www.upload-4ever.com/z8xqyu0l0iub/njRAT%20v0.7d%20By%20LBS.rar
104.21.12.131301 Moved Permanently 0 B URL HTTP/1.1 www.upload-4ever.com/z8xqyu0l0iub/njRAT%20v0.7d%20By%20LBS.rar
IP 104.21.12.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /z8xqyu0l0iub/njRAT%20v0.7d%20By%20LBS.rar HTTP/1.1
Host: www.upload-4ever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 03 Feb 2023 12:26:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 03 Feb 2023 13:26:29 GMT
Location: https://www.upload-4ever.com/z8xqyu0l0iub/njRAT%20v0.7d%20By%20LBS.rar
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nED5vKDhcSey4JSgNH6MGIBSZNiXzaE%2BfutgJ71Q30BO%2BPui5vHu3A%2BcNrropuFnv4YSXGcijPJk%2Fd5I7km%2B%2B3ssSE4DKG92QEewPVfljHKtsDxUvR5Vq%2BugSsan39Dg1XcUrKYyJg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793b27beb9fd1c16-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17226
Expires: Fri, 03 Feb 2023 17:13:35 GMT
Date: Fri, 03 Feb 2023 12:26:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3770
Expires: Fri, 03 Feb 2023 13:29:19 GMT
Date: Fri, 03 Feb 2023 12:26:29 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 11:36:10 GMT
content-type: application/json
age: 3019
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18204
Expires: Fri, 03 Feb 2023 17:29:53 GMT
Date: Fri, 03 Feb 2023 12:26:29 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yWa2KZc0Jka52TJ8/ZHnFlAXSkV7g/BvJOQ8tDF7mfgC5NjPLG4YvaOx8B8KKLpgPk4dnpwAZng=
x-amz-request-id: NQYGTPPC5VPCH8V8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 11:52:24 GMT
age: 2045
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6b97f158f3ebeab4529b1293abb064a0
9b2d26181c0126de9cae80e62af8235b2a5a54ec
e1a58a5177ec3a17c2850feb6427f4cdf2bbf3c6ba05928b4414be6569c93f5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1741
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:29 GMT
Etag: "63db504a-117"
Last-Modified: Fri, 03 Feb 2023 11:57:28 GMT
Server: ECS (amb/6B91)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 12:26:29 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6b97f158f3ebeab4529b1293abb064a0
9b2d26181c0126de9cae80e62af8235b2a5a54ec
e1a58a5177ec3a17c2850feb6427f4cdf2bbf3c6ba05928b4414be6569c93f5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1742
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:30 GMT
Last-Modified: Fri, 03 Feb 2023 11:57:28 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 14 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
Hash b5a126a1e89c816c641e7857b2abfd37
00d7a09048548410164e7fb05a6dc5ef26823f8f
74035b79a6b2f677e60ff40af24f26ded054eb5474d3428c159d5bde426699ed
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 12:07:19 GMT
age: 1151
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
54.230.245.28200 OK 116 kB URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
IP 54.230.245.28:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 116 kB (116206 bytes)
Hash ca24629e2a978024da4f437a84769639
1bbc3f5b052b84e9658d87f6bea1c1814f1ff41e
63caf3efef0af6a4766f0cb1d00fb2c9a02e788f897c0a97f08eadc8f7634a06
GET /?bvjjd=976112 HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 116206
date: Fri, 03 Feb 2023 12:26:30 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XfbeGgFNfV_GYuJL5OoMIOQawmwWt1SRqqG3y6BgFUZYgPfp3SGxlg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4307
Expires: Fri, 03 Feb 2023 13:38:17 GMT
Date: Fri, 03 Feb 2023 12:26:30 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.131:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:30 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 32 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 511200c557046ec264dc21eb29fc9f07
4d89ee901705c651f0bf547e6f0da3aea31c02ce
99e85f98493ba494d46e611bc79aaf4330fc4cd82fbb8d7b1c81cb79c25344c9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9E978606DCE53CDCC7AE0F92A8F7ECF61B523EE0388A780D9D0CB8640AC8F48"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15943
Expires: Fri, 03 Feb 2023 16:52:13 GMT
Date: Fri, 03 Feb 2023 12:26:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f215374a8b01f8a59f101ad68ffe3bc0
8436893df0721320cd93f7242c98ff05faa4b441
b9e978606dce53cdcc7ae0f92a8f7ecf61b523ee0388a780d9d0cb8640ac8f48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9E978606DCE53CDCC7AE0F92A8F7ECF61B523EE0388A780D9D0CB8640AC8F48"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15943
Expires: Fri, 03 Feb 2023 16:52:13 GMT
Date: Fri, 03 Feb 2023 12:26:30 GMT
Connection: keep-alive
