Overview

URL userscloud.com/jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip
IP172.67.207.105
ASNCLOUDFLARENET
Location United States
Report completed2022-09-29 08:06:52 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-29 2 fleraprt.com Sinkholed
2022-09-29 2 tovanillitechan.com Sinkholed
2022-09-29 2 tovanillitechan.com Sinkholed
2022-09-29 2 goomaphy.com Sinkholed
2022-09-29 2 goomaphy.com Sinkholed
2022-09-29 2 goomaphy.com Sinkholed
2022-09-29 2 goomaphy.com Sinkholed
2022-09-29 2 tovanillitechan.com Sinkholed


Files

No files detected



Passive DNS (28)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-29 05:03:41 UTC 143.204.55.25
mnemonic passive DNS ocsp.pki.goog (10) 175 2017-06-14 07:23:31 UTC 2022-09-29 04:56:10 UTC 142.250.74.3
mnemonic passive DNS static.cloudflareinsights.com (1) 1294 2019-09-24 14:34:56 UTC 2022-09-29 07:19:37 UTC 172.64.156.26
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS waisheph.com (3) 74994 2020-12-10 00:25:39 UTC 2022-09-29 07:48:21 UTC 139.45.197.245
mnemonic passive DNS userscloud.com (2) 236337 2014-10-17 13:44:15 UTC 2022-09-28 15:41:14 UTC 104.21.69.102
mnemonic passive DNS ocsp.digicert.com (6) 86 2012-05-21 07:02:23 UTC 2022-09-29 04:12:37 UTC 93.184.220.29
mnemonic passive DNS www.google-analytics.com (2) 40 2012-10-03 01:04:21 UTC 2022-09-29 03:20:00 UTC 142.250.74.174
mnemonic passive DNS img-getpocket.cdn.mozilla.net (4) 1631 2017-09-01 03:40:57 UTC 2022-09-29 04:10:37 UTC 34.120.237.76
mnemonic passive DNS tzegilo.com (1) 0 2022-01-14 15:27:15 UTC 2022-09-29 06:33:27 UTC 172.67.194.45 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.76.226
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-29 05:05:36 UTC 143.204.55.35
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-28 04:42:17 UTC 142.250.74.72
mnemonic passive DNS fleraprt.com (1) 0 2022-01-14 22:55:14 UTC 2022-09-29 06:33:31 UTC 139.45.195.254 Unknown ranking
mnemonic passive DNS accounts.google.com (2) 81 2016-09-05 09:39:47 UTC 2022-09-29 05:10:40 UTC 216.58.207.237
mnemonic passive DNS userscloud.com (2) 236337 2014-10-17 13:44:15 UTC 2022-09-28 15:41:14 UTC 172.67.207.105
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 54.70.239.215
mnemonic passive DNS d1jwpd11ofhd5g.cloudfront.net (2) 0 No data No data 143.204.42.138 Unknown ranking
mnemonic passive DNS ocsp.sectigo.com (1) 487 2018-12-17 11:31:55 UTC 2022-09-29 00:48:38 UTC 172.64.155.188
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-09-29 04:57:11 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS andamafraidt.xyz (6) 0 2022-09-18 19:36:41 UTC 2022-09-29 06:19:40 UTC 54.230.111.24 Unknown ranking
mnemonic passive DNS esathyaspsu.xyz (3) 0 2022-09-18 06:46:54 UTC 2022-09-29 06:30:22 UTC 104.21.80.127 Unknown ranking
mnemonic passive DNS pogothere.xyz (5) 0 2022-09-04 19:11:25 UTC 2022-09-29 06:30:22 UTC 172.64.199.35 Unknown ranking
mnemonic passive DNS offerimage.com (1) 304078 2019-06-10 11:11:53 UTC 2022-09-29 08:03:55 UTC 104.22.32.172
mnemonic passive DNS e1.o.lencr.org (3) 6159 2021-08-20 07:36:30 UTC 2022-09-29 05:54:54 UTC 23.36.77.32
mnemonic passive DNS tovanillitechan.com (3) 0 2022-07-22 05:21:08 UTC 2022-09-29 06:33:01 UTC 139.45.197.239 Unknown ranking
mnemonic passive DNS goomaphy.com (4) 0 2022-07-22 19:39:03 UTC 2022-09-29 06:33:19 UTC 139.45.197.239 Unknown ranking
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-29 07:39:56 UTC 216.58.211.10


