125E6090F952CCB3268A14E38BFD5BA447F97268156CFE1B7"
Last-Modified: Sun, 13 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17012
Expires: Sun, 13 Nov 2022 18:04:19 GMT
Date: Sun, 13 Nov 2022 13:20:47 GMT
Connection: keep-alive
megaup.net/themes/flow/frontend_assets/fonts/raleway.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31836, version 1.1\012- data
Hash 4514fa5a5b3d1e0b14aa32a7d068124a
e634977bfabc20ed15fe7ed03d3876cf68834b93
5b0f118d658eacc5740b10b0dc2ebbd99ee8e8262c72ff29bfcda48c02b19861
GET /themes/flow/frontend_assets/fonts/raleway.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: font/woff
content-length: 31836
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c5c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff
91.209.70.182200 OK 31 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31344, version 1.1\012- data
Hash 21f79e4c0fbe54a555170aa70bb4c8b7
9d4aaf2016cd21f16bc45089a48de84dba951fa7
2b638674bc57ad355ef2ecbd68e78ecb36bc323aaaf4ddeb9cd4f61bc5f26c42
GET /themes/flow/frontend_assets/fonts/raleway_extrabold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: font/woff
content-length: 31344
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7a70"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31980, version 1.1\012- data
Hash 99ac81a158028ac2023fb3350d2497e7
f08c12c91ab29282a616c3ba8e533f49b5b433ca
92a8c8eca8cfcfc53855bc48ba50b866704a00323c4e3089b564c939a668925d
GET /themes/flow/frontend_assets/fonts/raleway_semibold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: font/woff
content-length: 31980
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7cec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
91.209.70.182200 OK 21 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 20972, version 1.0\012- data
Hash cad75e2dacc6794c4e6b14727d4a989d
694d04c8f643df4100c23efc1463ac9f4e732f60
ebccc09339b7730324221aff3d11d215de9997b47bf708ca18a3be2d8e8b9887
GET /themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: font/woff
content-length: 20972
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-51ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
altowriestwispy.com/tysaSHG1FMaM/18410
142.91.159.114200 OK 25 B URL HTTP/1.1 altowriestwispy.com/tysaSHG1FMaM/18410
IP 142.91.159.114:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 13 Nov 2022 13:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
nydbehindforh.xyz/ZVM4SlAEMVsnbwRuWmwlFz8Fb2IjdgoMNAg+QiE2AWsKPTEcPRYpPAomXCwiCj1MZD4AJx14FikGCSYCNxd1PR4Pa1EOEwYkdhI7KQpvMj8BAnJ7HRwaShIDKzh3CSgzHFUtESsCfQAWEhZ0CWIgYX8nGi0YbHsjARFtb2IjHHxyOiE9bXIAHDB3Ez5dJHEMFhAxYCknNClPMzIhFVwEKhJgdBxgVwNgKSgwPgx6AA9mWRoqMCRhGxUzMXBzYCM+fjo1MR1ZGgRVdgoIHVURCitiICJqeQoXCmAfFAMEVHo0VhUKK2IgKW8gYRMJbw8RIAtAIDQgJ1QoCEgBCykIPyFhHgojN1UlAQECdic0VxVMDD0jI3YjFjQcfBBgAT1uIjEyEQgLYi8jYQ0VJwpCcmQrP2F7Hgw/UAsCMzxhEhUBCgtyOwACcicxIhlPCT0rImISJyAJVT46ARJtbDoWPFY6bQw7XiNhNCIKEB41HAB4Py4
108.157.229.6200 OK 1.2 kB URL HTTP/2 nydbehindforh.xyz/ZVM4SlAEMVsnbwRuWmwlFz8Fb2IjdgoMNAg+QiE2AWsKPTEcPRYpPAomXCwiCj1MZD4AJx14FikGCSYCNxd1PR4Pa1EOEwYkdhI7KQpvMj8BAnJ7HRwaShIDKzh3CSgzHFUtESsCfQAWEhZ0CWIgYX8nGi0YbHsjARFtb2IjHHxyOiE9bXIAHDB3Ez5dJHEMFhAxYCknNClPMzIhFVwEKhJgdBxgVwNgKSgwPgx6AA9mWRoqMCRhGxUzMXBzYCM+fjo1MR1ZGgRVdgoIHVURCitiICJqeQoXCmAfFAMEVHo0VhUKK2IgKW8gYRMJbw8RIAtAIDQgJ1QoCEgBCykIPyFhHgojN1UlAQECdic0VxVMDD0jI3YjFjQcfBBgAT1uIjEyEQgLYi8jYQ0VJwpCcmQrP2F7Hgw/UAsCMzxhEhUBCgtyOwACcicxIhlPCT0rImISJyAJVT46ARJtbDoWPFY6bQw7XiNhNCIKEB41HAB4Py4
IP 108.157.229.6:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3069), with no line terminators
Hash db231a1f4db308ef0973fea5ca79f4f8
e409f4caef4ea39cfb7f16f2156ca7bb4d292930
a5b34ff698945e4b9fa77fc3a7a04e308096841575bc3e3850614cdae8698929
GET /ZVM4SlAEMVsnbwRuWmwlFz8Fb2IjdgoMNAg+QiE2AWsKPTEcPRYpPAomXCwiCj1MZD4AJx14FikGCSYCNxd1PR4Pa1EOEwYkdhI7KQpvMj8BAnJ7HRwaShIDKzh3CSgzHFUtESsCfQAWEhZ0CWIgYX8nGi0YbHsjARFtb2IjHHxyOiE9bXIAHDB3Ez5dJHEMFhAxYCknNClPMzIhFVwEKhJgdBxgVwNgKSgwPgx6AA9mWRoqMCRhGxUzMXBzYCM+fjo1MR1ZGgRVdgoIHVURCitiICJqeQoXCmAfFAMEVHo0VhUKK2IgKW8gYRMJbw8RIAtAIDQgJ1QoCEgBCykIPyFhHgojN1UlAQECdic0VxVMDD0jI3YjFjQcfBBgAT1uIjEyEQgLYi8jYQ0VJwpCcmQrP2F7Hgw/UAsCMzxhEhUBCgtyOwACcicxIhlPCT0rImISJyAJVT46ARJtbDoWPFY6bQw7XiNhNCIKEB41HAB4Py4 HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1216
date: Sun, 13 Nov 2022 13:20:47 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: Y83APHfiqxaLcI52HKFj_fWnmaubZbHEXJYWrC3EZlGL1-BlDEc0Wg==
X-Firefox-Spdy: h2
nydbehindforh.xyz/SzUyMGcqV1FdWCoIUBYSOVkPFVUNEAB2AyZYSFsBLw0ARwYyWxxTCyRAVlYVJFtGHgkuQRcCISZmXFwUGVl3QCEsfFVSDX9kcXgTO1NnCQEvB15DIjMNQmAdO3B9SDYpZXZDAQp3BgQkCV5hVB1/cXF4EyNXcGUpAHFoAz88Xl19CS98YVkEen53Yj4SdmcGISxRBX4jIH9wWjJzf2N9AQIGURVVDXJ0dRUbX3NhJghaRVJXOERRA159bXQFVS5hAmEmInwXAiUbZEJ6AwxwWXQyJwVraBMBZFxqVy5hRnoDDHALdSYBQmhnXgB5X34NLlJ0UQQlZwd/V2ZZAmkzLGVhaDIaUAJcPSpydFo/DQAAfg5zVHBJC3tQdgkCL1hwBjQdBABpIHJ5anMmf3pwRywAZl5GNDJFAWk/cm1qdyYgUQJYPS8HeBVVCWR0SFYRbXh/MBNnWFUMcxNYQwglRQ9nNQFDcEMhBEdDRTM
108.157.229.6200 OK 1.2 kB URL HTTP/2 nydbehindforh.xyz/SzUyMGcqV1FdWCoIUBYSOVkPFVUNEAB2AyZYSFsBLw0ARwYyWxxTCyRAVlYVJFtGHgkuQRcCISZmXFwUGVl3QCEsfFVSDX9kcXgTO1NnCQEvB15DIjMNQmAdO3B9SDYpZXZDAQp3BgQkCV5hVB1/cXF4EyNXcGUpAHFoAz88Xl19CS98YVkEen53Yj4SdmcGISxRBX4jIH9wWjJzf2N9AQIGURVVDXJ0dRUbX3NhJghaRVJXOERRA159bXQFVS5hAmEmInwXAiUbZEJ6AwxwWXQyJwVraBMBZFxqVy5hRnoDDHALdSYBQmhnXgB5X34NLlJ0UQQlZwd/V2ZZAmkzLGVhaDIaUAJcPSpydFo/DQAAfg5zVHBJC3tQdgkCL1hwBjQdBABpIHJ5anMmf3pwRywAZl5GNDJFAWk/cm1qdyYgUQJYPS8HeBVVCWR0SFYRbXh/MBNnWFUMcxNYQwglRQ9nNQFDcEMhBEdDRTM
IP 108.157.229.6:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3061), with no line terminators
Hash f5e04ce5564dac1015ae110e9fe1afd6
f19243dabcf61200d4b268e749669addd2e92ed1
daccae28e369fc34de17e787bc1879284522c551843761b4bae2d7c9fb32160a
GET /SzUyMGcqV1FdWCoIUBYSOVkPFVUNEAB2AyZYSFsBLw0ARwYyWxxTCyRAVlYVJFtGHgkuQRcCISZmXFwUGVl3QCEsfFVSDX9kcXgTO1NnCQEvB15DIjMNQmAdO3B9SDYpZXZDAQp3BgQkCV5hVB1/cXF4EyNXcGUpAHFoAz88Xl19CS98YVkEen53Yj4SdmcGISxRBX4jIH9wWjJzf2N9AQIGURVVDXJ0dRUbX3NhJghaRVJXOERRA159bXQFVS5hAmEmInwXAiUbZEJ6AwxwWXQyJwVraBMBZFxqVy5hRnoDDHALdSYBQmhnXgB5X34NLlJ0UQQlZwd/V2ZZAmkzLGVhaDIaUAJcPSpydFo/DQAAfg5zVHBJC3tQdgkCL1hwBjQdBABpIHJ5anMmf3pwRywAZl5GNDJFAWk/cm1qdyYgUQJYPS8HeBVVCWR0SFYRbXh/MBNnWFUMcxNYQwglRQ9nNQFDcEMhBEdDRTM HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1208
date: Sun, 13 Nov 2022 13:20:47 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: _YKtJ6d5aEYgN06O0dIWrvFPVa4KCW8YTPca7qLT0EGrhnuH8W-UwA==
X-Firefox-Spdy: h2
keydawnawe.com/gwZ1U5hjA8ii/32575
23.109.82.38200 OK 26 B URL HTTP/1.1 keydawnawe.com/gwZ1U5hjA8ii/32575
IP 23.109.82.38:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 13 Nov 2022 13:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
nydbehindforh.xyz/a3lqV2sKGwk6VApECHEeGRVXclktXFgRDwYUEDwND0FYIAoSF0Q0BwQMDjEZBBceeQUODU9lLVgaADMEORIdBTwqIA00HDEcLh8fXCsrGTEIF1sCMzkKGh4MIjIrFgdfOCJnKSU6Jy09KQ4jNgwxNy4fH1MvLCQhIDoeBy46SQUbW1M+Pj4IBDwrJwgyPQ0UPCo3XRw6LTErPT4DMT9nCSJLBR89BywYHhwDHCgUBB8vHQIeCEsgFC4HCVgNKj0cKD4iATs/BSUPMR00OltIWjEuJjE4OTEbKDIBJQ8xHREzDCMdMi0IPCE6JU5LKAYAUhwJOgcpHT96WlsfKxUpPyE/GTocHQ42IxMbLzsbWTISMz4qAAYnOiM/CzMFWjooZgdZHzw0LTw6KzsqLTAlHD85ISgEXlgfLzQxPD4rYj8cIw4zWFI+LjsDWhwvOCozIThyWSkoDRJNAQoFORtWESVjGSEQGDgqCA0k
108.157.229.6200 OK 1.2 kB URL HTTP/2 nydbehindforh.xyz/a3lqV2sKGwk6VApECHEeGRVXclktXFgRDwYUEDwND0FYIAoSF0Q0BwQMDjEZBBceeQUODU9lLVgaADMEORIdBTwqIA00HDEcLh8fXCsrGTEIF1sCMzkKGh4MIjIrFgdfOCJnKSU6Jy09KQ4jNgwxNy4fH1MvLCQhIDoeBy46SQUbW1M+Pj4IBDwrJwgyPQ0UPCo3XRw6LTErPT4DMT9nCSJLBR89BywYHhwDHCgUBB8vHQIeCEsgFC4HCVgNKj0cKD4iATs/BSUPMR00OltIWjEuJjE4OTEbKDIBJQ8xHREzDCMdMi0IPCE6JU5LKAYAUhwJOgcpHT96WlsfKxUpPyE/GTocHQ42IxMbLzsbWTISMz4qAAYnOiM/CzMFWjooZgdZHzw0LTw6KzsqLTAlHD85ISgEXlgfLzQxPD4rYj8cIw4zWFI+LjsDWhwvOCozIThyWSkoDRJNAQoFORtWESVjGSEQGDgqCA0k
IP 108.157.229.6:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3061), with no line terminators
Hash 827ba8c7eb854d065da09637c8fa5229
1576d5b1ad38efe7fd55471449059073f7f8ff94
5374cdebdd3c20c48e9e038a22fbc68ce05a2db788b12fd7e1437427b7116d85
GET /a3lqV2sKGwk6VApECHEeGRVXclktXFgRDwYUEDwND0FYIAoSF0Q0BwQMDjEZBBceeQUODU9lLVgaADMEORIdBTwqIA00HDEcLh8fXCsrGTEIF1sCMzkKGh4MIjIrFgdfOCJnKSU6Jy09KQ4jNgwxNy4fH1MvLCQhIDoeBy46SQUbW1M+Pj4IBDwrJwgyPQ0UPCo3XRw6LTErPT4DMT9nCSJLBR89BywYHhwDHCgUBB8vHQIeCEsgFC4HCVgNKj0cKD4iATs/BSUPMR00OltIWjEuJjE4OTEbKDIBJQ8xHREzDCMdMi0IPCE6JU5LKAYAUhwJOgcpHT96WlsfKxUpPyE/GTocHQ42IxMbLzsbWTISMz4qAAYnOiM/CzMFWjooZgdZHzw0LTw6KzsqLTAlHD85ISgEXlgfLzQxPD4rYj8cIw4zWFI+LjsDWhwvOCozIThyWSkoDRJNAQoFORtWESVjGSEQGDgqCA0k HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1205
date: Sun, 13 Nov 2022 13:20:47 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: YQTMcLBtSf8DKq6NepRPNUZ18BlKaII8skaapWiO8FGPJzSIVAjpkg==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
91.209.70.182200 OK 165 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash d9a482f3cecac321171489c73ee7a350