cagothie.net/tag.min.js
139.45.197.238200 OK 24 kB IP 139.45.197.238:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1a417e9b10144729d212117089f3a224
6c16ab6489d19d435fd63bc6c8e991190cc886cb
b9f0f73212140bcc34f47ac279ae6c59c239e4135f70694557c8f119e6dece44
GET /tag.min.js HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 12:26:30 GMT
content-type: text/javascript; charset=utf-8
content-length: 23495
content-encoding: br
x-trace-id: a4f7d0fb2e74cd4ff6834ec81c0a34aa
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 03 Feb 2023 10:48:10 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
lehebraverooper.xyz/RlV4TjJpahs9DyMAEzdlAjkyLWMiMjwLQjEXFTl9EjtICFAhOl46WyJoQXkEd2RLaEIvMUV/CmAmDC9GMyZFfxQvOx4hD2AjRX8cdntKYABgIEV/FDIlGSkPd3MIOkYqaEl4BXNhSnkAdGRNegs
104.21.68.94204 No Content 0 B URL HTTP/2 lehebraverooper.xyz/RlV4TjJpahs9DyMAEzdlAjkyLWMiMjwLQjEXFTl9EjtICFAhOl46WyJoQXkEd2RLaEIvMUV/CmAmDC9GMyZFfxQvOx4hD2AjRX8cdntKYABgIEV/FDIlGSkPd3MIOkYqaEl4BXNhSnkAdGRNegs
IP 104.21.68.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RlV4TjJpahs9DyMAEzdlAjkyLWMiMjwLQjEXFTl9EjtICFAhOl46WyJoQXkEd2RLaEIvMUV/CmAmDC9GMyZFfxQvOx4hD2AjRX8cdntKYABgIEV/FDIlGSkPd3MIOkYqaEl4BXNhSnkAdGRNegs HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 12:26:30 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AMI%2B9n2DGxKQ3xA4ezMRvKFgvJx13FpRwci9%2B3f8RmevxLYO8GXl%2BabLvmR%2Ba7vrD6kBwGzpPpKiGBmsTNOGTdHxAukJUw3%2B78VcZ6HMIdTHAHWw9c07PBtyWjSjmZRIEw2t4U0Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793b27c66c94b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lehebraverooper.xyz/NEFEZEkbficXdGMvHlAbYxM2NnlAOBEzeHUVHCYtVgQWKipYEGIQIFB8fVN/AHF8QjldJXlVb0c1JRA8R3x1QiBaJytZb0J8dUp6AG93VWcGZzFZeBI1NAUuCXBiFD1ALXlVfwN0cFZ+BnN1UXwN
104.21.68.94204 No Content 0 B URL HTTP/2 lehebraverooper.xyz/NEFEZEkbficXdGMvHlAbYxM2NnlAOBEzeHUVHCYtVgQWKipYEGIQIFB8fVN/AHF8QjldJXlVb0c1JRA8R3x1QiBaJytZb0J8dUp6AG93VWcGZzFZeBI1NAUuCXBiFD1ALXlVfwN0cFZ+BnN1UXwN
IP 104.21.68.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NEFEZEkbficXdGMvHlAbYxM2NnlAOBEzeHUVHCYtVgQWKipYEGIQIFB8fVN/AHF8QjldJXlVb0c1JRA8R3x1QiBaJytZb0J8dUp6AG93VWcGZzFZeBI1NAUuCXBiFD1ALXlVfwN0cFZ+BnN1UXwN HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 12:26:30 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kxgywpXFmRq5dtGK%2F44ViKjsEY6eb1iBIQhp7HY7YduhIHMgbIN9eZ%2Bw%2BVQSUNujnxFcbaKowoAAo4PSD%2BgmqsdLc34zcL74tAfJKBYQHN%2F3ritQsARPWZ5EJjm%2BzUX5zlC3HdhA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793b27c66c92b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.187.102.159101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.102.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Sj8ZYQgPFid8Fg7wJ1tRDw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xizLt17omrsUvqW3VVn4Z5qALXQ=
lehebraverooper.xyz/WlZFamR1aSYZWQARdB03N2cdMg8UYRIsAD8EHRICDxAXIAIcbmMeDT5rfF1Sa2d3TBQzMnhbQikiJB4RKWt0TA00MCpXQixrdERXbnh2W0pocDBXVXwiNQsDZ2djGhAuOnhbUm1jcVhTaGR0Xl1o
104.21.68.94204 No Content 0 B URL HTTP/2 lehebraverooper.xyz/WlZFamR1aSYZWQARdB03N2cdMg8UYRIsAD8EHRICDxAXIAIcbmMeDT5rfF1Sa2d3TBQzMnhbQikiJB4RKWt0TA00MCpXQixrdERXbnh2W0pocDBXVXwiNQsDZ2djGhAuOnhbUm1jcVhTaGR0Xl1o
IP 104.21.68.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WlZFamR1aSYZWQARdB03N2cdMg8UYRIsAD8EHRICDxAXIAIcbmMeDT5rfF1Sa2d3TBQzMnhbQikiJB4RKWt0TA00MCpXQixrdERXbnh2W0pocDBXVXwiNQsDZ2djGhAuOnhbUm1jcVhTaGR0Xl1o HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 12:26:30 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ohVBNwdiDXQ4RFK7mur1qpuXu0OrA%2BcDRXvO1ZKzZTClvVapb5gdglWbwgmtOcauDyAZHL6u2QZz49XYdrsSqxDKguPS56Qg9X2mqfRTN64O4PT%2Fy9yenQZBQ1wB9f69ITyQIyiP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793b27c66c91b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hatwasallo.com/aDV0OWcJVxdUWAkIFh8SGllJHFUuEEZ/A1lfRlMRX1cCWhQQRBMXBARaAV0BGloaTUkGUAAcVS58EXE9AWcxYAUvZANQAjlCEnsJBBBGfzNYdyBdPzpQPHsiGn41USstBjV9JAB8IHE2UEY6TiYrcxxdNi5fQFA1PW8xciQLYjFvXgF8DGAxMAYiXiA6fDVcPyJQNVEuGnkhbCUrXDULIDpSLHcNPXQhewQEUAxsPS92REghKlE8XQAqeyN/LQBRMVECLmZEVi8qXiJ3VSZ+Jl4QH2xESSA9BiZWNC57JnsKJn4mUTIcfjEMJDoGF3w/PWcnaS8qeCEISi1yLQkXL3Awcw07TxBtAyB7I2sMHF0QfAA6dw1aEy4EOmgmBmc9a1YiBRAJDyBnR2NVIF1MaC47dCx9DAwHNXwLL2NGSVUwUjpfAzkTHkoIBkVJSFMtRxBIPiFhNVshOFo
54.230.111.17200 OK 1.2 kB URL HTTP/2 hatwasallo.com/aDV0OWcJVxdUWAkIFh8SGllJHFUuEEZ/A1lfRlMRX1cCWhQQRBMXBARaAV0BGloaTUkGUAAcVS58EXE9AWcxYAUvZANQAjlCEnsJBBBGfzNYdyBdPzpQPHsiGn41USstBjV9JAB8IHE2UEY6TiYrcxxdNi5fQFA1PW8xciQLYjFvXgF8DGAxMAYiXiA6fDVcPyJQNVEuGnkhbCUrXDULIDpSLHcNPXQhewQEUAxsPS92REghKlE8XQAqeyN/LQBRMVECLmZEVi8qXiJ3VSZ+Jl4QH2xESSA9BiZWNC57JnsKJn4mUTIcfjEMJDoGF3w/PWcnaS8qeCEISi1yLQkXL3Awcw07TxBtAyB7I2sMHF0QfAA6dw1aEy4EOmgmBmc9a1YiBRAJDyBnR2NVIF1MaC47dCx9DAwHNXwLL2NGSVUwUjpfAzkTHkoIBkVJSFMtRxBIPiFhNVshOFo