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.207.105

Date UQ / IDS / BL URL IP
2022-11-27 17:54:51 +0000
0 - 0 - 9 userscloud.com/zfkthcwjx62j 172.67.207.105
2022-11-06 08:44:54 +0000
0 - 0 - 5 userscloud.com/td2utvu1qob8 172.67.207.105
2022-11-01 15:22:25 +0000
0 - 0 - 5 userscloud.com/wub0lgo6i1rg 172.67.207.105
2022-10-26 03:41:04 +0000
0 - 0 - 9 userscloud.com/sb1wjppvtvbw 172.67.207.105
2022-10-15 13:33:51 +0000
0 - 0 - 5 userscloud.com/xqnmez9zxish 172.67.207.105

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-07 17:31:19 +0000
0 - 0 - 2 www.mrh-project.eu/files/login.php?user=true 188.114.97.1
2022-12-07 17:31:16 +0000
0 - 0 - 1 mrh-project.eu/files/login.php?user=true 188.114.97.1
2022-12-07 17:29:14 +0000
1 - 0 - 0 practicalweb.com.br/wellhfkmm/login.php?cmd=l (...) 104.21.56.106
2022-12-07 17:29:13 +0000
10 - 0 - 0 practicalweb.com.br/wellhfkmm/login.php?cmd=l (...) 104.21.56.106
2022-12-07 17:29:15 +0000
6 - 0 - 0 practicalweb.com.br/wellsfghkmm/login.php?cmd (...) 104.21.56.106

Last 5 reports on domain: userscloud.com

Date UQ / IDS / BL URL IP
2022-11-27 17:54:51 +0000
0 - 0 - 9 userscloud.com/zfkthcwjx62j 172.67.207.105
2022-11-06 08:44:54 +0000
0 - 0 - 5 userscloud.com/td2utvu1qob8 172.67.207.105
2022-11-01 15:22:25 +0000
0 - 0 - 5 userscloud.com/wub0lgo6i1rg 172.67.207.105
2022-10-26 03:41:04 +0000
0 - 0 - 9 userscloud.com/sb1wjppvtvbw 172.67.207.105
2022-10-15 15:12:21 +0000
0 - 0 - 6 userscloud.com/fphnpkdfxjz7 104.21.69.102

Last 2 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-29 08:07:09 +0000
0 - 0 - 8 userscloud.com/zv5qzs1a4ca9/Howard%20the%20Du (...) 172.67.207.105
2022-09-29 08:06:58 +0000
0 - 0 - 8 userscloud.com/umfxcsvy9aw2/Howard%20the%20Du (...) 172.67.207.105


JavaScript

Executed Scripts (25)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (74)


Request Response
                                        
                                            GET /jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip HTTP/1.1 
Host: userscloud.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.69.102
HTTP/1.1 301 Moved Permanently
                                        
Date: Thu, 29 Sep 2022 08:06:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 29 Sep 2022 09:06:41 GMT
Location: https://userscloud.com/jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6viyTNsQGxFEUsD%2Bt4xHT3jVfenUBtmCpB2lhVvO7W9LnWw%2FwyxPbrQtZcfKApSl%2BCwjJvDBmxvJl2NtF4idjkeMa1KAQDMF2uBCCb%2B5x9VGYbQcjssbUhl42PKg9qdn4g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7523388c8fd1b52d-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15967
Expires: Thu, 29 Sep 2022 12:32:48 GMT
Date: Thu, 29 Sep 2022 08:06:41 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 07:15:52 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: e_Z0qY6Ily53Wr2WABlwGQD8WurwSgdt0ZVTc4i5HS7axxR3SgFn1Q==
Age: 3049


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 97KMK8j00lFyjbZvraHMayha91uXyY03wmgnA7XU67V4JfeIEnB76w==
age: 9494
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2571
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 08:06:41 GMT
Last-Modified: Thu, 29 Sep 2022 07:23:50 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:41 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 07:29:33 GMT
Expires: Thu, 29 Sep 2022 07:40:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GaDpktqIuP8U8eQRCX_utc1IXTxSQtz8qcWSw8ODa82nAMxsFFD_Hg==
Age: 2228


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2572
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 08:06:42 GMT
Last-Modified: Thu, 29 Sep 2022 07:23:50 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1708
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 08:06:42 GMT
Last-Modified: Thu, 29 Sep 2022 07:38:14 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280


--- Additional Info ---
Magic:  data
Size:   20374
Md5:    b7e841fc271ae2685572d2226a2fd2cb
Sha1:   e187bf6cb5275c41dfcdf53891d9e51554082c05
Sha256: fb9133d54ad4ae64168ed4d3ce47b3e679917e8e687304b8ff8f86b9d722a11c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3348
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 08:06:42 GMT
Last-Modified: Thu, 29 Sep 2022 07:10:54 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   34206
Md5:    2707e11f3800a0a78ad63adccaf81761
Sha1:   9b1dd568ad081e61cdec58a9f611b36440a73da1
Sha256: f95a661c59099123052f07a424e1747fc9bfaa4e9d4ed403f8c31764e266ac63
                                        