fbfe4b8362112dedca078cb027b218bba7cb2996
64156bd3da05f9a15e02c1a0aa9d3999c1098636c47f86bca083bd35f5d55d1c
GET /themes/flow/frontend_assets/css/All-stylesheets.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-153"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/custom.css
91.209.70.182200 OK 3.4 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/custom.css
IP 91.209.70.182:0
File type assembler source, ASCII text, with CRLF line terminators
Hash 39f75e058b0ed002fc475232f45a93f0
8ef86552b3d1aeb260a7603915dec049da363978
6b71e51f798a06b773a3e73771659cc3860ff156f857c82eb36182475596c7f1
GET /themes/flow/frontend_assets/css/custom.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3577"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0a9a357f652868f9317812b8103ba15d
95a90c7a07b591dce7f39c6f9ab27974d1a1ed2a
16fd52c7ee6806455e724f30af8d58630a141a8a3823c48c20b5da3a71f066da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5220
Cache-Control: max-age=162785
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:47 GMT
Etag: "6370b3ac-1d7"
Expires: Tue, 15 Nov 2022 10:33:52 GMT
Last-Modified: Sun, 13 Nov 2022 09:06:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
megaup.net/themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css
91.209.70.182200 OK 20 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css
IP 91.209.70.182:0
File type assembler source, ASCII text, with very long lines (540), with CRLF line terminators
Hash 352242824462cfe5a2e55b933244eff7
1eb0a44646fc73bbba73560a9ec9fd9c68f2d641
c84ebc4ec73675021890c862b79a71559dc5382c49203127cf53c022ba51392f
GET /themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cc1b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/imageads/006.gif
91.209.70.182200 OK 488 kB URL HTTP/2 megaup.net/imageads/006.gif
IP 91.209.70.182:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 488 kB (487959 bytes)
Hash 8585330959c318da485bc3b11246760b
3f070b053a6ddeb836991c523dc355cc6c6f04bb
ed0a4cc1375c558e1c36c611ff570b782a40a15ba3d4f50ee965f6ddbee19499
GET /imageads/006.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: image/gif
content-length: 487959
last-modified: Mon, 29 Mar 2021 20:01:40 GMT
vary: Accept-Encoding
etag: "60623224-77217"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
nydbehindforh.xyz/dGR3ODAVBhRVDxVZFR5FBghKHQIyQUV+VBkJDVNWEFxFT1ENCllbXBsRE15CGwoDFl4REFIKdgEpHFsEIwgTansyPU9ZdS0RL39UASYZDHEWIzptfCEXRndlPlIVX1s1JxANCTccD195MikudXIlHiZSBQUlGn5lOx4bblUcUFIKdjsyMQ5zLBNFblkhIhVWdjwuEG0DOyEQTWYwPUV+AyJBRXpSRw80YVcEFREIZQEyHQwEJjAmXFEzABR1SEULLU9+RyIaSEk1NSJcUTMAMXRcLhcuQFREARkBXDUOT3dSGi01emJFCy0IcQwsIFNnNVcUdlQzBxVhV1kUBnV2Fw8iQmYNJTZ9exUJLntUAwgGYlgQVTR8R1FWNWlzPgE5awgsAC8NQi4TE0hzPBMefAMtKhYKYTMCEFBALRMHT3QjDBt5XjFCHUtfGhRKbmMjXD59YT82EFNyEw
108.157.229.6200 OK 1.2 kB URL HTTP/2 nydbehindforh.xyz/dGR3ODAVBhRVDxVZFR5FBghKHQIyQUV+VBkJDVNWEFxFT1ENCllbXBsRE15CGwoDFl4REFIKdgEpHFsEIwgTansyPU9ZdS0RL39UASYZDHEWIzptfCEXRndlPlIVX1s1JxANCTccD195MikudXIlHiZSBQUlGn5lOx4bblUcUFIKdjsyMQ5zLBNFblkhIhVWdjwuEG0DOyEQTWYwPUV+AyJBRXpSRw80YVcEFREIZQEyHQwEJjAmXFEzABR1SEULLU9+RyIaSEk1NSJcUTMAMXRcLhcuQFREARkBXDUOT3dSGi01emJFCy0IcQwsIFNnNVcUdlQzBxVhV1kUBnV2Fw8iQmYNJTZ9exUJLntUAwgGYlgQVTR8R1FWNWlzPgE5awgsAC8NQi4TE0hzPBMefAMtKhYKYTMCEFBALRMHT3QjDBt5XjFCHUtfGhRKbmMjXD59YT82EFNyEw
IP 108.157.229.6:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash 4d71a4aeeaa18d622fdd4ac7b3d34bea
128ad85302b6f68dc2d3bcc6124a5bffb1709c8b
8ccb09262145a07b8cb0576ef8ec135b9710debd079922d0874d073d2d43deec
GET /dGR3ODAVBhRVDxVZFR5FBghKHQIyQUV+VBkJDVNWEFxFT1ENCllbXBsRE15CGwoDFl4REFIKdgEpHFsEIwgTansyPU9ZdS0RL39UASYZDHEWIzptfCEXRndlPlIVX1s1JxANCTccD195MikudXIlHiZSBQUlGn5lOx4bblUcUFIKdjsyMQ5zLBNFblkhIhVWdjwuEG0DOyEQTWYwPUV+AyJBRXpSRw80YVcEFREIZQEyHQwEJjAmXFEzABR1SEULLU9+RyIaSEk1NSJcUTMAMXRcLhcuQFREARkBXDUOT3dSGi01emJFCy0IcQwsIFNnNVcUdlQzBxVhV1kUBnV2Fw8iQmYNJTZ9exUJLntUAwgGYlgQVTR8R1FWNWlzPgE5awgsAC8NQi4TE0hzPBMefAMtKhYKYTMCEFBALRMHT3QjDBt5XjFCHUtfGhRKbmMjXD59YT82EFNyEw HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Sun, 13 Nov 2022 13:20:47 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: NSzCvRX4HT25z0L6wnw9vfPvYMX90IJWrSqhbDnR4-V0peek0OwxFA==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 281 B IP 104.18.32.68:0
Hash e5f4a78104b19bf1ebd759ce4712aaa4
8643ef6362f78a633aebd117493ec6d4270fe9e2
0b53238dfba1f101aba5d2959acc017b41ef63d2fc0dc6152ae71fff80dfb6a3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:20:48 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Fri, 11 Nov 2022 21:53:48 GMT
Expires: Fri, 18 Nov 2022 21:53:47 GMT
Etag: "8643ef6362f78a633aebd117493ec6d4270fe9e2"
Cache-Control: max-age=462178,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7697ce8bfa93b518-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a9852b46746ff12b1c0d54b5242f7039
616745f47df1e9bb43cb0ee3636b831069103842
44cadf140658d6e412cf768c48994c37a2f0a2100d5930f408e0977f7ee4cf22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "44CADF140658D6E412CF768C48994C37A2F0A2100D5930F408E0977F7EE4CF22"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1501
Expires: Sun, 13 Nov 2022 13:45:49 GMT
Date: Sun, 13 Nov 2022 13:20:48 GMT
Connection: keep-alive
platform.bidgear.com/media/img/b15.png
172.67.74.36200 OK 649 B URL HTTP/2 platform.bidgear.com/media/img/b15.png
IP 172.67.74.36:0
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash d832fb80c97ff291b952757bb98240d2
63732e61a0784ed68fde494f83e4686a5c4bf7fa
7b35c11af8accdb40a14303dd3ae2762a97d2527933c56b6c9be6da2d0d11943
GET /media/img/b15.png HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: image/png
content-length: 649
last-modified: Mon, 25 Jul 2022 09:43:33 GMT
etag: "62de65c5-289"
expires: Tue, 22 Nov 2022 09:44:56 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1827333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hL33bkxDbmdxsuzuY8HIgoTm4squaGD7gMBBBHUORyXLknadLSTRulQAe9PkDl2IbkaOfDrtX7TkaySowDYY%2B3NpFgau6nRxXQI3iTqM53rhykoMDGKC%2BGUsJ98DtdEdOd0EZvK1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7697ce8c7a7e0b61-OSL
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/LU1lRRDMwNj8iDCcwNXkLYWxodQJ1MyIrXSNkOCxVOmgANQEJFwELC2E2GmJHKT1sdBU/OD8jDnU8PycOYn8wIFFubXcwQzwybDFdNzw3LV02PXcxUm40Pj5aPzUwYQEVbH90FmFpeTNaPT0+M0B2a2EqR3ZrYXUDfWl0d3F2a2EzWj1vZWEAEXxjdEtlbX-R3cXZrYTZFdmoQdQNmd2FtFmFpNiFQODZ0dnVhaWB0A2JpYGEBYz84NlY1NilhARVoYXEdY38keQJmaGJwCmNqZXwEZmtjdAU
54.230.245.88200 OK 368 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/LU1lRRDMwNj8iDCcwNXkLYWxodQJ1MyIrXSNkOCxVOmgANQEJFwELC2E2GmJHKT1sdBU/OD8jDnU8PycOYn8wIFFubXcwQzwybDFdNzw3LV02PXcxUm40Pj5aPzUwYQEVbH90FmFpeTNaPT0+M0B2a2EqR3ZrYXUDfWl0d3F2a2EzWj1vZWEAEXxjdEtlbX-R3cXZrYTZFdmoQdQNmd2FtFmFpNiFQODZ0dnVhaWB0A2JpYGEBYz84NlY1NilhARVoYXEdY38keQJmaGJwCmNqZXwEZmtjdAU
IP 54.230.245.88:0
File type ASCII text, with very long lines (464), with no line terminators
Hash 5b3b6b176ebffab4f90048bb20adb3a2
09aabfdc156946bc3a25c3076b379bf36f3fe0a0
f320de811da5788eda11be1a01ee7c5778809beaa834c90642e8a1de7f2bb3e2
GET /LU1lRRDMwNj8iDCcwNXkLYWxodQJ1MyIrXSNkOCxVOmgANQEJFwELC2E2GmJHKT1sdBU/OD8jDnU8PycOYn8wIFFubXcwQzwybDFdNzw3LV02PXcxUm40Pj5aPzUwYQEVbH90FmFpeTNaPT0+M0B2a2EqR3ZrYXUDfWl0d3F2a2EzWj1vZWEAEXxjdEtlbX-R3cXZrYTZFdmoQdQNmd2FtFmFpNiFQODZ0dnVhaWB0A2JpYGEBYz84NlY1NilhARVoYXEdY38keQJmaGJwCmNqZXwEZmtjdAU HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nydbehindforh.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 368
date: Sun, 13 Nov 2022 13:20:48 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YrH-PdWbdOSbNlWqNkZNrxbJjmE0hOioqyGNRICt4HQfrnQGc4bc2w==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/mSnlsRlEpFgIgbj4QCHtpfU9fd2lsEx8pPzpEOxQbPDsfAB44CBkSdz4DCHthbBUNKDZ3XwkoMndISic1KERYYCU6Fgd7NDkJBjU8JQMfI3c/GFErPjAQACowb0sqc396XF52eT0QAiI+PQpJdGEkDUl0YXtJQnZ0eTtJdGE9EAJwZW9KLmNjegFacnR5O0-l0YTgPSXUQe0lZaGFjXF52Ni8aByl0eD9edmB6SV12YG9LXCA4OBwKKSlvSyp3YX9XXGAkd0hZd2J+QFx1ZXJOWXRjek8
54.230.245.88200 OK 452 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/mSnlsRlEpFgIgbj4QCHtpfU9fd2lsEx8pPzpEOxQbPDsfAB44CBkSdz4DCHthbBUNKDZ3XwkoMndISic1KERYYCU6Fgd7NDkJBjU8JQMfI3c/GFErPjAQACowb0sqc396XF52eT0QAiI+PQpJdGEkDUl0YXtJQnZ0eTtJdGE9EAJwZW9KLmNjegFacnR5O0-l0YTgPSXUQe0lZaGFjXF52Ni8aByl0eD9edmB6SV12YG9LXCA4OBwKKSlvSyp3YX9XXGAkd0hZd2J+QFx1ZXJOWXRjek8
IP 54.230.245.88:0
File type ASCII text, with very long lines (588), with no line terminators
Hash 04cfb10090fbcae89c58ef132a28e4e7
64eb590137f2ad0d38ef6a4de2c595a7e88f2820
dc48cc11af7ffa973dade03279538290d9003b57820b913f34d14ed4eabacba8
GET /mSnlsRlEpFgIgbj4QCHtpfU9fd2lsEx8pPzpEOxQbPDsfAB44CBkSdz4DCHthbBUNKDZ3XwkoMndISic1KERYYCU6Fgd7NDkJBjU8JQMfI3c/GFErPjAQACowb0sqc396XF52eT0QAiI+PQpJdGEkDUl0YXtJQnZ0eTtJdGE9EAJwZW9KLmNjegFacnR5O0-l0YTgPSXUQe0lZaGFjXF52Ni8aByl0eD9edmB6SV12YG9LXCA4OBwKKSlvSyp3YX9XXGAkd0hZd2J+QFx1ZXJOWXRjek8 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nydbehindforh.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 452