IP 54.230.111.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 612cedae1d17c03384778d95d41743d6
8326b4b94c9ebda7c1233aae59e5fc0e074cd0c3
b73f1d94249b4fcc0866064af43197abe45c68a161294b0efb4b82b864960b55
GET /aDV0OWcJVxdUWAkIFh8SGllJHFUuEEZ/A1lfRlMRX1cCWhQQRBMXBARaAV0BGloaTUkGUAAcVS58EXE9AWcxYAUvZANQAjlCEnsJBBBGfzNYdyBdPzpQPHsiGn41USstBjV9JAB8IHE2UEY6TiYrcxxdNi5fQFA1PW8xciQLYjFvXgF8DGAxMAYiXiA6fDVcPyJQNVEuGnkhbCUrXDULIDpSLHcNPXQhewQEUAxsPS92REghKlE8XQAqeyN/LQBRMVECLmZEVi8qXiJ3VSZ+Jl4QH2xESSA9BiZWNC57JnsKJn4mUTIcfjEMJDoGF3w/PWcnaS8qeCEISi1yLQkXL3Awcw07TxBtAyB7I2sMHF0QfAA6dw1aEy4EOmgmBmc9a1YiBRAJDyBnR2NVIF1MaC47dCx9DAwHNXwLL2NGSVUwUjpfAzkTHkoIBkVJSFMtRxBIPiFhNVshOFo HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1197
date: Fri, 03 Feb 2023 12:26:30 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7_VOiyS1dP-qKjgaKfysgowBUFxcUfliUXa6n9irmeCL1SOyZfXRhA==
X-Firefox-Spdy: h2
hatwasallo.com/YXY3MWwAFFRcUwBLVRcZExoKFF4nUwV3CFAcBVsaVhRBUh8ZB1AfDw0ZQlUKExlZRUIPE0MUXicmYGUEECVZcFo3AWZCOBhHZXUCBTxVVlkDEwd/SVMwYlkHDT5eWioqNERoJzAzQng4Ek9iSwASNHR/DzdFR2YiNx1yfTlQUwV3NDAnR2U7BhN0SFgyLHZJITEOcVo6MCNAdjg3I3QDVSI+QAApBBphQy8kPw52OAUVdWVcJRB2QQ0rN2UJLw0GAGAkAj9jAgcYEHZBDTEkXAIoDUNBYBQSEmB5AygUQEk8BCJ9CS8NGQNzAhY6fAIYIBR1aw04R2FDLyBbB0cpGzxvZV8GRFZGBAMTXHMDIjBDRz0MGlJwFgYgZwAPMhQHeAoiIEcUXicuWloJKUVTc0oLBVhfHFw0ZlkcWDJceggKJQ
54.230.111.17200 OK 1.2 kB URL HTTP/2 hatwasallo.com/YXY3MWwAFFRcUwBLVRcZExoKFF4nUwV3CFAcBVsaVhRBUh8ZB1AfDw0ZQlUKExlZRUIPE0MUXicmYGUEECVZcFo3AWZCOBhHZXUCBTxVVlkDEwd/SVMwYlkHDT5eWioqNERoJzAzQng4Ek9iSwASNHR/DzdFR2YiNx1yfTlQUwV3NDAnR2U7BhN0SFgyLHZJITEOcVo6MCNAdjg3I3QDVSI+QAApBBphQy8kPw52OAUVdWVcJRB2QQ0rN2UJLw0GAGAkAj9jAgcYEHZBDTEkXAIoDUNBYBQSEmB5AygUQEk8BCJ9CS8NGQNzAhY6fAIYIBR1aw04R2FDLyBbB0cpGzxvZV8GRFZGBAMTXHMDIjBDRz0MGlJwFgYgZwAPMhQHeAoiIEcUXicuWloJKUVTc0oLBVhfHFw0ZlkcWDJceggKJQ
IP 54.230.111.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Hash 4dac177d4a6038cbd103e365006b68b4
e0e173d641888ccace48f40d832f7d44f2f81095
df1a1fdfcb201f96afa3140a53f1853a7c91a3103dc39032c2bf8bff926cb8f8
GET /YXY3MWwAFFRcUwBLVRcZExoKFF4nUwV3CFAcBVsaVhRBUh8ZB1AfDw0ZQlUKExlZRUIPE0MUXicmYGUEECVZcFo3AWZCOBhHZXUCBTxVVlkDEwd/SVMwYlkHDT5eWioqNERoJzAzQng4Ek9iSwASNHR/DzdFR2YiNx1yfTlQUwV3NDAnR2U7BhN0SFgyLHZJITEOcVo6MCNAdjg3I3QDVSI+QAApBBphQy8kPw52OAUVdWVcJRB2QQ0rN2UJLw0GAGAkAj9jAgcYEHZBDTEkXAIoDUNBYBQSEmB5AygUQEk8BCJ9CS8NGQNzAhY6fAIYIBR1aw04R2FDLyBbB0cpGzxvZV8GRFZGBAMTXHMDIjBDRz0MGlJwFgYgZwAPMhQHeAoiIEcUXicuWloJKUVTc0oLBVhfHFw0ZlkcWDJceggKJQ HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1174
date: Fri, 03 Feb 2023 12:26:30 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: W_tID1fMaZW-Burj_m6DXERhFLxF4GU2PCLjcphlaSFKVt4NeEI2Kg==
X-Firefox-Spdy: h2
hatwasallo.com/dlF4TFMXMxshbBdsGmomBD1FaWEwdEoKN0c7SiYlQTMOLyAOIB9iMBo+DSg1BD4WOH0YNAxpYTBhHRs7Bh8tdDI0JhwYMDdhOggCHmMsIGYSEyAoNTc5CC0aJz0uHAQ3FDAPBjcJKXgHMxRBDh0kYC4bATs7Pw0KORI/JzA0NhcFNRppMggFEigsGWcSAysNACADTSgYAToyDmM3aDskESYAO3kWNAAiHBkeBD0PETRoKH1iPhMvPB8hFD4PGR4yNQ44P2kgCiMsBgI4MCE9Ewk1RzUhGBIvHyAKIywAERULLj1IHTUyJTYbJCNiLH0rOxMffTAhPVUgGzkHAC4YNwNdfhUiFCIWGzEhNBsSQwA0Dho+BTkvGSVgEBURLmgxGxURAB4ZODkQPS8iPiYbHhY+YV1+FSEHEw0KIz03BBIedEoOdRwiFyIjSwUtBzY7OBANOQ4
54.230.111.17200 OK 1.2 kB URL HTTP/2 hatwasallo.com/dlF4TFMXMxshbBdsGmomBD1FaWEwdEoKN0c7SiYlQTMOLyAOIB9iMBo+DSg1BD4WOH0YNAxpYTBhHRs7Bh8tdDI0JhwYMDdhOggCHmMsIGYSEyAoNTc5CC0aJz0uHAQ3FDAPBjcJKXgHMxRBDh0kYC4bATs7Pw0KORI/JzA0NhcFNRppMggFEigsGWcSAysNACADTSgYAToyDmM3aDskESYAO3kWNAAiHBkeBD0PETRoKH1iPhMvPB8hFD4PGR4yNQ44P2kgCiMsBgI4MCE9Ewk1RzUhGBIvHyAKIywAERULLj1IHTUyJTYbJCNiLH0rOxMffTAhPVUgGzkHAC4YNwNdfhUiFCIWGzEhNBsSQwA0Dho+BTkvGSVgEBURLmgxGxURAB4ZODkQPS8iPiYbHhY+YV1+FSEHEw0KIz03BBIedEoOdRwiFyIjSwUtBzY7OBANOQ4
IP 54.230.111.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 848019030218811736e16dac46b74c74
558db5ffcb4cdf4e12cb04a11dddf27722e7e102
1d17680a9c7d1b0e6f7521e55b55605924ba137e6118fa7267993a228169b324