                                            GET /gtag/js?id=UA-70768172-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Sep 2022 08:06:42 GMT
expires: Thu, 29 Sep 2022 08:06:42 GMT
cache-control: private, max-age=900
last-modified: Thu, 29 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42394
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2039)
Size:   42394
Md5:    c0a0166a30a5c3637d52f4f7da049e4b
Sha1:   0cd768451b6540b9b55da085474ef55752a32072
Sha256: 06b1cf8764e33090d269e3bf4eef44fb7a090f67d2c765bab807336eee30ce03
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3E9AF4878804BF34E63D54DE0CD2B6EB9E690880F619A69EE2705EC61B7EB5EC"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14357
Expires: Thu, 29 Sep 2022 12:05:59 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10021
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10021
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive

                                        
                                            GET /utx?cb=yf66L70oLdPU&top=userscloud.com&tid=600304 HTTP/1.1 
Host: andamafraidt.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.24
HTTP/2 204 No Content
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _LmkHbCVs124MYJwrvs1f5lQWwjyzcGy_ho_jFs_YSUv3p73Ib1oeA==
X-Firefox-Spdy: h2

                                        
                                            GET /utx?cb=8K6uc9MoYdGS&top=userscloud.com&tid=708052 HTTP/1.1 
Host: andamafraidt.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.24
HTTP/2 204 No Content
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wvESPZ2H5gfbw4_E-EXuIoHMBjVGK4fWiKdXL8S391Xs6suoJ0UP_g==
X-Firefox-Spdy: h2

                                        
                                            GET /ZzcxUXEGVVI8TgYKU3cEFVsMdEMhEgMXFVZdRiEVVgZeNxkDAlZ/EgtYRDUXFVhfJV8JUkV0QyF+UxcnPWQBCCEoXVIlFDVQCQEpPUBpFicWUgIbOjdOXjo6JU9eHhhSEgMTMCZxWRgGMlVzKzwUU3BkCytjdDgkMGEUYzctTlISPAplRRgGLgVrGQEAc2UURgNZexo4NFxaHSciA3gSJBF2cgAEN05GHhIeQEA0BiIBeCg4FnZ1A0kCZnMLFFVbRDU3Hw54CQFUZGYIEwVZYzI+M3ZdHAk1QFBiAkIFcwc2KnBXCTstbVklBANxRj89VQIAHSYfQWsJKyFUdnwFUH5gOkMqXmM7KQ95QzRCA1RrBhlQUwE9HwZkASc5DXYUYzctcwQbKx8OSDI0LVtXK0RQb2B3GxRYXyFMBFIJPSVfX3ImIw1QAzM HTTP/1.1 
Host: andamafraidt.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.24
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1181
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: E8xu4psnu0ClgAmd6bZxYIVevyVqYEXNF880xDbhoPZCyHJ8Ml2DiQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Size:   1181
Md5:    73232016a9915deb50465c4152b984da
Sha1:   3a896252c923cbfea97159b69746091c1d64825b
Sha256: ba75f6a52db89bbb9c8b20cfa52677ef6863ddba84555cc4d3259673c1d97b91
                                        
                                            GET /jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip HTTP/1.1 
Host: userscloud.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         172.67.207.105
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Thu, 29 Sep 2022 08:06:41 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Wed, 28 Sep 2022 08:06:41 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: BYPASS
set-cookie: lang=english; domain=.userscloud.com; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jl%2Fzu8XQGU3KbVC4mOG48rnwaSGItZwdp%2F1ycA2y9Q8r4V3iV7SS4ieq1IjMbnHoLeMsY4DrKm2M3iwSHDL538k9Jn0AaqZguYn455y3CKOe0CHexIkFqStdx11GTKVOqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7523388e5c3fb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (64106)
Size:   173220
Md5:    dc301c7ea00b9971789f2435bed935d6
Sha1:   c5040e3cf492dc31996db8af82f2afc88845251b
Sha256: a2fc55c86a382f745b5dec4f10126c3bee40af09f7557dc538917eb8200622ca
                                        
                                            GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1 
Host: static.cloudflareinsights.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.156.26
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233891da54b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   5649
Md5:    71a57443bcb1914f0147e6c8147db9a4
Sha1:   c7adab6a989ddd3a854e4f4bcda2122ce28cd875
Sha256: 75b72edc20320252f4d8d8dd75981cb16d0606acb0f4cddcfe8bf4cc78ab77d3
                                        
