www.upload-4ever.com/jnwztbqjmc6c/Multi%20OEM-Retail%20Project%20Build%2028.02.2022.zip
301 Moved Permanently 0 B URL HTTP/1.1 www.upload-4ever.com/jnwztbqjmc6c/Multi%20OEM-Retail%20Project%20Build%2028.02.2022.zip
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /jnwztbqjmc6c/Multi%20OEM-Retail%20Project%20Build%2028.02.2022.zip HTTP/1.1
Host: www.upload-4ever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Feb 2023 14:04:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 25 Feb 2023 15:04:44 GMT
Location: https://www.upload-4ever.com/jnwztbqjmc6c/Multi%20OEM-Retail%20Project%20Build%2028.02.2022.zip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eRLNQ%2Bo%2BtdGaGf%2BeMXs%2F7%2FKN8mMbg8R%2FuBs800QtqMKFxQePz9%2FpGbdFbfi98dk%2BotkgOewdzfQxE6JYFUwF3cbFo4xF54CO7WKyQ%2Bl%2F38WWZHbcEY2PL4mmBwRE%2FBxw14Jtp7mGPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79f0fde7689a0b49-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 666c7f3c3342b2fdca31a2355ee20bea
09bd5cbacba34412f5fff9d44f97e46c8c76d001
cb3a380fc71bc65dfde35069f0fc441400974afcf28c0fbb6fec8f41e16f70c8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB3A380FC71BC65DFDE35069F0FC441400974AFCF28C0FBB6FEC8F41E16F70C8"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5046
Expires: Sat, 25 Feb 2023 15:28:50 GMT
Date: Sat, 25 Feb 2023 14:04:44 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bc3cacbc6c565bf2955b507302b8fb41
7b773e19aff1d4904cec328c456513e80f917ba4
b45c582b42efef5e8bd5744333a137f13e94a93cafbaace39b36cfa1eeb041bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B45C582B42EFEF5E8BD5744333A137F13E94A93CAFBAACE39B36CFA1EEB041BD"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2807
Expires: Sat, 25 Feb 2023 14:51:31 GMT
Date: Sat, 25 Feb 2023 14:04:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Feb 2023 13:12:28 GMT
content-type: application/json
age: 3136
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 29cfccb9238759ed21dbb0d92cae75f8
f41ad1b02e353cd2b33af7618c71cc16fae2886e
91e392e78e584e8a82762dab0d5615aa1af3893237d601db3d45bb6fad488580
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91E392E78E584E8A82762DAB0D5615AA1AF3893237D601DB3D45BB6FAD488580"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14172
Expires: Sat, 25 Feb 2023 18:00:56 GMT
Date: Sat, 25 Feb 2023 14:04:44 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Byyh8QE9IkUA3ASpnNorP2gYL+wv/geU+KfSHmzHq/jjEOvaQCqwx8vbZHL+sFgZo6TXc0GJaMU=
x-amz-request-id: DZPHBD71D1951CEF
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Feb 2023 13:31:01 GMT
age: 2023
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 4695675df9329da8abf0b3d47ff68402
d47a5f1f75c1adbea660b8054ccc0c5d6c5c97bf
a14b32d86236a8157d6937a9ddbed2e4baa34ffb5a5191281a7b6bafc0e79d54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3304
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:44 GMT
Last-Modified: Sat, 25 Feb 2023 13:09:40 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 14:04:44 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 4695675df9329da8abf0b3d47ff68402
d47a5f1f75c1adbea660b8054ccc0c5d6c5c97bf
a14b32d86236a8157d6937a9ddbed2e4baa34ffb5a5191281a7b6bafc0e79d54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3304
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:44 GMT
Last-Modified: Sat, 25 Feb 2023 13:09:40 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Cache-Control, Backoff, Pragma, Expires, Last-Modified, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Feb 2023 14:03:34 GMT
age: 71
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
200 OK 117 kB URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
IP
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 117 kB (116592 bytes)
Hash f3d203205a032888dbbcfed24c71113c
961b1b8d6bd021a021b517f5861e8a26ea71b432
2b1862f4c2d2044ac2187dead7774c7ba6cb15173f86d1281b90b37078df32aa
GET /?bvjjd=976112 HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 116592
date: Sat, 25 Feb 2023 14:04:45 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0u0ozOG-5SvF8doHIk1sca_7dtBxXLuy_pkb92-nFUridkCn41qVPA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b1d73c7d1e3e594a7be10b7ac62176ac
46105f3b581c409f00524674825c08343e4d71d1
7b31674705946d30e1822ddca8008520258d81a32cb11fadeded012dac2b0d13
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B31674705946D30E1822DDCA8008520258D81A32CB11FADEDED012DAC2B0D13"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9256
Expires: Sat, 25 Feb 2023 16:39:01 GMT
Date: Sat, 25 Feb 2023 14:04:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 96af7a10feda9ed2d2cb6b7eb96211c1
1e0b5c386410102ebfd88b4998491be547a71087
549c983afa7aa67a91e02c59b440af2bd24c8663652dce8d9e0c7fa835b6d4a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "549C983AFA7AA67A91E02C59B440AF2BD24C8663652DCE8D9E0C7FA835B6D4A3"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19407
Expires: Sat, 25 Feb 2023 19:28:12 GMT
Date: Sat, 25 Feb 2023 14:04:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 96af7a10feda9ed2d2cb6b7eb96211c1
1e0b5c386410102ebfd88b4998491be547a71087