GET /dlF4TFMXMxshbBdsGmomBD1FaWEwdEoKN0c7SiYlQTMOLyAOIB9iMBo+DSg1BD4WOH0YNAxpYTBhHRs7Bh8tdDI0JhwYMDdhOggCHmMsIGYSEyAoNTc5CC0aJz0uHAQ3FDAPBjcJKXgHMxRBDh0kYC4bATs7Pw0KORI/JzA0NhcFNRppMggFEigsGWcSAysNACADTSgYAToyDmM3aDskESYAO3kWNAAiHBkeBD0PETRoKH1iPhMvPB8hFD4PGR4yNQ44P2kgCiMsBgI4MCE9Ewk1RzUhGBIvHyAKIywAERULLj1IHTUyJTYbJCNiLH0rOxMffTAhPVUgGzkHAC4YNwNdfhUiFCIWGzEhNBsSQwA0Dho+BTkvGSVgEBURLmgxGxURAB4ZODkQPS8iPiYbHhY+YV1+FSEHEw0KIz03BBIedEoOdRwiFyIjSwUtBzY7OBANOQ4 HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Fri, 03 Feb 2023 12:26:30 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7iW7GIGnU0sJlQLyvtPPxfP8RrcokA1sVGBhE3Cl1RhJlnPA2eqbEg==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.131:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:30 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d1j2jv7bvcsxqg.cloudfront.net/IeHZiREYbGQwieQwfBnl/T0BTdXReHBErKAhLE3ADChITHQ8sNwACFhdQFj4iRUZEKCcWEV9iIxYVX3VgGRIAeXJeAhIrLUUBCiA2GRgXNjUAUBclexUZGC0qFBdHdgBNWFJhdEheFS0oHBkVN2NKRgwwY0pGU3RoSFNRBmNKRhUtKE5CR3cEXURSPHBMU1-EGY0pGEDJjSzdTdHNWRkthdEgRByctF1NQAnRIR1J0d0hHR3Z2Hh8QISAXDkd2AElGV2p2XgNfdQ
54.230.245.28200 OK 500 B URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/IeHZiREYbGQwieQwfBnl/T0BTdXReHBErKAhLE3ADChITHQ8sNwACFhdQFj4iRUZEKCcWEV9iIxYVX3VgGRIAeXJeAhIrLUUBCiA2GRgXNjUAUBclexUZGC0qFBdHdgBNWFJhdEheFS0oHBkVN2NKRgwwY0pGU3RoSFNRBmNKRhUtKE5CR3cEXURSPHBMU1-EGY0pGEDJjSzdTdHNWRkthdEgRByctF1NQAnRIR1J0d0hHR3Z2Hh8QISAXDkd2AElGV2p2XgNfdQ
IP 54.230.245.28:0
File type ASCII text, with very long lines (678), with no line terminators
Hash da60b37b30825d167d13126e8fcb07ec
f9a48cbd3d4b198282e712ab9173982023affd4b
df213d608c0e12796bada40910d3e021b4a73f1feed254a7096a6891a4af25ff
GET /IeHZiREYbGQwieQwfBnl/T0BTdXReHBErKAhLE3ADChITHQ8sNwACFhdQFj4iRUZEKCcWEV9iIxYVX3VgGRIAeXJeAhIrLUUBCiA2GRgXNjUAUBclexUZGC0qFBdHdgBNWFJhdEheFS0oHBkVN2NKRgwwY0pGU3RoSFNRBmNKRhUtKE5CR3cEXURSPHBMU1-EGY0pGEDJjSzdTdHNWRkthdEgRByctF1NQAnRIR1J0d0hHR3Z2Hh8QISAXDkd2AElGV2p2XgNfdQ HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatwasallo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 500
date: Fri, 03 Feb 2023 12:26:31 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Fft3bDg7lYs2WljFnJTzV1T2VrkFROAFlao0DqR__NQoswQ9kozKNA==
X-Firefox-Spdy: h2
d1j2jv7bvcsxqg.cloudfront.net/0eWhpNU8aBwdTcA0BDQh2Tl5dBXdfAhpaIQlVPWAEHCUAXQ4TEE9BNR1VWRMjGAYOCGkcBgoIfl8JDVdyTU4dRSASVR5dKwkJB0A9ChBPQC5EBQZPJhUECBB9P11HBWpLWEFCJhcMBkI8XFpZWztcWlkEf1dYTAYNXFpZQiYXXl0QfDtNWwU3T1xMBg1cWl-lHOVxbKAR/TEZZHGpLWA5QLBIHTAcJS1hYBX9IWFgQfUkOAEcqHwcREH0/WVkAYUlOHAh+
54.230.245.28200 OK 16 kB URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/0eWhpNU8aBwdTcA0BDQh2Tl5dBXdfAhpaIQlVPWAEHCUAXQ4TEE9BNR1VWRMjGAYOCGkcBgoIfl8JDVdyTU4dRSASVR5dKwkJB0A9ChBPQC5EBQZPJhUECBB9P11HBWpLWEFCJhcMBkI8XFpZWztcWlkEf1dYTAYNXFpZQiYXXl0QfDtNWwU3T1xMBg1cWl-lHOVxbKAR/TEZZHGpLWA5QLBIHTAcJS1hYBX9IWFgQfUkOAEcqHwcREH0/WVkAYUlOHAh+
IP 54.230.245.28:0
Hash 6ea2ca8a3a1f75577d8a2dadd96cf1d1
c5b7eb8127798571730bf80500d8eb9ce8ac8dde
a61912cf8b39972da8e0e6d754203b286b393e3dcea346da893472ab45c77aea
GET /0eWhpNU8aBwdTcA0BDQh2Tl5dBXdfAhpaIQlVPWAEHCUAXQ4TEE9BNR1VWRMjGAYOCGkcBgoIfl8JDVdyTU4dRSASVR5dKwkJB0A9ChBPQC5EBQZPJhUECBB9P11HBWpLWEFCJhcMBkI8XFpZWztcWlkEf1dYTAYNXFpZQiYXXl0QfDtNWwU3T1xMBg1cWl-lHOVxbKAR/TEZZHGpLWA5QLBIHTAcJS1hYBX9IWFgQfUkOAEcqHwcREH0/WVkAYUlOHAh+ HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatwasallo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 562
date: Fri, 03 Feb 2023 12:26:31 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fWBGlLgn-LPF2isscuhdo6jbRGeGCZxGzy1nGQSu9icI6ZzcRJ0IQw==
X-Firefox-Spdy: h2
d1j2jv7bvcsxqg.cloudfront.net/PWThqSnA6VwQsTy1RDndJbg5be0N/UhklHikFKBsYKQEuITs9UzlsBCNcV3pWNVkELU1/XQQpTWgeCy4SZAxMPxFkVQUwGTVUC29CHw1EelVrCEI9GTdcBT0DfApaJAR8Clp7QHcIT3kyfApaPRk3Dl5vQxsdWHoIbwxPeTJ8Clo4BnwLK3tAbBZaY1VrCA-0vEzJXT3g2awhbekBoCFtvQmleAzgVP1cSb0IfCVp/XmkeH3dB
54.230.245.28200 OK 189 B URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/PWThqSnA6VwQsTy1RDndJbg5be0N/UhklHikFKBsYKQEuITs9UzlsBCNcV3pWNVkELU1/XQQpTWgeCy4SZAxMPxFkVQUwGTVUC29CHw1EelVrCEI9GTdcBT0DfApaJAR8Clp7QHcIT3kyfApaPRk3Dl5vQxsdWHoIbwxPeTJ8Clo4BnwLK3tAbBZaY1VrCA-0vEzJXT3g2awhbekBoCFtvQmleAzgVP1cSb0IfCVp/XmkeH3dB
IP 54.230.245.28:0
File type ASCII text, with no line terminators
Hash 405f2a1b86f7928bfe0369ac9f7d17f1
6a624de8587009ed587dea136a584c5c6fa4a56f
02b4bf76b52a3a4692d802aad5dd7811c59b08b5cabd94b72f87e74d23be49a9
GET /PWThqSnA6VwQsTy1RDndJbg5be0N/UhklHikFKBsYKQEuITs9UzlsBCNcV3pWNVkELU1/XQQpTWgeCy4SZAxMPxFkVQUwGTVUC29CHw1EelVrCEI9GTdcBT0DfApaJAR8Clp7QHcIT3kyfApaPRk3Dl5vQxsdWHoIbwxPeTJ8Clo4BnwLK3tAbBZaY1VrCA-0vEzJXT3g2awhbekBoCFtvQmleAzgVP1cSb0IfCVp/XmkeH3dB HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatwasallo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Fri, 03 Feb 2023 12:26:31 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MiLAidxDVzv_b1eKSV4OnJbbTAHtYLVja673rIFfusmD3Olj_6lcsQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bb0e1ff82ab6199f715e00974b7f6957