date: Sun, 13 Nov 2022 13:20:48 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ng4G0urLeaBBayN9pK5Flm2FyqUNdcQECNkUtXOYkS3QbqemdGMaWg==
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/3cjdoRkwRWAYgcwZeDHt7RANZcn1UXRspIgIKAAl4AH0BNCMzVBwIagZNDHt8VFsJKCtPEQ0oL08GTicoEApcYDgCWAN7KQFHAjUhHU0bI2oHVlUrIwheBCotVwUuc2JCElp2ZAVeBiIjBURNdHwcQ010fEMHRnZpQXVNdHwFXgZweFcEKmN+Qk9ecmlBdU-10fABBTXUNQwddaHxbElp2KxdUAylpQHFadn1CB1l2fVcFWCAlAFIOKTRXBS53fEcZWGA5TwZdd39GDlh1eEoAXXR+QgE
54.230.245.88200 OK 592 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/3cjdoRkwRWAYgcwZeDHt7RANZcn1UXRspIgIKAAl4AH0BNCMzVBwIagZNDHt8VFsJKCtPEQ0oL08GTicoEApcYDgCWAN7KQFHAjUhHU0bI2oHVlUrIwheBCotVwUuc2JCElp2ZAVeBiIjBURNdHwcQ010fEMHRnZpQXVNdHwFXgZweFcEKmN+Qk9ecmlBdU-10fABBTXUNQwddaHxbElp2KxdUAylpQHFadn1CB1l2fVcFWCAlAFIOKTRXBS53fEcZWGA5TwZdd39GDlh1eEoAXXR+QgE
IP 54.230.245.88:0
File type ASCII text, with very long lines (824), with no line terminators
Hash 53861da3252ad06f878e59863941e6f3
360f1765b97693e4b6cf9e6c0a891b6221a30ada
28fdc11b2023c0b5042e8c5bd11a3ae82b1a99680d5f79fb18fed92155f77318
GET /3cjdoRkwRWAYgcwZeDHt7RANZcn1UXRspIgIKAAl4AH0BNCMzVBwIagZNDHt8VFsJKCtPEQ0oL08GTicoEApcYDgCWAN7KQFHAjUhHU0bI2oHVlUrIwheBCotVwUuc2JCElp2ZAVeBiIjBURNdHwcQ010fEMHRnZpQXVNdHwFXgZweFcEKmN+Qk9ecmlBdU-10fABBTXUNQwddaHxbElp2KxdUAylpQHFadn1CB1l2fVcFWCAlAFIOKTRXBS53fEcZWGA5TwZdd39GDlh1eEoAXXR+QgE HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nydbehindforh.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 592
date: Sun, 13 Nov 2022 13:20:48 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ek06rVzQtaW3AeBAgbcUDTdAMFqqMoQ9Ztklv3EntefhOF9XgFliNw==
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css
91.209.70.182200 OK 4.7 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css
IP 91.209.70.182:0
File type ASCII text, with CRLF line terminators
Hash 25c8570702e4c79e953744214b93bea7
e5324d955e06574100e6d195be40f8c584e2196f
0cc509311e47b9e478ec78ac36fd674b30eb85d7a857709f0579b80352907f6d
GET /themes/flow/frontend_assets/css/animations/animate.min.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-bc86"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/
54.230.245.88200 OK 73 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/
IP 54.230.245.88:0
File type ASCII text, with no line terminators
Hash de37377b72195a4f064edf7ec8a76676
ed544d5b6a37acad78498099407c648a93316ddb
b3209cc0b1d1b71e85af4e843afe00a3079f3286d52b3fb47e72c6c5c48b8399
GET / HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 73
date: Sun, 13 Nov 2022 13:08:11 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wp9atUEmNZ7ZH_VbadQ2KnzG8glVYj_xVjZt9Dp65QiRbwwfOBbHCg==
age: 757
X-Firefox-Spdy: h2
a.exdynsrv.com/ad-provider.js
205.185.216.42200 OK 26 kB URL HTTP/1.1 a.exdynsrv.com/ad-provider.js
IP 205.185.216.42:0
File type ASCII text, with very long lines (49839)
Hash c83cccdb3878abab59d0a87ee6a036d3
4b961d96b1dac43f390245a3c960e8cbe19c842a
c746db61fc1c5c32abc92007a30b121eda199668860d45264305636cc08cd32d
GET /ad-provider.js HTTP/1.1
Host: a.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226370ec586e3a60.97031792357547220%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226370ec586e3a60.97031792357547220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22511.0199%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:20:48 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 25578
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"5cdb4375bc03f18654747ec333e"
X-HW: 1668345648.dop202.sk1.t,1668345648.cds221.sk1.shn,1668345648.dop202.sk1.t,1668345648.cds246.sk1.c
Access-Control-Allow-Origin: *, *
push.services.mozilla.com/
44.237.239.70101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.239.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ndi9fX0iVQxbMTWBXzUabw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Bb3nPU2gTfODUKNE7UiwdcKpdhg=
megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
91.209.70.182200 OK 951 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png
IP 91.209.70.182:0
File type PNG image data, 114 x 114, 8-bit colormap, non-interlaced\012- data
Hash 76852bc6b2c028db97322a74e85bd020
ed52fb4de0d51f93277bbaae42fa80ba5f92c31e
8a5ef2ef8440c17db1b1b539065ba4a887e07a2c508b79c2d1659512e9016884
GET /themes/flow/frontend_assets/images/icons/favicon/apple-touch-icon-114x114.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: image/png
content-length: 951
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-3b7"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 740a41f4824c97ddb727f594537d31c2
93e5fc832baf0505d264b90ceafc43d9bec4af75
e41458a9e00fa5a8374e69816efe59a615617ca4cc82bb51d17efd025c33aa6b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3498
Cache-Control: max-age=157821
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:48 GMT
Etag: "6370a703-1d7"
Expires: Tue, 15 Nov 2022 09:11:09 GMT
Last-Modified: Sun, 13 Nov 2022 08:12:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1668345646661
172.67.74.36200 OK 22 kB URL HTTP/2 platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1668345646661
IP 172.67.74.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (4445), with no line terminators
Hash e28e996908a9fa318b5daeae3fa5bd08
82cef3478db2b3aa9cce3d62236cdd8c3001b458
22acdbfe6272451972a2c05669ddfd3a941a8accfc4938755c5da82655489925
GET /async.php?domainid=5593&sizeid=12&zoneid=6192&k=1668345646661 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gKHIIbLZhNBPCVMALa%2FOxmG3skRN8cHvqIdEH6XdSm2rwYMNENcOidyvfhX8%2BXwdaFXYxvT7NVZoBSyzxIep1A6rVI3gohx6cBYSquJABgjXFQvI6ZcTEkmh31hEmkmjyQ6JWCih"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7697ce8b79580b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
dmmzkfd82wayn.cloudfront.net/uMkc4WldRKFY8aEYuXGduBn4AbGMULUs1OUJ6bgkACg59CxxgIFMYMBQzQj5qAmFUOzlVeh4/OVF6CXw2ViUFbnFHJgU3OEguVDY2F3V+b3kCYgpqf0UuVj44RTQdaGdcMx1oZwN3FmpyAQUdaGdFLlZsYxd0en9lAj8ObnIBBR1oZ0AxHWkWA3cNdGcbYg-pqMFckUzVyAAEKamYCdwlqZhd1CDw+QCJeNS8XdX5rZwdpCHwiD3YNa2QGfghpYwpwDWhlAnE
54.230.245.88200 OK 184 B URL HTTP/2 dmmzkfd82wayn.cloudfront.net/uMkc4WldRKFY8aEYuXGduBn4AbGMULUs1OUJ6bgkACg59CxxgIFMYMBQzQj5qAmFUOzlVeh4/OVF6CXw2ViUFbnFHJgU3OEguVDY2F3V+b3kCYgpqf0UuVj44RTQdaGdcMx1oZwN3FmpyAQUdaGdFLlZsYxd0en9lAj8ObnIBBR1oZ0AxHWkWA3cNdGcbYg-pqMFckUzVyAAEKamYCdwlqZhd1CDw+QCJeNS8XdX5rZwdpCHwiD3YNa2QGfghpYwpwDWhlAnE
IP 54.230.245.88:0
File type ASCII text, with no line terminators
Hash d44781c44e7f508099e7c8588598b7a5
417c130df14dec4ea96ad5325d5ba6cb3dbb0d34
2337b0f7059dd38442ce61ee7de586eadb0df11cb4fca9550e565aa562465b46
GET /uMkc4WldRKFY8aEYuXGduBn4AbGMULUs1OUJ6bgkACg59CxxgIFMYMBQzQj5qAmFUOzlVeh4/OVF6CXw2ViUFbnFHJgU3OEguVDY2F3V+b3kCYgpqf0UuVj44RTQdaGdcMx1oZwN3FmpyAQUdaGdFLlZsYxd0en9lAj8ObnIBBR1oZ0AxHWkWA3cNdGcbYg-pqMFckUzVyAAEKamYCdwlqZhd1CDw+QCJeNS8XdX5rZwdpCHwiD3YNa2QGfghpYwpwDWhlAnE HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nydbehindforh.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 184
date: Sun, 13 Nov 2022 13:20:48 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: N9g6s7gOOLRX0Yw97PblTd1VSlzxNkEZWl8hAlU-PHq2onztDM0nkg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 94d0b9f68afd0648976edaa945b4b007
a6d9b4eb7004e24c9f27dbc08803cb2642a5e670
bf09fbda8eeff9552d63d17b72b2103caad68b87874419679e025123666b368f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imp9.bidgear.com/rec?t=1&z=6192&uuid=b2b84b0c7b604c678006ae0259289ff7&p=28&g=NO&token=4a44335432&tbg=1668345647
172.67.74.36200 OK 599 B URL HTTP/2 imp9.bidgear.com/rec?t=1&z=6192&uuid=b2b84b0c7b604c678006ae0259289ff7&p=28&g=NO&token=4a44335432&tbg=1668345647
IP 172.67.74.36:0
File type JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Hash ca49a7e783b806a4e8576ea80346203d
6fe9d083221dae98f6c76f7121c37bc884b02d82
3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28
GET /rec?t=1&z=6192&uuid=b2b84b0c7b604c678006ae0259289ff7&p=28&g=NO&token=4a44335432&tbg=1668345647 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: image/jpeg
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YcTivSe6ghxIm0mcGXi6aSKXJleNn0W2S%2F7FAwGYMwBHXvgIrJIeF8sKSfuk5BV%2FNj1nlI7HUyNzsr1WiOWFNucUB4i37WRwPvfTWl4LO3OCB%2FCaw%2Byi6AEgR9M3pMV7nY8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7697ce8c8a8c0b61-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 94d0b9f68afd0648976edaa945b4b007
a6d9b4eb7004e24c9f27dbc08803cb2642a5e670
bf09fbda8eeff9552d63d17b72b2103caad68b87874419679e025123666b368f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nydbehindforh.xyz/utx?cb=NqiIIDncmxyB&top=megaup.net&tid=761186
108.157.229.6204 No Content 0 B URL HTTP/2 nydbehindforh.xyz/utx?cb=NqiIIDncmxyB&top=megaup.net&tid=761186