549c983afa7aa67a91e02c59b440af2bd24c8663652dce8d9e0c7fa835b6d4a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "549C983AFA7AA67A91E02C59B440AF2BD24C8663652DCE8D9E0C7FA835B6D4A3"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19407
Expires: Sat, 25 Feb 2023 19:28:12 GMT
Date: Sat, 25 Feb 2023 14:04:45 GMT
Connection: keep-alive
cagothie.net/tag.min.js
200 OK 24 kB IP
Hash deeeba96894c5780fd0db642535f0f6f
bb9434467f52bd1a7850638cbb7622d4d2443db9
a06a22770db089e3ef81464842a35d3fca946b4427ee2426ac910d912eb856bb
GET /tag.min.js HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 14:04:45 GMT
content-type: text/javascript; charset=utf-8
content-length: 23689
content-encoding: br
x-trace-id: 15ee42900b03e8139514ea5ee35a8452
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 24 Feb 2023 06:10:29 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dhthrewdownth.com/M29kSnlSDQcnRlJSBmwMQQNZb0t1SlYMHQIFViAPBA0SKQpLHgNkGl8AES4fQQAKPlddChBvS3UVNScVWTgiIRFxCFRvS3E1DhM4cV0yLR1lVjcrLkcEJTI4ACEeACx5FSI6PGdbUgw9YhctHhoGP1YbHXQ7HCEaWFc0BS1QAzIPLAohHQwsZgFQfjNUGwEoMQtdIxsOSTUgEzV1BlxvS3EhNi0peCwMITFyJQgEOgM7JyAoAiZUMit7Ahw5LmY1FSsuXAonICAKIzZ+KFU4EDM7SwtdK0p5NjF5I0M1VSURVTgQMzFUAFYoSmkiMQgJCwwiIRtRAlUkLlpCInMYACYGDCECHiV7EWcNPC4AYio+OxhgOikLPX5dPnsKXw4JJgNkOSo6GGshKR8uVEpWDDJLHCMaE2pZMAw8Vg4sABpnOAxvS3UhVRgqFQUXJRdDUiAjSWA4PQYUQCcwKx8
200 OK 1.2 kB URL HTTP/2 dhthrewdownth.com/M29kSnlSDQcnRlJSBmwMQQNZb0t1SlYMHQIFViAPBA0SKQpLHgNkGl8AES4fQQAKPlddChBvS3UVNScVWTgiIRFxCFRvS3E1DhM4cV0yLR1lVjcrLkcEJTI4ACEeACx5FSI6PGdbUgw9YhctHhoGP1YbHXQ7HCEaWFc0BS1QAzIPLAohHQwsZgFQfjNUGwEoMQtdIxsOSTUgEzV1BlxvS3EhNi0peCwMITFyJQgEOgM7JyAoAiZUMit7Ahw5LmY1FSsuXAonICAKIzZ+KFU4EDM7SwtdK0p5NjF5I0M1VSURVTgQMzFUAFYoSmkiMQgJCwwiIRtRAlUkLlpCInMYACYGDCECHiV7EWcNPC4AYio+OxhgOikLPX5dPnsKXw4JJgNkOSo6GGshKR8uVEpWDDJLHCMaE2pZMAw8Vg4sABpnOAxvS3UhVRgqFQUXJRdDUiAjSWA4PQYUQCcwKx8
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash 3a0c3bebc3e2e67367b8a6907690167c
d066b6dafd9f19ff22dcc09272281a6ef7ecfb41
400cf594f704fd331b9fbbdedfb10ca2b32b21496f649cc845ab07cd1339a345
GET /M29kSnlSDQcnRlJSBmwMQQNZb0t1SlYMHQIFViAPBA0SKQpLHgNkGl8AES4fQQAKPlddChBvS3UVNScVWTgiIRFxCFRvS3E1DhM4cV0yLR1lVjcrLkcEJTI4ACEeACx5FSI6PGdbUgw9YhctHhoGP1YbHXQ7HCEaWFc0BS1QAzIPLAohHQwsZgFQfjNUGwEoMQtdIxsOSTUgEzV1BlxvS3EhNi0peCwMITFyJQgEOgM7JyAoAiZUMit7Ahw5LmY1FSsuXAonICAKIzZ+KFU4EDM7SwtdK0p5NjF5I0M1VSURVTgQMzFUAFYoSmkiMQgJCwwiIRtRAlUkLlpCInMYACYGDCECHiV7EWcNPC4AYio+OxhgOikLPX5dPnsKXw4JJgNkOSo6GGshKR8uVEpWDDJLHCMaE2pZMAw8Vg4sABpnOAxvS3UhVRgqFQUXJRdDUiAjSWA4PQYUQCcwKx8 HTTP/1.1
Host: dhthrewdownth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1194
date: Sat, 25 Feb 2023 14:04:45 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aSqAGIemNTEzWGZ7XTmXid2SHrdvj1yDcxGTHyZtSKYUe_WomFFO4A==
X-Firefox-Spdy: h2
adirtlseividwhik.xyz/cUZ3MzNeeRRADiUTJXl+Q3dAUF1FDiF7AkEgNn1mFB4hS3E3E1FHWhV7TgQFQHdFFUMYIkoCFQIyFkdGAntGFVofIBgOFQd7Rh0ARWhEAR1AYAIOAlcyB1JUTHdRQ0cFKkoCBUZxRAAASHNFCwVC
204 No Content 0 B URL HTTP/2 adirtlseividwhik.xyz/cUZ3MzNeeRRADiUTJXl+Q3dAUF1FDiF7AkEgNn1mFB4hS3E3E1FHWhV7TgQFQHdFFUMYIkoCFQIyFkdGAntGFVofIBgOFQd7Rh0ARWhEAR1AYAIOAlcyB1JUTHdRQ0cFKkoCBUZxRAAASHNFCwVC
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /cUZ3MzNeeRRADiUTJXl+Q3dAUF1FDiF7AkEgNn1mFB4hS3E3E1FHWhV7TgQFQHdFFUMYIkoCFQIyFkdGAntGFVofIBgOFQd7Rh0ARWhEAR1AYAIOAlcyB1JUTHdRQ0cFKkoCBUZxRAAASHNFCwVC HTTP/1.1
Host: adirtlseividwhik.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 25 Feb 2023 14:04:45 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KOOPIp%2BTBZr4qvO1YTLacHQKJsicQBMtGaNa%2BL6Abbce0tkqR7BbxB8Lphr2boSRpaPD9tQ3tll2nn3DRai%2BYf9Cv9OVLuMp0OMgCPU5eSus9HzgddymBa1MG9WdrfuUVMO3zyNsxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f0fdeebef3b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dhthrewdownth.com/QUY5eDQgJFoVCyB7W15BMyoEXQYHYws+UHAsCxJCdiRPG0c5N15WVy0pTBxSMylXDBovI01dBgccaEoFGxV/NVMALFoNVgUlfChsFzddPkAuI246WAM/VhZkFQhoMHYyEXc8WwojaCl4CAdWInw5KUseTjY2c0l2MSRTQF0APAxJUBIffTdaFy9jKUN4DVRNBxI/TghWKHJ6MU0EYws+eDY+AR1cF3RoSlg1H2E2cg0vfEF+Ng9MNwcbPmEsV3kiVz5QIA5RQVdxLkg7Whs+YSsAKRZhLm4nDkoqbi1/STVzF3VqP1sKIlc+UAo8DEpXAj5WHXMbMmEgGQMyYCB5ChZ6CwANA1EKcCwAQyBzLXJgFnoiIHEIXgsXaAp4FRNKPmw5cH8gfiUkfiJeGxRRE1EQYFMLWy82BD1nBDFuKwUWDnQrZQ0ffw
200 OK 1.2 kB URL HTTP/2 dhthrewdownth.com/QUY5eDQgJFoVCyB7W15BMyoEXQYHYws+UHAsCxJCdiRPG0c5N15WVy0pTBxSMylXDBovI01dBgccaEoFGxV/NVMALFoNVgUlfChsFzddPkAuI246WAM/VhZkFQhoMHYyEXc8WwojaCl4CAdWInw5KUseTjY2c0l2MSRTQF0APAxJUBIffTdaFy9jKUN4DVRNBxI/TghWKHJ6MU0EYws+eDY+AR1cF3RoSlg1H2E2cg0vfEF+Ng9MNwcbPmEsV3kiVz5QIA5RQVdxLkg7Whs+YSsAKRZhLm4nDkoqbi1/STVzF3VqP1sKIlc+UAo8DEpXAj5WHXMbMmEgGQMyYCB5ChZ6CwANA1EKcCwAQyBzLXJgFnoiIHEIXgsXaAp4FRNKPmw5cH8gfiUkfiJeGxRRE1EQYFMLWy82BD1nBDFuKwUWDnQrZQ0ffw
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3028), with no line terminators
Hash 1f9971502269d8192cd45fc4af945b59
4d93a311c63b1e8ce6c2fd31d8c5a31be4141869
de8ed2bb79d27fbdcb87727066511bdc362233aafc673a0dea5e298fd9748d1b