74edba6943c202d060b471c30a3c626542bfac84
d982aa0ae1b32ffba27f789ad265b594dfef0bc4c55a0d0489d38b0827e6a7e2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D982AA0AE1B32FFBA27F789AD265B594DFEF0BC4C55A0D0489D38B0827E6A7E2"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7856
Expires: Fri, 03 Feb 2023 14:37:27 GMT
Date: Fri, 03 Feb 2023 12:26:31 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=3c7a4f38e1774b8fa6a9a94f172023e7
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=3c7a4f38e1774b8fa6a9a94f172023e7
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash bbcc46ffe89db19390f73fcdc690aca4
c5cb1e38c5e98348ff7c73a3163c706787f946a5
9b2ab7baa32b98a5508fd69e52b4196a59f0e9930ac6fe47e87b8cc535886a2c
GET /gid.js?userId=3c7a4f38e1774b8fa6a9a94f172023e7 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 12:26:31 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3c7a4f38e1774b8fa6a9a94f172023e7; expires=Sat, 03 Feb 2024 12:26:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ede42358dbe8cf2e6b7e6a2653774d01
5dc8ca0b929f04fb15c7ff81d0a9decda023b7fb
8e841815d41c4ade06e328cb1ffb9be342640167ec6acb658f6b4b373e23a52a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6210
Cache-Control: max-age=104751
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Etag: "63dbdb64-1d7"
Expires: Sat, 04 Feb 2023 17:32:22 GMT
Last-Modified: Thu, 02 Feb 2023 15:48:52 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8d777e9406316814b36e3c580cccd4c8
7653df86c61ff7c801e35da9eeca3ecc70c7d7e8
2c4bb952aa3359712306a7c20b845627ee26689aacdb2560a61fc175e7c0c731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8d777e9406316814b36e3c580cccd4c8
7653df86c61ff7c801e35da9eeca3ecc70c7d7e8
2c4bb952aa3359712306a7c20b845627ee26689aacdb2560a61fc175e7c0c731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ssl.google-analytics.com/ga.js
142.250.74.136200 OK 17 kB URL HTTP/2 ssl.google-analytics.com/ga.js
IP 142.250.74.136:0
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Fri, 03 Feb 2023 11:43:07 GMT
expires: Fri, 03 Feb 2023 13:43:07 GMT
cache-control: public, max-age=7200
age: 2604
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hatwasallo.com/utx?cb=wUvpUG4ngOcm&top=www.upload-4ever.com&tid=976112
54.230.111.17204 No Content 0 B URL HTTP/2 hatwasallo.com/utx?cb=wUvpUG4ngOcm&top=www.upload-4ever.com&tid=976112
IP 54.230.111.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=wUvpUG4ngOcm&top=www.upload-4ever.com&tid=976112 HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 12:26:31 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload-4ever.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 03 Feb 2023 12:27:31 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jjjLU-kEI3J9Dmx6HL7SsKWdkOK_YBbBrZ9YWJRSMjCP9eE-mG0ZIg==
X-Firefox-Spdy: h2
hatwasallo.com/utx?cb=stgdQ6boUXVr&top=www.upload-4ever.com&tid=976408
54.230.111.17204 No Content 0 B URL HTTP/2 hatwasallo.com/utx?cb=stgdQ6boUXVr&top=www.upload-4ever.com&tid=976408
IP 54.230.111.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=stgdQ6boUXVr&top=www.upload-4ever.com&tid=976408 HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 12:26:31 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload-4ever.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 03 Feb 2023 12:27:31 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RJS87wCAPBoGRWHSq_2gJkp7lZaEg1Ov5J8qMVA5mCbDQJp5h9aGYw==
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.162200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (4879)
Hash ad9a7cdb4cb99d755a875205dcc1ecc8
0bdb93a08a5760ce729a5fae2bcc736fee446f42
8a52ca3d48cdfee3c5d5c824abf50958f9517f5356f1b48bbda3faf13274a419
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Feb 2023 12:26:31 GMT
expires: Fri, 03 Feb 2023 12:26:31 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 1621974364369737467
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49775
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.45302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash c808664836d4221da6a8e71014275232
bbc6de2b88634bbb1f9f82c753a78aaba50aa566
b1bc871986cd5fbc5b8d11a7f7e879478a734b21303ffffd1966b29105a12e51
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 12:26:31 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S185367367%3A1675427191531290&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf0_2S1tb6kz1HNA3BI5zlXkbfGUFp_xhH0EagN9J5ot9j8S40BSKmg4aV12oyy4t1z_j16CA