IP 108.157.229.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=NqiIIDncmxyB&top=megaup.net&tid=761186 HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 13 Nov 2022 13:20:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 13 Nov 2022 13:21:48 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: VbGU-hthP-eSWITBhgf57o8-KXLKVy0FALNyKrjy6iDvD-McenusbQ==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 390 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 082233be2066a1da08cbb58063ad59e7
b253593abb7159f4ca16c9e2dbcb2cba52132407
036e2047ed35aa1238937a95f89d2182c268d106e26ab5dc64fc3c7411ce54d9
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Nov 2022 13:20:48 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-553043912%3A1668345648268139&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuKIlnMuQ2kg3667UEYBepjmEQf-Lfi7OFFx17hRUVIFYNLOWcXu7sHv-3h2ALqW322TiUjlw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-e0vAGdvKIcygd1Dwm09gAg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:Q85z-xHeJEFZrBca6kWPkUbLvFvKXA:LhJuCypbgDemCfFa;Path=/;Expires=Tue, 12-Nov-2024 13:20:48 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&a=2065385060&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2FS54v%2FSubnoodlev1CIA-pokemonerdotcom.rar&ul=en-us&de=UTF-8&dt=Subnoodlev1CIA-pokemonerdotcom.rar%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAUABAAAAACAAI~&jid=1930410276&gjid=691257831&cid=358571762.1668344919&tid=UA-108868042-1&_gid=185099683.1668344919&_r=1>m=2oub90&z=1884516414
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=2065385060&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2FS54v%2FSubnoodlev1CIA-pokemonerdotcom.rar&ul=en-us&de=UTF-8&dt=Subnoodlev1CIA-pokemonerdotcom.rar%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAUABAAAAACAAI~&jid=1930410276&gjid=691257831&cid=358571762.1668344919&tid=UA-108868042-1&_gid=185099683.1668344919&_r=1>m=2oub90&z=1884516414
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=2065385060&t=pageview&_s=1&dl=https%3A%2F%2Fmegaup.net%2FS54v%2FSubnoodlev1CIA-pokemonerdotcom.rar&ul=en-us&de=UTF-8&dt=Subnoodlev1CIA-pokemonerdotcom.rar%20-%20MegaUp&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAUABAAAAACAAI~&jid=1930410276&gjid=691257831&cid=358571762.1668344919&tid=UA-108868042-1&_gid=185099683.1668344919&_r=1>m=2oub90&z=1884516414 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain
Content-Length: 0
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://megaup.net
date: Sun, 13 Nov 2022 13:20:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
nydbehindforh.xyz/utx?cb=018mKpRfmatK&top=megaup.net&tid=825911
108.157.229.6204 No Content 0 B URL HTTP/2 nydbehindforh.xyz/utx?cb=018mKpRfmatK&top=megaup.net&tid=825911
IP 108.157.229.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=018mKpRfmatK&top=megaup.net&tid=825911 HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 13 Nov 2022 13:20:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 13 Nov 2022 13:21:48 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: ld1qKeAF0wgzE1MOx7UgEH9SwhgwQHyN2a1wwWDJcPmGm66oFwLgdw==
X-Firefox-Spdy: h2
syndication.exdynsrv.com/v1/api.php
95.211.229.246200 OK 800 B URL HTTP/1.1 syndication.exdynsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1065), with no line terminators
Hash e848dcbc2c0fa72696d1bce67604f667
5eb0a8e46c37774d1abf1a2d6c567c3a09453092
dd8bc8a10f2c4c8be602a2b95e649e991a1d4e47e10a432584d7c2228d354853
POST /v1/api.php HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 330
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226370ec586e3a60.97031792357547220%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226370ec586e3a60.97031792357547220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22511.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 13 Nov 2022 13:20:48 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 399 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 0ca74004b24e06cc2a0d5252400f61c3
aec7ed1144c706e2fffdc16be935f706cbb1b46a
4b5d4df2fddb088e1e60a1331b5ca1bcfee790fa82c930d280b3a67dfd2533fc
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Nov 2022 13:20:48 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-939002058%3A1668345648315455&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt-RFJ27HxIrQ8thD76Z9VvcX8wIaRrJ-_1JyM-_D46Necgc-IBPEsXC8mTlzma8bnJRE_tMA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-L4CuprQZSSYb9SgVX5FVoA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 399
server: GSE
set-cookie: __Host-GAPS=1:fEjsj7x0ErV1_LVSgpoOJuUaFEZSJQ:pCMyc1mgkHTd2iNl;Path=/;Expires=Tue, 12-Nov-2024 13:20:48 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 740a41f4824c97ddb727f594537d31c2
93e5fc832baf0505d264b90ceafc43d9bec4af75
e41458a9e00fa5a8374e69816efe59a615617ca4cc82bb51d17efd025c33aa6b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3498
Cache-Control: max-age=157821
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:48 GMT
Etag: "6370a703-1d7"
Expires: Tue, 15 Nov 2022 09:11:09 GMT
Last-Modified: Sun, 13 Nov 2022 08:12:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 8407d0e10edccb49f0046879825b7141
c9c4dcfc9e674053ed246cc99500d4dd10065bce
9e41f526c12734040e62aac8d4b8b093f60977d9b00feb10e81f78db19de8c26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nydbehindforh.xyz/utx?cb=nsdbBZ0h9Dqo&top=megaup.net&tid=876318
108.157.229.6204 No Content 0 B URL HTTP/2 nydbehindforh.xyz/utx?cb=nsdbBZ0h9Dqo&top=megaup.net&tid=876318
IP 108.157.229.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=nsdbBZ0h9Dqo&top=megaup.net&tid=876318 HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 13 Nov 2022 13:20:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 13 Nov 2022 13:21:48 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: yH9YMH1eTYKuZWhOdZdGSS5WanV7TGYq-ix9eS43_MdqU-HY-b9Ruw==
X-Firefox-Spdy: h2
nydbehindforh.xyz/utx?cb=uoG0HWBZ6P4l&top=megaup.net&tid=764141
108.157.229.6204 No Content 0 B URL HTTP/2 nydbehindforh.xyz/utx?cb=uoG0HWBZ6P4l&top=megaup.net&tid=764141
IP 108.157.229.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=uoG0HWBZ6P4l&top=megaup.net&tid=764141 HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 13 Nov 2022 13:20:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 13 Nov 2022 13:21:48 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: Zx2vZkVF1VEUxsrFHkfaCf3IZv3SasaribTV_ezo1v-pIeuuwzXV_w==
X-Firefox-Spdy: h2
syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Q20oDQQz9FX9gh5PrzPTZZwXFD9juZn2yCFaokI93upViTgK5kZOEwTwRTSQPaAfGQVt2Kh1FuZBpPj2/pFJ+xPv8/VlOcU6h7oz03nFtFm3sqepKzdOIUrm7VU1trRIUOVQSA2yievUKYOyWDfn2+rgbDXAKcGHD8K/ESeDUEeAyCKUiFmseMjtKrxCqncWqaeWxEVZaKBaX45Hn6rEE9y3W1buuoW2f8/8Q3FBAte7kf4lxoQor50T3QHMIci/PXz+nJfPefoPdB4wPREQNXi2wjQV5CdmUqBN8Nsz9F9otpuJ2AQAA
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Q20oDQQz9FX9gh5PrzPTZZwXFD9juZn2yCFaokI93upViTgK5kZOEwTwRTSQPaAfGQVt2Kh1FuZBpPj2/pFJ+xPv8/VlOcU6h7oz03nFtFm3sqepKzdOIUrm7VU1trRIUOVQSA2yievUKYOyWDfn2+rgbDXAKcGHD8K/ESeDUEeAyCKUiFmseMjtKrxCqncWqaeWxEVZaKBaX45Hn6rEE9y3W1buuoW2f8/8Q3FBAte7kf4lxoQor50T3QHMIci/PXz+nJfPefoPdB4wPREQNXi2wjQV5CdmUqBN8Nsz9F9otpuJ2AQAA
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01Q20oDQQz9FX9gh5PrzPTZZwXFD9juZn2yCFaokI93upViTgK5kZOEwTwRTSQPaAfGQVt2Kh1FuZBpPj2/pFJ+xPv8/VlOcU6h7oz03nFtFm3sqepKzdOIUrm7VU1trRIUOVQSA2yievUKYOyWDfn2+rgbDXAKcGHD8K/ESeDUEeAyCKUiFmseMjtKrxCqncWqaeWxEVZaKBaX45Hn6rEE9y3W1buuoW2f8/8Q3FBAte7kf4lxoQor50T3QHMIci/PXz+nJfPefoPdB4wPREQNXi2wjQV5CdmUqBN8Nsz9F9otpuJ2AQAA HTTP/1.1
Host: syndication.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://megaup.net
Connection: keep-alive
Referer: https://megaup.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226370ec586e3a60.97031792357547220%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226370ec586e3a60.97031792357547220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22511.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 13 Nov 2022 13:20:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226370ec586e3a60.97031792357547220%22%3B%7D; expires=Tue, 12 Nov 2024 13:20:48 GMT; path=; domain=.exdynsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226370ec586e3a60.97031792357547220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22511.029701%22%7D; expires=Tue, 12 Nov 2024 13:20:48 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
accounts.google.com/v3/signin/identifier?dsh=S-939002058%3A1668345648315455&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt-RFJ27HxIrQ8thD76Z9VvcX8wIaRrJ-_1JyM-_D46Necgc-IBPEsXC8mTlzma8bnJRE_tMA
216.58.207.237403 Forbidden 808 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-939002058%3A1668345648315455&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt-RFJ27HxIrQ8thD76Z9VvcX8wIaRrJ-_1JyM-_D46Necgc-IBPEsXC8mTlzma8bnJRE_tMA
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash 30f42292c48328976364f46cc5270bc5