GET /QUY5eDQgJFoVCyB7W15BMyoEXQYHYws+UHAsCxJCdiRPG0c5N15WVy0pTBxSMylXDBovI01dBgccaEoFGxV/NVMALFoNVgUlfChsFzddPkAuI246WAM/VhZkFQhoMHYyEXc8WwojaCl4CAdWInw5KUseTjY2c0l2MSRTQF0APAxJUBIffTdaFy9jKUN4DVRNBxI/TghWKHJ6MU0EYws+eDY+AR1cF3RoSlg1H2E2cg0vfEF+Ng9MNwcbPmEsV3kiVz5QIA5RQVdxLkg7Whs+YSsAKRZhLm4nDkoqbi1/STVzF3VqP1sKIlc+UAo8DEpXAj5WHXMbMmEgGQMyYCB5ChZ6CwANA1EKcCwAQyBzLXJgFnoiIHEIXgsXaAp4FRNKPmw5cH8gfiUkfiJeGxRRE1EQYFMLWy82BD1nBDFuKwUWDnQrZQ0ffw HTTP/1.1
Host: dhthrewdownth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1181
date: Sat, 25 Feb 2023 14:04:45 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: USXDerjWLLsVx9GMKJjo7NTijkp90kq7zps3pgXAxZolvE5CefbVyg==
X-Firefox-Spdy: h2
dhthrewdownth.com/QWJiWlggAAE3ZyBfAHwtMw5ff2oHR1AcPHAIUDAudgAUOSs5EwV0Oy0NFz4+Mw0MLnYvBxZ/agdbAB9pKC86HwgIBRoCDCkFCRg/OSs1aSwWIzc2EwsaJD8QORoVGxAUOC0JDQoHGjYOBSMgHx5xDVcdHhcvOh0rDjcgYhQiJzAPEDZbFQ8gIjMhGWEnIDQ5AREzUzsMAwUUHGgYNSUgLw4zMxgTDiMvFxAAL1EZaXEGJg0wEAZSCBsnNwEeCRQzVBlpeTQjIDcTJCcUOwgaOw8JcBpaDzB4IDECbCYkJxQ7DgUWPApwCg0PAA83OjRoICBSDBInC08bDRBTFX9qByQgCBsNOhoJGgdbAQAdIiYzCysuIzQ1PRI6WjEZcSQGPA4IIzMMaS43Ix8AAzZaEg45Vjc7HgNRMxwgdTYjHAAGOiAOfisRDTQofAAmMg0pCigyYQAAFzw
200 OK 1.2 kB URL HTTP/2 dhthrewdownth.com/QWJiWlggAAE3ZyBfAHwtMw5ff2oHR1AcPHAIUDAudgAUOSs5EwV0Oy0NFz4+Mw0MLnYvBxZ/agdbAB9pKC86HwgIBRoCDCkFCRg/OSs1aSwWIzc2EwsaJD8QORoVGxAUOC0JDQoHGjYOBSMgHx5xDVcdHhcvOh0rDjcgYhQiJzAPEDZbFQ8gIjMhGWEnIDQ5AREzUzsMAwUUHGgYNSUgLw4zMxgTDiMvFxAAL1EZaXEGJg0wEAZSCBsnNwEeCRQzVBlpeTQjIDcTJCcUOwgaOw8JcBpaDzB4IDECbCYkJxQ7DgUWPApwCg0PAA83OjRoICBSDBInC08bDRBTFX9qByQgCBsNOhoJGgdbAQAdIiYzCysuIzQ1PRI6WjEZcSQGPA4IIzMMaS43Ix8AAzZaEg45Vjc7HgNRMxwgdTYjHAAGOiAOfisRDTQofAAmMg0pCigyYQAAFzw
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash 6651162c9d7d3f7222c0b49b9835e04c
a14c0082e138eac8aa19ca448ac670f28e59f7bd
49ed86cca298f02ec4628570fcdbe22b3e74df8474c1c4550a993be7d4479188
GET /QWJiWlggAAE3ZyBfAHwtMw5ff2oHR1AcPHAIUDAudgAUOSs5EwV0Oy0NFz4+Mw0MLnYvBxZ/agdbAB9pKC86HwgIBRoCDCkFCRg/OSs1aSwWIzc2EwsaJD8QORoVGxAUOC0JDQoHGjYOBSMgHx5xDVcdHhcvOh0rDjcgYhQiJzAPEDZbFQ8gIjMhGWEnIDQ5AREzUzsMAwUUHGgYNSUgLw4zMxgTDiMvFxAAL1EZaXEGJg0wEAZSCBsnNwEeCRQzVBlpeTQjIDcTJCcUOwgaOw8JcBpaDzB4IDECbCYkJxQ7DgUWPApwCg0PAA83OjRoICBSDBInC08bDRBTFX9qByQgCBsNOhoJGgdbAQAdIiYzCysuIzQ1PRI6WjEZcSQGPA4IIzMMaS43Ix8AAzZaEg45Vjc7HgNRMxwgdTYjHAAGOiAOfisRDTQofAAmMg0pCigyYQAAFzw HTTP/1.1
Host: dhthrewdownth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1192
date: Sat, 25 Feb 2023 14:04:45 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: URSvEfCiOigjM-kP7r_ic2U7m9t-bHXBUXVO-HPhHpu5b2795-q4ug==
X-Firefox-Spdy: h2
cagothie.net/5/2726715/?oo=1&aab=1
200 OK 1.3 kB URL HTTP/2 cagothie.net/5/2726715/?oo=1&aab=1
IP
File type JSON data\012- , ASCII text, with very long lines (2770), with no line terminators
Hash 07ea01b27b52b795818d67250d43d6a0
855de8742d283d1823377a0fc9c5edc3d38fe223
98329505787f2b712d274e26a4904bf508a7a2175e3912c5de2dec14d7c6505f
GET /5/2726715/?oo=1&aab=1 HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 14:04:45 GMT
content-type: application/json
x-trace-id: 2171401b67fd42151a34cb82b5df5212
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=243ce431c65a46c3b48e0b6b64f46fc1; expires=Sun, 25 Feb 2024 14:04:45 GMT; path=/; secure; SameSite=None
oaidts=1677333885; expires=Sun, 25 Feb 2024 14:04:45 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
adirtlseividwhik.xyz/c2VHY1VcWiQQaDwyK1EGHTwMOz4pUBUyZBY3dCkRN1Q/LDMYXWEXPBdYflRjR1V/RSUaAXpScwARJhcgAFh2RTwdAyhecwVYdk1mR0t0UXtCQzJeZFURNwIyTlRhEyEHCXpSY0RSdFBmSlB1W2xE
204 No Content 0 B URL HTTP/2 adirtlseividwhik.xyz/c2VHY1VcWiQQaDwyK1EGHTwMOz4pUBUyZBY3dCkRN1Q/LDMYXWEXPBdYflRjR1V/RSUaAXpScwARJhcgAFh2RTwdAyhecwVYdk1mR0t0UXtCQzJeZFURNwIyTlRhEyEHCXpSY0RSdFBmSlB1W2xE
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /c2VHY1VcWiQQaDwyK1EGHTwMOz4pUBUyZBY3dCkRN1Q/LDMYXWEXPBdYflRjR1V/RSUaAXpScwARJhcgAFh2RTwdAyhecwVYdk1mR0t0UXtCQzJeZFURNwIyTlRhEyEHCXpSY0RSdFBmSlB1W2xE HTTP/1.1
Host: adirtlseividwhik.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 25 Feb 2023 14:04:45 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PcmQaSl0GwY5O1BCGqh0YF1z3l90kIUzHfxiWZOwAY0MzL0RZbzx9tEcg0Lb1DSddYxC6vrpeKtEzw88VR1IWWq7miTgauyKz1k55K3w3yMtWsAQQhYrEWp4f5r7ZmeW1fbvcYjrjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f0fdef0f3cb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lGsg68z0c/zhVtmnXGtdbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FslyKJ7MEgcyxFZMhr0wraLIYGA=
ocsp.digicert.com/
200 OK 471 B IP
Hash 3679db97cfdd3a466f75bbbb18ee4d38
84a4b1c4c2cb4363c2857e592d4fbe5e951c500e
be8472083dc58a371be148c7b141a4fe14c35f8b22e1edf56c1123e567cd2aed
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4077
Cache-Control: max-age=125890
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Etag: "63f94e52-1d7"
Expires: Mon, 27 Feb 2023 01:02:55 GMT
Last-Modified: Fri, 24 Feb 2023 23:54:58 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 5d6d2dc56034ceeb9879a97a225229c5
97cc164f3bb36a445348f872091edf29358b4621
2aef17106815e6ff6a7639355abb7b756df360e015ff15bc14c8ffe454cad0d2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 527dd4dc480e43e8337fa4294e6df8f6
0d34ac88a77411961e981def1d8726cc1e01c3ca
4c024337a9b882d34a388d4ebb2ed7d83238f6585360df2d146b4d1fe84bbbd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cd486f4ea33f4234aa9ef9b1a229845d