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-PbrlwhldgfQiM88WUK1Qng' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:F9dei9W1EzdrKUdJwb5zeLgYVeCN6A:zpC3Z_VtSrlsPRiV;Path=/;Expires=Sun, 02-Feb-2025 12:26:31 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fccfe85480943e75c92061cda7f8de93
4c547379f5d25e4715516d6935a85d1d04f97045
0469ee3520b2afe0beb69802c351928286e2817890e5feda9638db277d8b9717
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0469EE3520B2AFE0BEB69802C351928286E2817890E5FEDA9638DB277D8B9717"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4224
Expires: Fri, 03 Feb 2023 13:36:55 GMT
Date: Fri, 03 Feb 2023 12:26:31 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fccfe85480943e75c92061cda7f8de93
4c547379f5d25e4715516d6935a85d1d04f97045
0469ee3520b2afe0beb69802c351928286e2817890e5feda9638db277d8b9717
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0469EE3520B2AFE0BEB69802C351928286E2817890E5FEDA9638DB277D8B9717"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4224
Expires: Fri, 03 Feb 2023 13:36:55 GMT
Date: Fri, 03 Feb 2023 12:26:31 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fccfe85480943e75c92061cda7f8de93
4c547379f5d25e4715516d6935a85d1d04f97045
0469ee3520b2afe0beb69802c351928286e2817890e5feda9638db277d8b9717
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0469EE3520B2AFE0BEB69802C351928286E2817890E5FEDA9638DB277D8B9717"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4224
Expires: Fri, 03 Feb 2023 13:36:55 GMT
Date: Fri, 03 Feb 2023 12:26:31 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=159614284&utmhn=www.upload-4ever.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20njRAT%20LBS%20rar&utmhid=1716320270&utmr=-&utmp=%2Fz8xqyu0l0iub%2FnjRAT%252520v0.7d%252520By%252520LBS.rar&utmht=1675427222369&utmac=UA-70364639-8&utmcc=__utma%3D196983016.602909958.1675427222.1675427222.1675427222.1%3B%2B__utmz%3D196983016.1675427222.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1753664503&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
142.250.74.136302 Found 404 B URL HTTP/2 ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=159614284&utmhn=www.upload-4ever.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20njRAT%20LBS%20rar&utmhid=1716320270&utmr=-&utmp=%2Fz8xqyu0l0iub%2FnjRAT%252520v0.7d%252520By%252520LBS.rar&utmht=1675427222369&utmac=UA-70364639-8&utmcc=__utma%3D196983016.602909958.1675427222.1675427222.1675427222.1%3B%2B__utmz%3D196983016.1675427222.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1753664503&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
IP 142.250.74.136:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d19fed9fcc0b771b085f4dae9581b0c6
b8e4f48dd9ec9ae8104403b7a33bb57ad41335a6
77a01548ec43a3ac7646aa1735a6f457a32bc0c279c3a197a88cfc22dea9fe8a
GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=159614284&utmhn=www.upload-4ever.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20njRAT%20LBS%20rar&utmhid=1716320270&utmr=-&utmp=%2Fz8xqyu0l0iub%2FnjRAT%252520v0.7d%252520By%252520LBS.rar&utmht=1675427222369&utmac=UA-70364639-8&utmcc=__utma%3D196983016.602909958.1675427222.1675427222.1675427222.1%3B%2B__utmz%3D196983016.1675427222.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1753664503&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=602909958.1675427222&jid=1753664503&_v=5.7.2&z=159614284
access-control-allow-origin: *
date: Fri, 03 Feb 2023 12:26:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 369
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.45302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 0cb544b51ce943869c165e1ee414d6d5
5a160178a6dbb1d1e46b31ca6a8a2a8941f624d1
917e2ccdcc4e01a8535ee51b49f4c347b3854f842c68c0bd4e890f0d0ea3a754
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 12:26:31 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S319516889%3A1675427191585134&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHepxXZtjcuOja7dwPn_Bq5w_XpG2v4X7sD-hg5BBsg5HC3zAd6JNGeJDe4FGlvkIihQfSBcDA
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-QepxXuGan-AonDN3cBLjzA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:EaJQNG8KPmH_h5vfmMDptQwRNuOA9g:s-0Neykmm5AItDKL;Path=/;Expires=Sun, 02-Feb-2025 12:26:31 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fccfe85480943e75c92061cda7f8de93
4c547379f5d25e4715516d6935a85d1d04f97045
0469ee3520b2afe0beb69802c351928286e2817890e5feda9638db277d8b9717