24192a3d9e529313f0f8080bd4e8c5dcaaddc57d
574284d25df7cba3d85c21fa0b39087f53a7612b1321401cafabb5eed40d3689
GET /v3/signin/identifier?dsh=S-939002058%3A1668345648315455&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt-RFJ27HxIrQ8thD76Z9VvcX8wIaRrJ-_1JyM-_D46Necgc-IBPEsXC8mTlzma8bnJRE_tMA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Nov 2022 13:20:48 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-JsOEg94UgE921h-BdvjaGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.a-ads.com/a-ads-banners/407258/300x250?region=eu-central-1
136.243.55.84200 OK 621 kB URL HTTP/2 static.a-ads.com/a-ads-banners/407258/300x250?region=eu-central-1
IP 136.243.55.84:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Size 621 kB (621339 bytes)
Hash c8694e7d5d3b9a928d4d57026ac2b68b
169b9f311167e19bd5061b53fc7e4f528e3ba7a9
0c23834abdcff9f74a47b37290da55f2c84c31c82ce26d9493b39a388b51ed6a
GET /a-ads-banners/407258/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: image/gif
content-length: 621339
x-amz-id-2: DpzhvJL1//KExomhoJpmQrLGJk8wUYNcTCfUe6C3CJJkDXibTWe+VLwsKHMz40j9m8b5uK9Fm4g=
x-amz-request-id: CCG74QZ799QGWDKS
x-amz-replication-status: COMPLETED
last-modified: Fri, 05 Aug 2022 10:27:24 GMT
etag: "c8694e7d5d3b9a928d4d57026ac2b68b"
cache-control: max-age=315360000
x-amz-version-id: 4Mo2D8..v2g7Hr5lFGow.NiBZmPPXN08
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash d713374fcc05604ffc6628a581f8c9a3
367f710941a8023826a2ac6dabd5e05bde43a594
942a10c7f1c8a91dd9362cebfebcd9b1bbe8291443d211908016ab0fa2ca9e05
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 217
Cache-Control: max-age=99845
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:20:48 GMT
Etag: "636fd15c-138"
Expires: Mon, 14 Nov 2022 17:04:53 GMT
Last-Modified: Sat, 12 Nov 2022 17:01:16 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 312
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 6bf7bc99bc232496a67d7224830e6df2
b175f0738924a3eb291993c463799f383fbfff55
0928ad92065840a1147d7e1ad7b5aba570ce4d6f011407311a22a10cdf439c25
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100901
Date: Sun, 13 Nov 2022 13:20:48 GMT
Etag: "636fc613-1d7"
Expires: Mon, 14 Nov 2022 17:22:29 GMT
Last-Modified: Sat, 12 Nov 2022 16:13:07 GMT
Server: ECS (nyb/1D23)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LM8goMxgr8ke-EyXXGU2htrJH5mfZTugoXT8WFZcnm9aTJJeRh7dng==
Age: 4162
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 5.0 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
File type ASCII text, with very long lines (5027), with no line terminators
Hash 5e5817bcf4c82c7c85d1d88636d221ce
b5c32cc6c931c33c1297884016e13d3b9a5bf261
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:20:48 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10677530
X-HW: 1668345648.dop003.sk1.t,1668345648.cds252.sk1.shn,1668345648.cds252.sk1.c
Access-Control-Allow-Origin: *
wiowaytogypts.xyz/utx?tid=832633&top=megaup.net&cb=WNNTNT4qFEja
54.230.111.45204 No Content 0 B URL HTTP/2 wiowaytogypts.xyz/utx?tid=832633&top=megaup.net&cb=WNNTNT4qFEja
IP 54.230.111.45:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=832633&top=megaup.net&cb=WNNTNT4qFEja HTTP/1.1
Host: wiowaytogypts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 13 Nov 2022 13:20:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 13 Nov 2022 13:21:48 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jVvaBUSuMj3El5NNkR0QsB18hdZicaZOyyRGFLpf-A6tVftyunrfJw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 88efe1086a7d92dca249e4aab60cfe02
7b93bd25ff407aa9d3b27b203dc4a77ab70d615e
4bff65bd1374047d5f9aa9b421f07f02d8ca35c3ef897d481ec836d47b591694
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BFF65BD1374047D5F9AA9B421F07F02D8CA35C3EF897D481EC836D47B591694"
Last-Modified: Fri, 11 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17463
Expires: Sun, 13 Nov 2022 18:11:51 GMT
Date: Sun, 13 Nov 2022 13:20:48 GMT
Connection: keep-alive
hw-cdn2.ang-content.com/a7/creatives/39/1187/805702/1030390/1030390_logo.png
205.185.208.20200 OK 16 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/39/1187/805702/1030390/1030390_logo.png
IP 205.185.208.20:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 2aaacb14c0816c811151f7e5ad369e9f
2b51b630dcbbdcd9cb0e9c298a5d4323de0f19f5
c6f084bf2cbf871312c3c508455dfeff2bb11dc8909d98ab1a43897b16bedf4e
GET /a7/creatives/39/1187/805702/1030390/1030390_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:20:48 GMT
Connection: Keep-Alive
ETag: "1651515015"
Content-Length: 15603
Content-Type: image/png
Last-Modified: Mon, 02 May 2022 18:10:15 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10766888
X-HW: 1668345648.dop069.sk1.t,1668345648.cds261.sk1.shn,1668345648.dop069.sk1.t,1668345648.cds247.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:20:48 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10671440
X-HW: 1668345648.dop210.sk1.t,1668345648.cds239.sk1.shn,1668345648.cds239.sk1.c
Access-Control-Allow-Origin: *
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 1.5 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Hash 7275a665f7b5d7bd08d849399421ac38
0f09a4ed69ebb153b6770f776cef9c26ecb2a0b6
9e8f6f206f42d73689ef9145d6e32b8d7013dbca15aa993e30b573c35272ea6c
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: lDvrfp5KD2nUNLQ3nCiqoQG68ooBF1+AZKD/FWCre4gwR4S0VvWSylmQk/5p0hdktJR4DIMsc3+iTEmA29bC3w==
date: Sun, 13 Nov 2022 13:20:48 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
hw-cdn2.ang-content.com/a7/creatives/39/1187/805702/1030390/1030390_video.mp4
205.185.208.20206 Partial Content 241 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/39/1187/805702/1030390/1030390_video.mp4
IP 205.185.208.20:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 241 kB (241322 bytes)
Hash 52c9ace410c8a18974ce86f153b0ef35
6d56cd1072cdf6cea723e26e7027c5c24b035886
01a7d757be5a8e5f1cc060a74cc6f8e2ac5ff4a79e1062c9b9676333b16aceec
GET /a7/creatives/39/1187/805702/1030390/1030390_video.mp4 HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Date: Sun, 13 Nov 2022 13:20:48 GMT
Connection: Keep-Alive
ETag: "1651516075"
Content-Length: 241322
Content-Range: bytes 0-241321/241322
Content-Type: video/mp4
Last-Modified: Mon, 02 May 2022 18:27:55 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10384812
X-HW: 1668345648.dop069.sk1.t,1668345648.cds261.sk1.shn,1668345648.dop069.sk1.t,1668345648.cds014.sk1.c
Access-Control-Allow-Origin: *
ewallowi.buzz/
107.22.28.167200 OK 0 B IP 107.22.28.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ewallowi.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Content-Length: 386
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_bold.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31568, version 1.1\012- data
Hash e0c4ac0e73196bd0469c5c33304b7773
bb071565f82907d117b0732dca8013409162c67d
ff3bf3a4a1bf2b922157b18d0e8cddd95f2fc2dfe09c30a3ce67bc11a84c67af
GET /themes/flow/frontend_assets/fonts/raleway_bold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: font/woff
content-length: 31568
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7b50"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
nydbehindforh.xyz/multi?cs=NmZHcHUBVn5GQwFSd0lDBV5%2BQ0c&abt=0&red=1&sm=76&k=download%20file%20subnoodlev1cia&v=1.0.60.1&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&u=1513490348752206&agec=1668344920&fs=1&mbkb=97.94319294809011&ref=https%3A%2F%2Fmegaup.net%2FS54v%2FSubnoodlev1CIA-pokemonerdotcom.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_dOzW=1668345647402&crc=1
108.157.229.6200 OK 1.5 kB URL HTTP/2 nydbehindforh.xyz/multi?cs=NmZHcHUBVn5GQwFSd0lDBV5%2BQ0c&abt=0&red=1&sm=76&k=download%20file%20subnoodlev1cia&v=1.0.60.1&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&u=1513490348752206&agec=1668344920&fs=1&mbkb=97.94319294809011&ref=https%3A%2F%2Fmegaup.net%2FS54v%2FSubnoodlev1CIA-pokemonerdotcom.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_dOzW=1668345647402&crc=1
IP 108.157.229.6:0
File type ASCII text, with very long lines (3190), with no line terminators
Hash 3828684c9a884ab5788aad0c89a7ff56
d41873fe2dac39c3b737066341e42562306643de
5c984bd884a3fb7fac4a70067bf0e03eefe8ebfde332889ac4a97ab8f7409867
GET /multi?cs=NmZHcHUBVn5GQwFSd0lDBV5%2BQ0c&abt=0&red=1&sm=76&k=download%20file%20subnoodlev1cia&v=1.0.60.1&sts=0&prn=0&emb=0&tid=876318&rxy=1280_1024&u=1513490348752206&agec=1668344920&fs=1&mbkb=97.94319294809011&ref=https%3A%2F%2Fmegaup.net%2FS54v%2FSubnoodlev1CIA-pokemonerdotcom.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_dOzW=1668345647402&crc=1 HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1548
date: Sun, 13 Nov 2022 13:20:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=d334642a-38c5-4792-850b-d51e4f84fbd4
csu=1513490348752206
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: Eketd_HOs6qz1dDruaqsHW1ndlIo5PZr_FIHHk9P8Kqf1kxWm90tCQ==