6eb70b1e0f9c5ea8c5ff9661f7569a4d8010c55a
48aaf83b4b1462a8736213a1072547d2c718010184e5a2195fbf7aabd87c81d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 527dd4dc480e43e8337fa4294e6df8f6
0d34ac88a77411961e981def1d8726cc1e01c3ca
4c024337a9b882d34a388d4ebb2ed7d83238f6585360df2d146b4d1fe84bbbd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dhthrewdownth.com/utx?cb=74vdEK0igzl4&top=www.upload-4ever.com&tid=976112
204 No Content 0 B URL HTTP/2 dhthrewdownth.com/utx?cb=74vdEK0igzl4&top=www.upload-4ever.com&tid=976112
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=74vdEK0igzl4&top=www.upload-4ever.com&tid=976112 HTTP/1.1
Host: dhthrewdownth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 25 Feb 2023 14:04:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload-4ever.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 25 Feb 2023 14:05:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RNKYSactKcF3VBwE7ozn8e3K644B40L9I2uruX7fcdX9VtDIbwngXg==
X-Firefox-Spdy: h2
ssl.google-analytics.com/ga.js
200 OK 17 kB URL HTTP/2 ssl.google-analytics.com/ga.js
IP
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Sat, 25 Feb 2023 13:43:09 GMT
expires: Sat, 25 Feb 2023 15:43:09 GMT
cache-control: public, max-age=7200
age: 1296
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
dhthrewdownth.com/utx?cb=uGJT7dfNWwqt&top=www.upload-4ever.com&tid=976408
204 No Content 0 B URL HTTP/2 dhthrewdownth.com/utx?cb=uGJT7dfNWwqt&top=www.upload-4ever.com&tid=976408
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=uGJT7dfNWwqt&top=www.upload-4ever.com&tid=976408 HTTP/1.1
Host: dhthrewdownth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 25 Feb 2023 14:04:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload-4ever.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 25 Feb 2023 14:05:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4gFGubkN_5QQFezxGf5inWWBRjTma60KQ0hAHPYD7czIkE_OOjw7KA==
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 4064e97c86451cf7121a4f1d7fca96db
cf74028bb7febcceac07fc176804db38fbcccf69
3c7e94bdc7b1bb73b7235c642d25ad7cae98fc666c27e8822b29bcd59446dd6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3C7E94BDC7B1BB73B7235C642D25AD7CAE98FC666C27E8822B29BCD59446DD6A"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18295
Expires: Sat, 25 Feb 2023 19:09:40 GMT
Date: Sat, 25 Feb 2023 14:04:45 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 4064e97c86451cf7121a4f1d7fca96db
cf74028bb7febcceac07fc176804db38fbcccf69
3c7e94bdc7b1bb73b7235c642d25ad7cae98fc666c27e8822b29bcd59446dd6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3C7E94BDC7B1BB73B7235C642D25AD7CAE98FC666C27E8822B29BCD59446DD6A"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18295
Expires: Sat, 25 Feb 2023 19:09:40 GMT
Date: Sat, 25 Feb 2023 14:04:45 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 4064e97c86451cf7121a4f1d7fca96db
cf74028bb7febcceac07fc176804db38fbcccf69
3c7e94bdc7b1bb73b7235c642d25ad7cae98fc666c27e8822b29bcd59446dd6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3C7E94BDC7B1BB73B7235C642D25AD7CAE98FC666C27E8822B29BCD59446DD6A"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18295
Expires: Sat, 25 Feb 2023 19:09:40 GMT
Date: Sat, 25 Feb 2023 14:04:45 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 4064e97c86451cf7121a4f1d7fca96db
cf74028bb7febcceac07fc176804db38fbcccf69
3c7e94bdc7b1bb73b7235c642d25ad7cae98fc666c27e8822b29bcd59446dd6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3C7E94BDC7B1BB73B7235C642D25AD7CAE98FC666C27E8822B29BCD59446DD6A"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18295
Expires: Sat, 25 Feb 2023 19:09:40 GMT
Date: Sat, 25 Feb 2023 14:04:45 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 54875c45285554d22a4971f072856e6e
ea883777745e6488891910760afd6b7c58b22b3c
314c9735f3bfc468df08e1d0c2e358bce7507b1203227b680f11c4b98e09c961
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Feb 2023 14:04:45 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-502850445%3A1677333885593314&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHch6cfLzku7LAK8TGosLFZBXhmaJlnJziLyFzdNd9NHl8czjumSE6Iu2moVt4KXHTZya33HOA
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-zEpPSy3ck3Xo2o-HT_QLhg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:4RkIw4IVGe8ODhtkSRtuv-JaYsCdCA:9RiHqBVLxyg4Q54Q;Path=/;Expires=Mon, 24-Feb-2025 14:04:45 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 8abd85c4851a2251658f73408361c2cd
e95b0defc476cb223573bceca80abd21dc3ef0ed
b17a51780e4da46ffeb90523e26b943274e49ecebff5b39babc1499343b24935
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Feb 2023 14:04:45 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-620703275%3A1677333885602217&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHceMzA827Eb8AY4Roz5lZyM_9ZroWQEnkChomt6lTWx15Hz6XjUABAkdWm3iDOFZHPVrR8a1A
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-eR8F_xlF-sgQ6VR1N1ijRA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:tQVUSpbIr3ai_cyYIu1HYyq5HkV1rA:Xjf5XpusgRN22oiv;Path=/;Expires=Mon, 24-Feb-2025 14:04:45 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