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0469EE3520B2AFE0BEB69802C351928286E2817890E5FEDA9638DB277D8B9717"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4224
Expires: Fri, 03 Feb 2023 13:36:55 GMT
Date: Fri, 03 Feb 2023 12:26:31 GMT
Connection: keep-alive
d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
54.230.245.28200 OK 116 kB URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
IP 54.230.245.28:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 116 kB (116203 bytes)
Hash f07e3fd09c183deacf6ec258392d52c9
486f951c0a382430c47652605bdbb0267c080d9d
890db5932a818cc6066eaedb52b17ecf832a1e596d786bb5d76b8b00465e81c4
GET /?bvjjd=976112 HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 116203
date: Fri, 03 Feb 2023 12:26:31 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload-4ever.com
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: t7JZXkOr4EVyEgLIXjdstkjxcVrlOYp-cLfjWNUKNJerOsE3vrwt4A==
X-Firefox-Spdy: h2
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=602909958.1675427222&jid=1753664503&_v=5.7.2&z=159614284
173.194.222.156302 Found 367 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=602909958.1675427222&jid=1753664503&_v=5.7.2&z=159614284
IP 173.194.222.156:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d04ada84fceea28bcc561fbba264627e
cc53b93246cd1badd49bc0b8f3a81589212065c6
5e757a405af3aacde148209413b01835f533ed7d96f33f86a266d5e68a09387a
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=602909958.1675427222&jid=1753664503&_v=5.7.2&z=159614284 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=602909958.1675427222&jid=1753664503&_v=5.7.2&z=159614284
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 03 Feb 2023 12:26:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/v3/signin/identifier?dsh=S185367367%3A1675427191531290&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf0_2S1tb6kz1HNA3BI5zlXkbfGUFp_xhH0EagN9J5ot9j8S40BSKmg4aV12oyy4t1z_j16CA
142.250.74.45403 Forbidden 806 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S185367367%3A1675427191531290&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf0_2S1tb6kz1HNA3BI5zlXkbfGUFp_xhH0EagN9J5ot9j8S40BSKmg4aV12oyy4t1z_j16CA
IP 142.250.74.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash 4a4ba613ad93f2639d48d84cb225a279
885f5f4343e233570f7e5c052976f074cfbcc1fd
7fb3d9544b5e1c9bb0110daa6c454a5d6efc58eaef8a25e61d1a908c83e01e39
GET /v3/signin/identifier?dsh=S185367367%3A1675427191531290&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf0_2S1tb6kz1HNA3BI5zlXkbfGUFp_xhH0EagN9J5ot9j8S40BSKmg4aV12oyy4t1z_j16CA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 12:26:31 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-ri4ScTxuclvNQRoi76TFnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=602909958.1675427222&jid=1753664503&_v=5.7.2&z=159614284&slf_rd=1&random=3231148476
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=602909958.1675427222&jid=1753664503&_v=5.7.2&z=159614284&slf_rd=1&random=3231148476
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=602909958.1675427222&jid=1753664503&_v=5.7.2&z=159614284&slf_rd=1&random=3231148476 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 12:26:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 12:26:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19615
Expires: Fri, 03 Feb 2023 17:53:27 GMT
Date: Fri, 03 Feb 2023 12:26:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19615
Expires: Fri, 03 Feb 2023 17:53:27 GMT
Date: Fri, 03 Feb 2023 12:26:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19615
Expires: Fri, 03 Feb 2023 17:53:27 GMT
Date: Fri, 03 Feb 2023 12:26:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:49 GMT
age: 52123
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e690e4c-e16d-49e9-ac12-24a092d6a60c.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e690e4c-e16d-49e9-ac12-24a092d6a60c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a1d6fa4715c4e78250b2f72ddd2706f1
be04ac3a50aa6f1b349a2410ad386d92de3222be
d1c3c1b7016428bf2a085b71ca0d1e215a64b3d31ff15b0ef8bf5a78f11d9ae5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e690e4c-e16d-49e9-ac12-24a092d6a60c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8543
x-amzn-requestid: 3dc0960e-97db-42c8-99ac-623a44e8bb3e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuv0wGJhIAMFaTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ceb-5ad3ef033a62559762db42b9;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EKWOeGruQEm9HuSlJMiEEw_gN1p37qTTIhYqaiQ6bFaCF65kUfmMtA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:20 GMT