X-Firefox-Spdy: h2
ewallowi.buzz/
107.22.28.167200 OK 0 B IP 107.22.28.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ewallowi.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://megaup.net
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
nydbehindforh.xyz/floater?cs=ZjFmVmVeAlduV1QBV29RUQBeblM&abt=0&red=1&sm=83&k=download%20file%20subnoodlev1cia&v=0.8.10.1&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&u=1513490348752206&agec=1668344920&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=97.94319294809011&ref=https%3A%2F%2Fmegaup.net%2FS54v%2FSubnoodlev1CIA-pokemonerdotcom.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td11_oi1_&_lKKy=1668345647403&crc=1
108.157.229.6200 OK 2.5 kB URL HTTP/2 nydbehindforh.xyz/floater?cs=ZjFmVmVeAlduV1QBV29RUQBeblM&abt=0&red=1&sm=83&k=download%20file%20subnoodlev1cia&v=0.8.10.1&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&u=1513490348752206&agec=1668344920&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=97.94319294809011&ref=https%3A%2F%2Fmegaup.net%2FS54v%2FSubnoodlev1CIA-pokemonerdotcom.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td11_oi1_&_lKKy=1668345647403&crc=1
IP 108.157.229.6:0
File type ASCII text, with very long lines (3583), with no line terminators
Hash 91b457cbc9a23671dcd9f5b7bb2758a3
2354e31f40b1e5c43de670eeabcdc2711ef93f1b
9d844e2bfde14811f74c057dae4b3d32d70c31dece878d51f4a3106cce41a55e
GET /floater?cs=ZjFmVmVeAlduV1QBV29RUQBeblM&abt=0&red=1&sm=83&k=download%20file%20subnoodlev1cia&v=0.8.10.1&sts=0&prn=0&emb=0&tid=825911&rxy=1280_1024&u=1513490348752206&agec=1668344920&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=97.94319294809011&ref=https%3A%2F%2Fmegaup.net%2FS54v%2FSubnoodlev1CIA-pokemonerdotcom.rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td11_oi1_&_lKKy=1668345647403&crc=1 HTTP/1.1
Host: nydbehindforh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Origin: https://megaup.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2518
date: Sun, 13 Nov 2022 13:20:49 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://megaup.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=df91b559-7412-4e4f-8ab2-f778f94668c5
csu=1513490348752206
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 0dJi4CrXKg7NV19-5CDIF5RazSZVIKF6TtBMrU2FF0jJ-QfXmX7IFA==
X-Firefox-Spdy: h2
ewallowi.buzz/
107.22.28.167200 OK 0 B IP 107.22.28.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ewallowi.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://megaup.net
Content-Length: 350
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 929d046b7cbed155022099e982ba0592
18ff58f5b4d98748552d6604bdcba9c57eb8f412
3c70c27c11afeaea96e782a0e7b7ae9c2f3ed35c94673fcd4361cb7406b078a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4704
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 13:20:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 929d046b7cbed155022099e982ba0592
18ff58f5b4d98748552d6604bdcba9c57eb8f412
3c70c27c11afeaea96e782a0e7b7ae9c2f3ed35c94673fcd4361cb7406b078a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4704
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 13:20:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 929d046b7cbed155022099e982ba0592
18ff58f5b4d98748552d6604bdcba9c57eb8f412
3c70c27c11afeaea96e782a0e7b7ae9c2f3ed35c94673fcd4361cb7406b078a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4704
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 13:20:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 929d046b7cbed155022099e982ba0592
18ff58f5b4d98748552d6604bdcba9c57eb8f412
3c70c27c11afeaea96e782a0e7b7ae9c2f3ed35c94673fcd4361cb7406b078a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4704
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 13:20:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZLWa-RphwZqiAmeqffmEE8Mmfsfs9ZYz0bmANBEc5Ru1--VKDL4Fsw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:45:55 GMT
age: 56094
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a71d85-6d34-4bb8-8293-97875c72aa74.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a71d85-6d34-4bb8-8293-97875c72aa74.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 221170365ec0ab6bb773472933bccb4e
2f8d80c36b9d52bbca60ddc946176b8bca2f05f5
c1fedf00b8a0defa4fada242cf3e28c90937bf5f1c10145aebb3494c5a0b5066
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a71d85-6d34-4bb8-8293-97875c72aa74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9540
x-amzn-requestid: 69c339ec-ac3c-49a4-8029-01d21a7f50b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: be3itHj1oAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636f6c77-79d478af722a4ecf50a381a9;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 09:50:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uxbx0xudJDX6_72_MTyyW6R2FXmdfV_5APgpZhqG-6QIeE_yPdGxSg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 22:05:19 GMT
age: 54930
etag: "2f8d80c36b9d52bbca60ddc946176b8bca2f05f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfc69f5-02e2-48e4-a7f8-345ee02dd656.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfc69f5-02e2-48e4-a7f8-345ee02dd656.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f181df0e475c123b46f016d3c0bbaa5
399ce32b1fdcdef9061bddb840663f35e39b919a
ed9ba753f718903cd997c027f58b63f41e32107367b22b03f964d7eecdf9ba16
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfc69f5-02e2-48e4-a7f8-345ee02dd656.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11187
x-amzn-requestid: 475229e1-bbb5-43a0-8733-1140a99b6b6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIaqFFrIAMF7KA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364baaa-4261a60e57ae0c4d7a62e5e9;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:09:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JN1YNJmiZpeJsUVH5sQhYw2rZbvvzxVrt2IgDxHro9z3CfcFeVCGg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 06:02:58 GMT
age: 26271
etag: "399ce32b1fdcdef9061bddb840663f35e39b919a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80441337-327d-4d34-9fe8-53269c39ac18.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80441337-327d-4d34-9fe8-53269c39ac18.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26249508ef18eac51cf62cf6e90339a4
a9922959c532dd26f21bda4f74ee1fa8496e862e
25075ef6337bae8e60412cdca98afbae6aca61d889aadce4cbad4a8522f4c4b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80441337-327d-4d34-9fe8-53269c39ac18.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7867
x-amzn-requestid: e05d4978-6f46-4395-8121-4d969a222328
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bgfLqFWIoAMF01A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6370124a-4033150d0180e56e2965e26e;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YDkJ7OIcS3FiDPufRTj5VtL5CMxbNN2o2Zq50QQ9UNeDw4uE4j3jrw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:54:29 GMT
age: 55580
etag: "a9922959c532dd26f21bda4f74ee1fa8496e862e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f5427e2-3528-4845-9f17-27540185ac8c.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f5427e2-3528-4845-9f17-27540185ac8c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 715c6a18c1af63c346ae193038dd3892
c47f502cac855b004d351eea75c5eb93d98d9b0b
ab59d34f794e8fe8fae82e3a93140e0f887a40cfb24150008a904ca22f1995b8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f5427e2-3528-4845-9f17-27540185ac8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5366
x-amzn-requestid: 7d1ce6f4-2b63-402c-aa1e-5b13b1fecee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEI_FFkEoAMFa2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364bb93-19aa790f7dfd22b37ea89277;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:13:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: A6bUyiuS9O5z_Kciz_KH8w-pqCSYUkGvsRNzbrDBTfrh90JnFrOlew==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 22:00:03 GMT
age: 55246
etag: "c47f502cac855b004d351eea75c5eb93d98d9b0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
megaup.net/sw.js?ZXdRRWY%2BVWl2VFNEYmdKR1V9ZwBRE2hwVwATfHZWVU58cV5SEXx9AFNCfH1XB04wclEARmQmAEdbc3RQUkQ0dlYEWmAhAFVaZXwEBlozJ18DWmlxUVRFZ3BWXRMwdkRJVSIyRElVNDIHCRs%2BMg9LFSQ%2EHEdbc3RWS0JzaQAEGyIgSgMWPTYDSREwKRUAKg
91.209.70.182200 OK 52 kB URL HTTP/2 megaup.net/sw.js?ZXdRRWY%2BVWl2VFNEYmdKR1V9ZwBRE2hwVwATfHZWVU58cV5SEXx9AFNCfH1XB04wclEARmQmAEdbc3RQUkQ0dlYEWmAhAFVaZXwEBlozJ18DWmlxUVRFZ3BWXRMwdkRJVSIyRElVNDIHCRs%2BMg9LFSQ%2EHEdbc3RWS0JzaQAEGyIgSgMWPTYDSREwKRUAKg
IP 91.209.70.182:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ebe1f743a6658032b59fd076f050cc26
055489135c096794206ff79915ce7e0619074666
11ee5ca27602a15d8c91a350a29389c4c5ab02f5f299e341c560e15f2245b861