200 OK 49 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
File type ASCII text, with very long lines (3649)
Hash 089c74cc68b30801123ec89596a7fc5b
0d0b5242ea8d8895ed0744d90b81f3cb2dcd57d4
0ae20c0701e5e1350374e93b605d7eeb43a29bd9af7a3540a0d9d055c89454aa
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 25 Feb 2023 14:04:45 GMT
expires: Sat, 25 Feb 2023 14:04:45 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 277411914167607145
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49367
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 5d6d2dc56034ceeb9879a97a225229c5
97cc164f3bb36a445348f872091edf29358b4621
2aef17106815e6ff6a7639355abb7b756df360e015ff15bc14c8ffe454cad0d2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d1j2jv7bvcsxqg.cloudfront.net/9bE1iMXEPIgxXThgkBgxIW3tWAUlKJxFeHxxwAHUZOSUKexlVDABEF0o5GFVMXGsOUB8LcERUHw9wUxcQCC9fBVcYPQ1aTBgvF0YWGzwOQQBKOAMMHAM3C10dDWhQd0RCfUcDQUQ6C18VAzoRFENcIxYUQ1x8Uh9BSX4gFENcOgtfR1hoUXNUXn0aB0VJfi-AUQ1w/FBRCLXxSBF9cZEcDQQsoAVoeSX8kA0FdfVIAQV1oUAEXBT8HVx4UaFB3QFx4TAFXGXBT
200 OK 558 B URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/9bE1iMXEPIgxXThgkBgxIW3tWAUlKJxFeHxxwAHUZOSUKexlVDABEF0o5GFVMXGsOUB8LcERUHw9wUxcQCC9fBVcYPQ1aTBgvF0YWGzwOQQBKOAMMHAM3C10dDWhQd0RCfUcDQUQ6C18VAzoRFENcIxYUQ1x8Uh9BSX4gFENcOgtfR1hoUXNUXn0aB0VJfi-AUQ1w/FBRCLXxSBF9cZEcDQQsoAVoeSX8kA0FdfVIAQV1oUAEXBT8HVx4UaFB3QFx4TAFXGXBT
IP
File type ASCII text, with very long lines (805), with no line terminators
Hash 0911834f999189663ae59c308f22609b
76b16906fa5c071176c48594b3f81c00c1e267e3
49173bd35937b4e1036f69c74b7691151a4cc0f17160230b25ba6ad4b5fab720
GET /9bE1iMXEPIgxXThgkBgxIW3tWAUlKJxFeHxxwAHUZOSUKexlVDABEF0o5GFVMXGsOUB8LcERUHw9wUxcQCC9fBVcYPQ1aTBgvF0YWGzwOQQBKOAMMHAM3C10dDWhQd0RCfUcDQUQ6C18VAzoRFENcIxYUQ1x8Uh9BSX4gFENcOgtfR1hoUXNUXn0aB0VJfi-AUQ1w/FBRCLXxSBF9cZEcDQQsoAVoeSX8kA0FdfVIAQV1oUAEXBT8HVx4UaFB3QFx4TAFXGXBT HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhthrewdownth.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 558
date: Sat, 25 Feb 2023 14:04:45 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: y4AP1wtWWxwbEOIg4ObvT1fqmIva974D6HQU1zXQoX_BtNyFJo-TMA==
X-Firefox-Spdy: h2
d1j2jv7bvcsxqg.cloudfront.net/zQmljWFkhBg0+ZjYAB2VgdV9SaWtkAxA3NzJUJzFpET46FDQxITc5P2QdGTxkck8POTclVEU9NyFUUn44JgtebH82GQwzZDYLFi8+NRgPKChkHAJlNC0TCjQ1I0xRHmxsWUZqaWoeCjY9LR4QfWtyBxd9a3JYU3ZpZ1ohfWtyHgo2b3ZMUBp8cFkbbm1nWi-F9a3IbFX1qA1hTbXdyQEZqaSUMADM2Z1slamlzWVNpaXNMUWg/KxsGPjY6TFEeaHJcTWh/N1RS
200 OK 521 B URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/zQmljWFkhBg0+ZjYAB2VgdV9SaWtkAxA3NzJUJzFpET46FDQxITc5P2QdGTxkck8POTclVEU9NyFUUn44JgtebH82GQwzZDYLFi8+NRgPKChkHAJlNC0TCjQ1I0xRHmxsWUZqaWoeCjY9LR4QfWtyBxd9a3JYU3ZpZ1ohfWtyHgo2b3ZMUBp8cFkbbm1nWi-F9a3IbFX1qA1hTbXdyQEZqaSUMADM2Z1slamlzWVNpaXNMUWg/KxsGPjY6TFEeaHJcTWh/N1RS
IP
File type ASCII text, with very long lines (725), with no line terminators
Hash 4528499061e1fa46e0500c58467afc2f
abcd103866e5e3b5182aa36be6b951666259358f
4b2be8f70d2d1f702f953733652dcb83f6531f5c05f365ad13108f9482709cc1
GET /zQmljWFkhBg0+ZjYAB2VgdV9SaWtkAxA3NzJUJzFpET46FDQxITc5P2QdGTxkck8POTclVEU9NyFUUn44JgtebH82GQwzZDYLFi8+NRgPKChkHAJlNC0TCjQ1I0xRHmxsWUZqaWoeCjY9LR4QfWtyBxd9a3JYU3ZpZ1ohfWtyHgo2b3ZMUBp8cFkbbm1nWi-F9a3IbFX1qA1hTbXdyQEZqaSUMADM2Z1slamlzWVNpaXNMUWg/KxsGPjY6TFEeaHJcTWh/N1RS HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhthrewdownth.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 521
date: Sat, 25 Feb 2023 14:04:45 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mQuhqex5GVfOxXUCnPNOwGVvBlXtPLn0ZS-0HlcTvC6Mgx7OC8zg5g==
X-Firefox-Spdy: h2
d1j2jv7bvcsxqg.cloudfront.net/ZQ21ZSFMgAjcubDcEPXVqdFtoeWBlByonPTNQHBsWNDoKeQQLIAoZHxorfzwpJ1Bpbj8iAz51dSYDOnViZQw9Km53Sywpbi4CIyE/Lwx8ehV2Q2ltYXNFLiE9JwIuO3ZxXTc8dnFdaHh9c0hqCnZxXS4hPXVZfHsRZl9pMGV3SGoKdnFdKz52cCxoeGZtXX-BtYXMKPCs4LEhrDmFzXGl4YnNcfHpjJQQrLTUsFXx6FXJdbGZjZRhkeQ
200 OK 196 B URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/ZQ21ZSFMgAjcubDcEPXVqdFtoeWBlByonPTNQHBsWNDoKeQQLIAoZHxorfzwpJ1Bpbj8iAz51dSYDOnViZQw9Km53Sywpbi4CIyE/Lwx8ehV2Q2ltYXNFLiE9JwIuO3ZxXTc8dnFdaHh9c0hqCnZxXS4hPXVZfHsRZl9pMGV3SGoKdnFdKz52cCxoeGZtXX-BtYXMKPCs4LEhrDmFzXGl4YnNcfHpjJQQrLTUsFXx6FXJdbGZjZRhkeQ
IP
File type ASCII text, with no line terminators
Hash 571e113fe08563880cd1d08c1bbf6d32
4309dcd6ef884438c450496e7ccac5ab121e1a9f
35f603f429a8dfe74ea78caf12351def40d275bc3fc4ccb529773126bbd2f5e1
GET /ZQ21ZSFMgAjcubDcEPXVqdFtoeWBlByonPTNQHBsWNDoKeQQLIAoZHxorfzwpJ1Bpbj8iAz51dSYDOnViZQw9Km53Sywpbi4CIyE/Lwx8ehV2Q2ltYXNFLiE9JwIuO3ZxXTc8dnFdaHh9c0hqCnZxXS4hPXVZfHsRZl9pMGV3SGoKdnFdKz52cCxoeGZtXX-BtYXMKPCs4LEhrDmFzXGl4YnNcfHpjJQQrLTUsFXx6FXJdbGZjZRhkeQ HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhthrewdownth.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 196
date: Sat, 25 Feb 2023 14:04:45 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: g8hSw7X521cDWS2tsDCjbfGALZ6wMJQgJMHECAXUPzyqPnRTwsdtZA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 13e3e7d203474a7895d8556ce2cf4136
39737f8ca75c0ca7d40b77d662a5de3a9157d8c8