age: 52152
etag: "be04ac3a50aa6f1b349a2410ad386d92de3222be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 52711
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a92e881554205ebbe3721a7bbaeab40
b620fc82bd15b55b581bd8c3a699e1b16563ad2e
ff753b8411bfa0df54938a5f829ce25acbad863a2a3540b3bacca02baf9a2c7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6398
x-amzn-requestid: 843fefd3-8cf4-44ee-bb7c-a010d4149442
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuv1XFXQoAMFe5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2cee-76739fd87b4c0d203eca4114;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2cGZEXolULcBUgvrZ55IWnR825LgkHDFmJFJ5i9lcl4KYbDte3-N1g==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:43 GMT
age: 52129
etag: "b620fc82bd15b55b581bd8c3a699e1b16563ad2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
188.114.97.1200 OK 113 kB IP 188.114.97.1:0
Size 113 kB (113196 bytes)
Hash aa49b5785ecfec60544db8f8937cc4f0
2b130ca1910dccec160700f7801109cd212e96aa
46ddaf1f28e61399ca9306752971d12b0c84fd8138a26e2b3f4e0dda2b5b7f08
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 Feb 2023 12:26:31 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1585
last-modified: Fri, 03 Feb 2023 12:00:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fl3XIne%2FeRzsbEftyXAYHm0SQoUZxx9SfKWvIY9tl7Fl9XfzCL69494WXyX6q953P%2BRY%2BuXK25uJtiFIhlKqN7SUScem1ws8unLXrPMb9if9w9SapQDgbgtN6D3pNg89"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793b27cb6e98b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:59:54 GMT
age: 51998
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
188.114.97.1200 OK 103 kB IP 188.114.97.1:0
Size 103 kB (102871 bytes)
Hash 932de6a42c1ff15971a06558cf0f997b
a6d5011c35226186452913b9d0c888f89aa3fb15
697d02e9cc69b7b3cbf23a24fd09ee4d710a456d0f2986d036fb7522eea342db
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 Feb 2023 12:26:31 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1585
last-modified: Fri, 03 Feb 2023 12:00:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Lb63IkjWkjrlyhqybDbxt7KW2%2B%2B74doGX4d11TDWCYPmUL5S5d%2BLpIhJ2VKt273p%2FunjuQruHlPodzj8tDrZ1cZqg6QumiS%2FHcbojbbrJZv3f1ouiI1fZ20qpiLmry1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793b27cb5e89b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.upload-4ever.com/z8xqyu0l0iub/njRAT%20v0.7d%20By%20LBS.rar
104.21.12.131200 OK 0 B URL HTTP/2 www.upload-4ever.com/z8xqyu0l0iub/njRAT%20v0.7d%20By%20LBS.rar
IP 104.21.12.131:0
GET /z8xqyu0l0iub/njRAT%20v0.7d%20By%20LBS.rar HTTP/1.1
Host: www.upload-4ever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 03 Feb 2023 12:26:30 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=0;includeSubDomains;
expires: Thu, 02 Feb 2023 12:26:29 GMT
cf-cache-status: BYPASS
set-cookie: aff=666390; domain=.upload-4ever.com; path=/; expires=Fri, 17-Feb-2023 12:26:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hhRCVusRuCNujUHUKprZGeVCB7Tgmpq2XyooPx3OOiWSbD76qV1TryrEXe9SmTyC6arq28Kx2WEcKlD7%2BAOfvFxLs9eMa3%2FoV0U6jGWp%2B24mDhMi3YcPvK6fWl9%2Fk3fDVX284Ns6cw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793b27c0bc641c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cagothie.net/5/2726715/?oo=1&aab=1
139.45.197.238200 OK 0 B URL HTTP/2 cagothie.net/5/2726715/?oo=1&aab=1
IP 139.45.197.238:0
GET /5/2726715/?oo=1&aab=1 HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 12:26:30 GMT
content-type: application/json
x-trace-id: ed57958bb3500a1c41d342166e094d76
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=3c7a4f38e1774b8fa6a9a94f172023e7; expires=Sat, 03 Feb 2024 12:26:30 GMT; path=/; secure; SameSite=None
oaidts=1675427190; expires=Sat, 03 Feb 2024 12:26:30 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: NWid0BmCCUfZAnVyiTT9ioRTY5zaW3gtVZCPciu8IKcmu9P7TZtfTNzSzAtEbArFKvGJWIK2J2Uv92Sn+yjfnw==
date: Fri, 03 Feb 2023 12:26:32 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
188.114.97.1200 OK 0 B IP 188.114.97.1:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 12:26:31 GMT
content-type: text/plain
set-cookie: csu=1043891443596418@1@1675427191; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwNfW38vc8G%2B0FSeQfSWMrHKFFpMcnhPGxZ%2BkcDGu0bjXxlDokmtlq2XvLNeRHgXgGMf1Yu40xWRcDfSYna658t1D%2BrL58EJGg%2FM%2FcHVPQL%2BMEdtZr9ZuBKffJaLpo9c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793b27cb5e8cb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2