GET /sw.js?ZXdRRWY%2BVWl2VFNEYmdKR1V9ZwBRE2hwVwATfHZWVU58cV5SEXx9AFNCfH1XB04wclEARmQmAEdbc3RQUkQ0dlYEWmAhAFVaZXwEBlozJ18DWmlxUVRFZ3BWXRMwdkRJVSIyRElVNDIHCRs%2BMg9LFSQ%2EHEdbc3RWS0JzaQAEGyIgSgMWPTYDSREwKRUAKg HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:52 GMT
vary: Accept-Encoding
etag: W/"60758f38-12fe6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1910b86ede3a1141adf522bb27035ff9
2f7e9dadccb62c7e3ffd2a1f1fba05869e6782e3
131e191689ed82547ae69552f7907c627e02c682392aad337d60f6cc589f28d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "131E191689ED82547AE69552F7907C627E02C682392AAD337D60F6CC589F28D2"
Last-Modified: Sat, 12 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13772
Expires: Sun, 13 Nov 2022 17:10:23 GMT
Date: Sun, 13 Nov 2022 13:20:51 GMT
Connection: keep-alive
imgdelnw.com/ie?v=4&c=IN8ZsgElkcVp_H92Rdx6_y3H7Bop7uRrHkR00Hnt7oqmD1kEQFJ3EtYta8ea7thW3nNO9-cZ73HzpOqy7n5HrFs-vgC-HBb_HW6p-0pIWrHVNJKcxTdz0VZlgW1YiMzTlmCDn8CfawslzWDRR_bKkLlzY5WIkKkv15ix4qPq_j1c0OuPn6ZqusuUFkJliMC1yx0V46iuRWjzOuBBr5K5WHInO7EFwZKRcoN0Z_hpNYYGfdhqNeLmURywsI3m4LNFAelT-9b3b-HdAO4RID04UvTB1v_iepbaAGJ0W09E0nhdKqtfr2zn7cx0WYcWpCLw_6-RSI9ZgdAoHhOVd-5ZziA1QPp_IT7i_u-AQgmTuVmz_lyjgWf4vJfLBdXpp-a6uiU_sAcLv3-g1_VCKMxKS5XaFwqj74_UQacrGJ-wgONuWOrN2XgZktXYCrIpVLA-bg==&v1=79&v2=68678
157.90.94.146301 Moved Permanently 0 B URL HTTP/1.1 imgdelnw.com/ie?v=4&c=IN8ZsgElkcVp_H92Rdx6_y3H7Bop7uRrHkR00Hnt7oqmD1kEQFJ3EtYta8ea7thW3nNO9-cZ73HzpOqy7n5HrFs-vgC-HBb_HW6p-0pIWrHVNJKcxTdz0VZlgW1YiMzTlmCDn8CfawslzWDRR_bKkLlzY5WIkKkv15ix4qPq_j1c0OuPn6ZqusuUFkJliMC1yx0V46iuRWjzOuBBr5K5WHInO7EFwZKRcoN0Z_hpNYYGfdhqNeLmURywsI3m4LNFAelT-9b3b-HdAO4RID04UvTB1v_iepbaAGJ0W09E0nhdKqtfr2zn7cx0WYcWpCLw_6-RSI9ZgdAoHhOVd-5ZziA1QPp_IT7i_u-AQgmTuVmz_lyjgWf4vJfLBdXpp-a6uiU_sAcLv3-g1_VCKMxKS5XaFwqj74_UQacrGJ-wgONuWOrN2XgZktXYCrIpVLA-bg==&v1=79&v2=68678
IP 157.90.94.146:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=IN8ZsgElkcVp_H92Rdx6_y3H7Bop7uRrHkR00Hnt7oqmD1kEQFJ3EtYta8ea7thW3nNO9-cZ73HzpOqy7n5HrFs-vgC-HBb_HW6p-0pIWrHVNJKcxTdz0VZlgW1YiMzTlmCDn8CfawslzWDRR_bKkLlzY5WIkKkv15ix4qPq_j1c0OuPn6ZqusuUFkJliMC1yx0V46iuRWjzOuBBr5K5WHInO7EFwZKRcoN0Z_hpNYYGfdhqNeLmURywsI3m4LNFAelT-9b3b-HdAO4RID04UvTB1v_iepbaAGJ0W09E0nhdKqtfr2zn7cx0WYcWpCLw_6-RSI9ZgdAoHhOVd-5ZziA1QPp_IT7i_u-AQgmTuVmz_lyjgWf4vJfLBdXpp-a6uiU_sAcLv3-g1_VCKMxKS5XaFwqj74_UQacrGJ-wgONuWOrN2XgZktXYCrIpVLA-bg==&v1=79&v2=68678 HTTP/1.1
Host: imgdelnw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Sun, 13 Nov 2022 13:20:51 GMT
content-length: 0
location: https://img.vmmcdn.com/get/7609021/200747_icon.png
x-app-id: 13
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 013b5c6f8e20de03e446491adcaca5f3
566892c009ea8eb585aeffc841b6df8dbe67f2cc
5d66eb9e0c5301e68932d077d599d78fecdbc7fc6e0af57e79133c85a02c385a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D66EB9E0C5301E68932D077D599D78FECDBC7FC6E0AF57E79133C85A02C385A"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17225
Expires: Sun, 13 Nov 2022 18:07:56 GMT
Date: Sun, 13 Nov 2022 13:20:51 GMT
Connection: keep-alive
img.vmmcdn.com/get/7609021/200747_icon.png
46.4.121.113200 OK 78 kB URL HTTP/2 img.vmmcdn.com/get/7609021/200747_icon.png
IP 46.4.121.113:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 53282b73b589873fa79c738c03b4e47d
ca5ab91a4e36ebddd6b326fa67071e915415085d
530d10989a16c4cbdec879d1f82bb200fe63f5fb111179d873354058460dacc8
GET /get/7609021/200747_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.1
date: Sun, 13 Nov 2022 13:20:51 GMT
content-type: image/png
content-length: 78410
last-modified: Mon, 07 Nov 2022 15:29:52 GMT
cache-control: public, max-age=604800
etag: "63692470-1324a"
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
91.209.70.182200 OK 32 kB URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/raleway_medium.woff
IP 91.209.70.182:0
File type Web Open Font Format, TrueType, length 31900, version 1.1\012- data
Hash 1b285c8e5b7445a8e434b2cdf036bab2
c97d4772fbb5c5637d466b5f991bc7ec28830b32
09b979826f2ac158a63ba234042c66414c21282d0bb46eadc62c64a873778825
GET /themes/flow/frontend_assets/fonts/raleway_medium.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919; _gat_gtag_UA_108868042_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:53 GMT
content-type: font/woff
content-length: 31900
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c9c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/css/settings.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-ce4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/styles/font-icons/entypo/css/entypo.css
IP 91.209.70.182:0
GET /themes/flow/styles/font-icons/entypo/css/entypo.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45f5"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/styles/file-upload.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/styles/file-upload.css
IP 91.209.70.182:0
GET /themes/flow/styles/file-upload.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-21ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6a684"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-process.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-process.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-process.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/SmoothScroll/SmoothScroll.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1cdf"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-59d6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-553043912%3A1668345648268139&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuKIlnMuQ2kg3667UEYBepjmEQf-Lfi7OFFx17hRUVIFYNLOWcXu7sHv-3h2ALqW322TiUjlw
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-553043912%3A1668345648268139&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuKIlnMuQ2kg3667UEYBepjmEQf-Lfi7OFFx17hRUVIFYNLOWcXu7sHv-3h2ALqW322TiUjlw
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-553043912%3A1668345648268139&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuKIlnMuQ2kg3667UEYBepjmEQf-Lfi7OFFx17hRUVIFYNLOWcXu7sHv-3h2ALqW322TiUjlw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Nov 2022 13:20:48 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-GGFOtqoSVycQRexri55mIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTE4NyIsInNpZCI6IjEwMDEyNDU2IiwibmlkcyI6IjU5MTUxIiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDMwMzkwIiwic3YiOiI1NjQ5IiwicmVmX2RtbiI6Im1lZ2F1cC5uZXQiLCJleHRfY2lkIjoiIiwidHNuYW1lIjoiTUIiLCJjcmMiOiIzIiwiY24iOiIzMDBYMjUwX1BDX05US19UR1BUUzVfU0ZXIiwibmlkIjoiNTkxNTEiLCJleHRfcHViIjoiIiwiY3JwIjoiMzkuNTYiLCJ0aWQiOiIxIiwiaXQiOiIxM1wvTm92XC8yMDIyOjEzOjIwOjQ4ICswMDAwIiwiY2MiOiIzIiwic25jaWQiOiIxMDI3NjgiLCJjaWQiOiIzODA3MSIsImV4dF91aWQiOiIiLCJjcCI6IjQ4LjU4Iiwic25jY2lkIjoiMTg5MDk2MCIsImlpZCI6ImY3N2E2YmI4MDA3ZDdjMzFjZGZmODUxY2Y1ZWZiMDJjIiwiZXh0X2lpZCI6IiJ9?unique_view=1
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTE4NyIsInNpZCI6IjEwMDEyNDU2IiwibmlkcyI6IjU5MTUxIiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDMwMzkwIiwic3YiOiI1NjQ5IiwicmVmX2RtbiI6Im1lZ2F1cC5uZXQiLCJleHRfY2lkIjoiIiwidHNuYW1lIjoiTUIiLCJjcmMiOiIzIiwiY24iOiIzMDBYMjUwX1BDX05US19UR1BUUzVfU0ZXIiwibmlkIjoiNTkxNTEiLCJleHRfcHViIjoiIiwiY3JwIjoiMzkuNTYiLCJ0aWQiOiIxIiwiaXQiOiIxM1wvTm92XC8yMDIyOjEzOjIwOjQ4ICswMDAwIiwiY2MiOiIzIiwic25jaWQiOiIxMDI3NjgiLCJjaWQiOiIzODA3MSIsImV4dF91aWQiOiIiLCJjcCI6IjQ4LjU4Iiwic25jY2lkIjoiMTg5MDk2MCIsImlpZCI6ImY3N2E2YmI4MDA3ZDdjMzFjZGZmODUxY2Y1ZWZiMDJjIiwiZXh0X2lpZCI6IiJ9?unique_view=1
IP 66.254.114.171:0
GET /track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTE4NyIsInNpZCI6IjEwMDEyNDU2IiwibmlkcyI6IjU5MTUxIiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDMwMzkwIiwic3YiOiI1NjQ5IiwicmVmX2RtbiI6Im1lZ2F1cC5uZXQiLCJleHRfY2lkIjoiIiwidHNuYW1lIjoiTUIiLCJjcmMiOiIzIiwiY24iOiIzMDBYMjUwX1BDX05US19UR1BUUzVfU0ZXIiwibmlkIjoiNTkxNTEiLCJleHRfcHViIjoiIiwiY3JwIjoiMzkuNTYiLCJ0aWQiOiIxIiwiaXQiOiIxM1wvTm92XC8yMDIyOjEzOjIwOjQ4ICswMDAwIiwiY2MiOiIzIiwic25jaWQiOiIxMDI3NjgiLCJjaWQiOiIzODA3MSIsImV4dF91aWQiOiIiLCJjcCI6IjQ4LjU4Iiwic25jY2lkIjoiMTg5MDk2MCIsImlpZCI6ImY3N2E2YmI4MDA3ZDdjMzFjZGZmODUxY2Y1ZWZiMDJjIiwiZXh0X2lpZCI6IiJ9?unique_view=1 HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/get/10012456?time=1614803572912&apb=ooddNHdLHTPHNVS4ASOpprpmtrdTbbZNLTK6V1Esqp6pXVTTOpmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXRZLvrVbXvRnXLHdZLRNZdPRVZVTZPPK6XabWbfWujTSfOyvfXee7jfbau6nbem2l0rv9.czijBuZznSuldK6V0rpXSuldK4Ps
Cookie: adtool_guid=Ch5KGmNw7Fiht3vxjlGZAg==; RNLBSERVERID=ded7040
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
x-request-id: 6370EF30-42FE72AB01BBC317-41C9A7F
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-8d4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/global.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/global.js
IP 91.209.70.182:0
GET /themes/flow/js/global.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-d59"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/sw.js
91.209.70.182200 OK 0 B IP 91.209.70.182:0
GET /sw.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:52 GMT