7a216036ebebc847f9979477e83dcab9c3c84b3067e308eb234141fca26fa38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7A216036EBEBC847F9979477E83DCAB9C3C84B3067E308EB234141FCA26FA38E"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5899
Expires: Sat, 25 Feb 2023 15:43:04 GMT
Date: Sat, 25 Feb 2023 14:04:45 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cd486f4ea33f4234aa9ef9b1a229845d
6eb70b1e0f9c5ea8c5ff9661f7569a4d8010c55a
48aaf83b4b1462a8736213a1072547d2c718010184e5a2195fbf7aabd87c81d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 3679db97cfdd3a466f75bbbb18ee4d38
84a4b1c4c2cb4363c2857e592d4fbe5e951c500e
be8472083dc58a371be148c7b141a4fe14c35f8b22e1edf56c1123e567cd2aed
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4077
Cache-Control: max-age=125890
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Etag: "63f94e52-1d7"
Expires: Mon, 27 Feb 2023 01:02:55 GMT
Last-Modified: Fri, 24 Feb 2023 23:54:58 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
200 OK 117 kB URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
IP
Size 117 kB (117279 bytes)
Hash b7ba7030cd026f07a05f1a948a27cfbe
0a68698e791dfcb29cc0c4611159340e534caee9
d78e6b88f16556f8c1f54760760aa16ef6fbd11d1b3bc75b1f542abb1d8d277a
GET /?bvjjd=976112 HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 116592
date: Sat, 25 Feb 2023 14:04:45 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload-4ever.com
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: c7cIOKEIsKxdGseR-uhOkx2NwIxZSQkc2FzGNvFkK4Y8rMoNxrDIDA==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 80b664ae7813e0611e545ea1aa59c5d4
90045c02af3269f49365beff12b71652f9b37632
2a94bdd5c32548407f3a68d1c0fb39dbbf4442bf4c352b687e15d6797180f285
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.rtmark.net/gid.js?userId=243ce431c65a46c3b48e0b6b64f46fc1
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=243ce431c65a46c3b48e0b6b64f46fc1
IP
File type JSON data\012- , ASCII text
Hash cb543b4d3df8400fb87fcce883e478f9
db6f91e000b6b39ef29b8a1ad3e162444a34752f
9be45d667c03d3066bd1f22c80bc17c78beb0aa887e2c7e99902968a736267d8
GET /gid.js?userId=243ce431c65a46c3b48e0b6b64f46fc1 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 14:04:45 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=243ce431c65a46c3b48e0b6b64f46fc1; expires=Sun, 25 Feb 2024 14:04:45 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 4064e97c86451cf7121a4f1d7fca96db
cf74028bb7febcceac07fc176804db38fbcccf69
3c7e94bdc7b1bb73b7235c642d25ad7cae98fc666c27e8822b29bcd59446dd6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3C7E94BDC7B1BB73B7235C642D25AD7CAE98FC666C27E8822B29BCD59446DD6A"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18295
Expires: Sat, 25 Feb 2023 19:09:40 GMT
Date: Sat, 25 Feb 2023 14:04:45 GMT
Connection: keep-alive
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845
302 Found 367 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 56f2bc07de4d1763647c8e33ced7e2d4
52e5105a18c9583f2df21103b8c68013053a4efb
41505f2c2b93acc63ed274bfa49a9ea73e6801b1ac177260133bbe5c065ac52f
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 25 Feb 2023 14:04:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8af58b5d89fa267d151c2c85402a26ae
72f52cc236739d95a87484d5a089ebdd27905b03
5d4c25c18dcc924fff85204f4b155b3858cb0697af5c5ad328a462d823fa9680
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 14:04:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845
302 Found 0 B URL HTTP/2 www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Feb 2023 14:04:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845&slf_rd=1&random=3767738287
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 2.0 kB IP
File type ASCII text, with no line terminators
Hash 42fb9be177daec4da6646394ef649d67
f93b2582eabfc169d3a88542ab41d8ed932b4e8a
4543383b7a39b998ceca53b6a0f8990e883a8946c88a97a44a5a6154c4d8280c
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 14:04:45 GMT
content-type: text/plain
set-cookie: csu=2111393408045329@1@1677333885; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qQklDX9VsLU3oPsD7LIdxup8krcWgKmhTp32hWjDVOiYoQgkgHYbeUOWA0pRpdIEYTZoSwHsBzIQ%2FZGT79bo0SNfAtBMaVkHj4O4kAihZlLORjLqlrCQWax3mkTduIOe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f0fdf1ebb14136-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845&slf_rd=1&random=3767738287
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845&slf_rd=1&random=3767738287
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=1654713806.1677333953&jid=271622087&_v=5.7.2&z=392043845&slf_rd=1&random=3767738287 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Feb 2023 14:04:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-620703275%3A1677333885602217&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHceMzA827Eb8AY4Roz5lZyM_9ZroWQEnkChomt6lTWx15Hz6XjUABAkdWm3iDOFZHPVrR8a1A
403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-620703275%3A1677333885602217&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHceMzA827Eb8AY4Roz5lZyM_9ZroWQEnkChomt6lTWx15Hz6XjUABAkdWm3iDOFZHPVrR8a1A
IP
Hash bfa5d652874dcb34309e89b494ca7f7b
05333bc7c4ad4a4d369f8449b1f613511f7d2d92
53e1b68bcd2e9f99c58e3dfac28f1d3e398bb46a54b5c536f480660c7cd453be
GET /v3/signin/identifier?dsh=S-620703275%3A1677333885602217&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHceMzA827Eb8AY4Roz5lZyM_9ZroWQEnkChomt6lTWx15Hz6XjUABAkdWm3iDOFZHPVrR8a1A HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Feb 2023 14:04:45 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-rvX7brPTx0FnHBCSEXhaMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5d5cf3f527452c87e71b812f75d18aff
e5c41bc319d5831248d3b855ceedf0f9fcede64b
f6a19fa64c95712fdbcf654cc999a244f79fb0dc38b66745a08afad747f9e69c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6A19FA64C95712FDBCF654CC999A244F79FB0DC38B66745A08AFAD747F9E69C"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18059
Expires: Sat, 25 Feb 2023 19:05:45 GMT
Date: Sat, 25 Feb 2023 14:04:46 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5d5cf3f527452c87e71b812f75d18aff
e5c41bc319d5831248d3b855ceedf0f9fcede64b
f6a19fa64c95712fdbcf654cc999a244f79fb0dc38b66745a08afad747f9e69c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6A19FA64C95712FDBCF654CC999A244F79FB0DC38B66745A08AFAD747F9E69C"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18059
Expires: Sat, 25 Feb 2023 19:05:45 GMT
Date: Sat, 25 Feb 2023 14:04:46 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5d5cf3f527452c87e71b812f75d18aff
e5c41bc319d5831248d3b855ceedf0f9fcede64b
f6a19fa64c95712fdbcf654cc999a244f79fb0dc38b66745a08afad747f9e69c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6A19FA64C95712FDBCF654CC999A244F79FB0DC38B66745A08AFAD747F9E69C"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18059
Expires: Sat, 25 Feb 2023 19:05:45 GMT
Date: Sat, 25 Feb 2023 14:04:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg
200 OK 2.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 07de4b2f670ddb3d7188529f2a663e32
6eb14318c585598c0ee9e7e5d694eb190f2cfbbc
6f6c649e01b654856df8a17db50787b7888dc063a4d68a337ce8bfad275bcadd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2472
x-amzn-requestid: 9d01ae07-0fbe-416a-a72f-fc2a346cb69e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A1SX7FW0oAMFv7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f86432-343b48897370e2ba75832e37;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 07:16:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KmYGtLT5vCrL-aCB3-NB1eOAWIhm0Iu4DeWpk7Ai63K-fPfEjMK9Bw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 17:57:07 GMT
age: 72459
etag: "6eb14318c585598c0ee9e7e5d694eb190f2cfbbc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg
200 OK 2.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 94622f58aa91b60efcab072bbfc1b8fc
481c511819075f80bacc5cca0b50c3650b5789d1
767c220ed09fbb28216023785c3609993185463dea0fcdc6cb355d6d00acd6b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2433
x-amzn-requestid: 1eb77631-515a-41f7-ac18-59c8cd22c4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ax_KCHgAoAMFu5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7123f-051da60474344e58658cc980;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 07:14:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KStkU8id8VhC4s3kYYvxctpem7798i9K7jNQUVNahm_mycuGOaE72g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 07:44:04 GMT
age: 22842
etag: "481c511819075f80bacc5cca0b50c3650b5789d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36dc2d4e-4b29-46e0-bb39-0a814087d2f9.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36dc2d4e-4b29-46e0-bb39-0a814087d2f9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0bb3d8844849cad793b503bfd006a7ad
6f5af2975e81194c6691925271d0c35b8b9c5f36
26ec89c8c7af52aba33cb83f5b78c86c92c7ceafba389d41be7fa8f5344cfcfd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36dc2d4e-4b29-46e0-bb39-0a814087d2f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10549
x-amzn-requestid: ec648b3f-3332-4ef7-8fdd-94ecfb2ced3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A3Q9fFoTIAMFyCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f92ebc-241497c664b4abd8460717a1;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 21:40:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: rpa0DRBGoAnPd4mT1LgRXYHmYWrWsAUp0F7ZOvzDo08VawKo-jnXgg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 22:13:00 GMT
etag: "6f5af2975e81194c6691925271d0c35b8b9c5f36"
content-type: image/jpeg
age: 57106
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a5f3d376fe6a3a78a5d1fe136f962fb
3e9b03cc296e954d63526a4e7e75beea3130fc3b
c8cf4f1c0352102764247e4dc5a2076921e0eaa18bfd110e5b0b97a55c706690
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9093
x-amzn-requestid: 3fd9f8c8-cf10-4222-a2cc-5f18ff7b2e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9D3HqmoAMFeBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbb2-352315613cc0c2bc7eb28e05;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:33:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S8s54RJtScNtsl6uEFtBEHnTj4lb3l5xIWR96Kvr_SdwQQQMgSKNxA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:34:57 GMT