vary: Accept-Encoding
etag: W/"60758f38-12fe6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/animation/jquery.appear.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/animation/jquery.appear.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-5c6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/custom/custom.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/custom/custom.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/custom/custom.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1420"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery-1.11.0.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery-1.11.0.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery-1.11.0.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1787d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-dbd4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-resize.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-resize.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-resize.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1f7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
IP 91.209.70.182:0
GET /S54v/Subnoodlev1CIA-pokemonerdotcom.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/colors/flow.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/colors/flow.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/colors/flow.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-a83"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/responsive.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/responsive.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/responsive.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-e56"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/main_logo_inverted.png
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/images/main_logo_inverted.png
IP 91.209.70.182:0
GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/images/loading_small.gif
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/images/loading_small.gif
IP 91.209.70.182:0
GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/bootstrap/bootstrap.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71b6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/sticky/jquery.sticky.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/sticky/jquery.sticky.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1099"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-ui.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-ui.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-ui.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-61ef"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.plugins.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-14cc1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/retina/retina.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/retina/retina.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/retina/retina.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-52e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/images/icons/favicon/favicon.ico
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/images/icons/favicon/favicon.ico HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: image/x-icon
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-47e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/jquery.isotope.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3ead"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/isotope/custom-isotope.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/isotope/custom-isotope.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-71d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/gauge.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/gauge.min.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/gauge.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45b8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/clipboardjs/clipboard.min.js
IP 91.209.70.182:0
GET /themes/flow/js/clipboardjs/clipboard.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2296"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/fonts.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/fonts.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/fonts.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-690"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/load-image.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/load-image.min.js
IP 91.209.70.182:0
GET /themes/flow/js/load-image.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-9f2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/rs-plugin/js/jquery.themepunch.revolution.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-303b2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
ad.a-ads.com/1811811?size=300x250
136.243.22.74200 OK 0 B URL HTTP/2 ad.a-ads.com/1811811?size=300x250
IP 136.243.22.74:0
ASN #24940 Hetzner Online GmbH
GET /1811811?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:48 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://megaup.net/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.dataTables.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.dataTables.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.dataTables.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-10fe4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.tmpl.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.tmpl.min.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.tmpl.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3cb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/canvas-to-blob.min.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/canvas-to-blob.min.js
IP 91.209.70.182:0
GET /themes/flow/js/canvas-to-blob.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-408"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.iframe-transport.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.iframe-transport.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.iframe-transport.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2427"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/jquery.fileupload-validate.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/jquery.fileupload-validate.js
IP 91.209.70.182:0
GET /themes/flow/js/jquery.fileupload-validate.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-fea"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
societingna.info/alk1SlARe0Y9Dx8rWWhqSDFBPiAZYxplPQ8%2BVD8gRDdQPn8ZLhsgI0h1Fzk9DHsPe3xILVQtDwM9F3ByUmoHfGNZexloIx87aiM0WHsPaDZePQx%2FYQ89GHlgWmAYfmhdPxhyNlxsGHJhCGBUfWcPaAApNkgk
107.22.28.167200 OK 0 B URL HTTP/2 societingna.info/alk1SlARe0Y9Dx8rWWhqSDFBPiAZYxplPQ8%2BVD8gRDdQPn8ZLhsgI0h1Fzk9DHsPe3xILVQtDwM9F3ByUmoHfGNZexloIx87aiM0WHsPaDZePQx%2FYQ89GHlgWmAYfmhdPxhyNlxsGHJhCGBUfWcPaAApNkgk
IP 107.22.28.167:0
Analyzer Verdict Alert fortinet Malware
GET /alk1SlARe0Y9Dx8rWWhqSDFBPiAZYxplPQ8%2BVD8gRDdQPn8ZLhsgI0h1Fzk9DHsPe3xILVQtDwM9F3ByUmoHfGNZexloIx87aiM0WHsPaDZePQx%2FYQ89GHlgWmAYfmhdPxhyNlxsGHJhCGBUfWcPaAApNkgk HTTP/1.1
Host: societingna.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 0195508b96aadcdda94bb5742206ad63=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e0ed-0mWwTgo4ORmx38e2FX5Rs7O17oM"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
IP 91.209.70.182:0
GET /themes/flow/js/zeroClipboard/ZeroClipboard.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3bd2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.scrollTo.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/nav/jquery.scrollTo.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-981"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/js/nav/jquery.nav.js
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/js/nav/jquery.nav.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/S54v/Subnoodlev1CIA-pokemonerdotcom.rar
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1547"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/stylesheet.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/stylesheet.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/stylesheet.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6c82"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2
megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
91.209.70.182200 OK 0 B URL HTTP/2 megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
IP 91.209.70.182:0
GET /themes/flow/frontend_assets/css/isotope/isotope-style.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
Connection: keep-alive
Cookie: filehosting=7854dhsljel87f84phue5u1g90; _ga=GA1.2.358571762.1668344919; _gid=GA1.2.185099683.1668344919
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:20:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-af3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2