age: 59389
etag: "3e9b03cc296e954d63526a4e7e75beea3130fc3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg
200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5c457f02a50b085b748b7e806f166f7
a7b75438ba91b71e023e2e6e355563ac2635bf25
7607c112a56f9893b0c491cad54d7d83be0fa414e69dd44c251e074e15877f6a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5269
x-amzn-requestid: e6460273-d038-41fa-9915-5f5762feecab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A3QiUFqhIAMF5sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f92e0e-6c3baead0e2b8845557bf7e9;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 21:37:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 07pNAHZlG7fP3dgG0eb-onMglfj9-wP2RAFShvr3b-MkOECPQZaSdA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:40:19 GMT
age: 59067
etag: "a7b75438ba91b71e023e2e6e355563ac2635bf25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8df7bb3-23f9-4745-a87b-56dbaac608e8.jpeg
200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8df7bb3-23f9-4745-a87b-56dbaac608e8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0c0e31971a6962a20179c6382722bcd
d4ce1e3f869e298bd50949a3ef7b37c15c7fd463
20a00f064cf4b272f611b14f25a1114889e3cca39bd8db0733979ea74e5a1263
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8df7bb3-23f9-4745-a87b-56dbaac608e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5107
x-amzn-requestid: 54f2745f-f40b-468c-ae63-c3db190af06d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ArHrOGYlIAMF6MA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f45314-68440a6d63847f784864789f;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 05:13:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dcj25-H1pRc3LKo4SPupKUCysTo1nFqIVyoJS1tW5pTnLA2I4jJE-A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 17:57:08 GMT
age: 72458
etag: "d4ce1e3f869e298bd50949a3ef7b37c15c7fd463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 25 Feb 2023 14:04:45 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2367
last-modified: Sat, 25 Feb 2023 13:25:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gh36ACOzQxZWmdYcy0lrHv5znGnZfR%2BjJnyX5y7NBthYF4T1brAHtqBvYIavjq%2FXw1bpwe5MaUqjjSTuOsfcoHx09WasyflQmRtHca2d2Mzt3H1nb2Ox0nnEWK7syDX%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f0fdf13aa94136-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Feb 2023 14:04:45 GMT
content-type: text/plain
set-cookie: csu=1826735215634981@1@1677333885; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3VuM2UfYtL%2BM9ppERSYmpmh2Qt2ywAqccdAd9WnINHI4OctRM6s2BBGQm%2F%2BeaT1yJ8b6i1PnK1ivDi2jdfsqt3FyiEwk6225XE0NQQJ0keEysssQ2N1b5UrzONXUII6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f0fdf14aae4136-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.upload-4ever.com/jnwztbqjmc6c/Multi%20OEM-Retail%20Project%20Build%2028.02.2022.zip
200 OK 0 B URL HTTP/2 www.upload-4ever.com/jnwztbqjmc6c/Multi%20OEM-Retail%20Project%20Build%2028.02.2022.zip
IP
GET /jnwztbqjmc6c/Multi%20OEM-Retail%20Project%20Build%2028.02.2022.zip HTTP/1.1
Host: www.upload-4ever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 25 Feb 2023 14:04:44 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=0;includeSubDomains;
expires: Fri, 24 Feb 2023 14:04:44 GMT
cf-cache-status: BYPASS
set-cookie: aff=1203145; domain=.upload-4ever.com; path=/; expires=Sat, 11-Mar-2023 14:04:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VqHzknErzW7WjN8untSplrnhgpqLvf97wTWPP1%2FoMgMnu%2BHRdzd03VslaKqzLeX4e35Qavu%2BzoozVhHPcAtMteVsgU1P2XfQb0HjGniKuWv%2BUNpej9KibVOyd4Ow5T0I2k2k2zfi3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f0fde9cc441c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: zsoyGpipYlQvoT3Mk7q5Bs5UF0oubrPvsk5RvBwRm2AfAIBU0iMtFw0XRLh2wqG4dKg9kaR7CxCxLdK9nY88Hw==
date: Sat, 25 Feb 2023 14:04:45 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 25 Feb 2023 14:04:45 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2367
last-modified: Sat, 25 Feb 2023 13:25:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pgC5yGbh%2Bw70nkGPouihV28wdWVnR9YpKGlakBeN1sM%2FHzv9S%2FyeIlPqCJ0o6N55lerLQ2XCvhx2rWPdFD%2FN9wDToSkinPvxPYUVAClscllLDlx9aeQOSqTOCKC1Qsvo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f0fdf14abb4136-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-502850445%3A1677333885593314&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHch6cfLzku7LAK8TGosLFZBXhmaJlnJziLyFzdNd9NHl8czjumSE6Iu2moVt4KXHTZya33HOA
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-502850445%3A1677333885593314&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHch6cfLzku7LAK8TGosLFZBXhmaJlnJziLyFzdNd9NHl8czjumSE6Iu2moVt4KXHTZya33HOA
IP
GET /v3/signin/identifier?dsh=S-502850445%3A1677333885593314&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHch6cfLzku7LAK8TGosLFZBXhmaJlnJziLyFzdNd9NHl8czjumSE6Iu2moVt4KXHTZya33HOA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Feb 2023 14:04:45 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-DrL0HEnLSklOqGKGXCcHew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
172.67.152.107
23.36.77.32
93.184.220.29
104.21.12.131
31.13.72.36