                                            GET /bXZjd2NCSQAEXjsbNR4GOCAOIVI3NAcgVjgjNkZRNCA5IDclP0UDCglLVUdTXkZXURMEEl5GRR4CAgMWHktSUQoDEAxKRRtLUllQWVhRTk1dUBZKUksCExYEUEdFBxcZGl5GVVtCV0RbWk9aQVZU HTTP/1.1 
Host: esathyaspsu.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.80.127
HTTP/2 204 No Content
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vpUb1IGUGUYPruNqWPIwHdG3xP03Af1cpdvEFBTA8DogkTyiWA2f%2FfVvevYUb7y58mK8daA8aJW%2BhJEUHvZl6W8vRyvQTcGdSUCXyr%2FD6fl1cfPoVZ3jyk9L7oSpl8OH2YU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338936fdbb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /asd100.bin HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                         
                                         172.64.199.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3372
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zMJ2u4QGl60s%2BNX%2FCOQN1M843WQkrpUFAM7%2FPgQOUhRb44JkFJwpq2%2F7j%2BameKd3CfpsOyW5mFFlgPwFh7ot0NO%2FFDlUAIib3UgGaI6dtphpiIo9L%2BgO8HokaKz7iA6F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233893a847769e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   102903
Md5:    049f1b10e3a0e77f5786aab3f0357e6f
Sha1:   48fae84fe1c8029175abdac67baf5e37cd4b2c79
Sha256: 5115ef84c320bb1bd4f0598aae6e1735372a0bab1931b5cff09408620a842cb6
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: adE3KOTxsXz1TMaL/OVLvQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.70.239.215
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sikrs6DLMYoLVN8sEQxNNIiyFkk=

                                        
                                            GET /RThSMHckWjFdSCQFMBYCN1RvFUUDHWB2E3RSJUATdAk9Vh8hDTUeFClXJ1QRN1c8RFkrXSYVRQN/CwIlNFkWWzYGTwN/NS1bHHQbEHoHXD0RYCVAMQFQOXghPXYIfzEpfBtmLn1wPkdBEHwfWCI/Wz1kNT18EAEbJGw+ZTQGX2NmPzJhGXMhEHEAYSIKezViLxRQZmkhIlAIcg8DYBFXECdwYgA9B1MlVCADDBhyJQ9pFkcQCWwDQxsQbQBpPwN+B2EfBHEHWzEfczpIJRN5C3IhPWExZEYqchUBDyZ2JQkvFG45QT8Dfgd3NXFbB3MhEWA6VCMRbX8JFgZpA3I0FHYFYhscSwVXGxZuFEAtBm4YciADUDRzHxxoFlwuJ2kEVwIEfgR7IC4NH2gbEB44QxgrSG9iRj96YGYBIGFmaT4vbB4 HTTP/1.1 
Host: andamafraidt.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.24
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1178
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pfFOZW0iO79NTFneahsClbRhws5o4s2OHfCi12VuFzYm5b9o5yvzVA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3025), with no line terminators
Size:   1178
Md5:    ead2ff0ffb7f74d4916dc6cb7a97e474
Sha1:   9da6e7ec8e3ccf8c1ad557526b1a6ca69c634b2e
Sha256: d70c4deac8ea27d6d7a630b4cfcb90c0a7892aeaca950fa89c0d7db9f9771cb0
                                        
                                            GET /Y3FudGhMTg0HVQBBFiI+DSMtES8xHzohGFMoXDolMTk8GTE2BkgAAQdMWURQU0RcUhgKFVNGUUUCGhUcFgJTRU4KHwgbVUUHU0VGU19YREZTVxtJWUUFHhUPXkBIBBwXHVNFXlVFWkdQVEhXQ1hT HTTP/1.1 
Host: esathyaspsu.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.21.80.127
HTTP/2 204 No Content
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BcfVltU6jKrq%2BqrqiMl5WdLavtEJLHIAOgCExu%2BYE6NK5w7UO0%2Bkdj9749Bqs9UsCc0RiRmZmn%2FIfBpf2tnmt00CMzFcFjqoHVGm%2BfkMuE2mGrsgguBmhiu3HgObY8FBrbg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338937809b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   3886
Md5:    54c87b7a9007d256c837e382cab4170d
Sha1:   6c8f44204021f68596af9ae5a742c3ad1b76a6ec
Sha256: 3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10021
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive

                                        
                                            GET /cEF3Q0JffhQwfyo7HzYnOAcgBwQcDyYVAzkXR3oGJiYbFBE1BFE3KxR8T3J0SXZEZTIZJUpxe1YyAyI2BTJKcmQZLxEsf1Y3SnJsQG9Bc2xAZwJ+c1Y1ByIlTXBRMzYELUpydEZ1Q3B6R3hOdHNE HTTP/1.1 
Host: esathyaspsu.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.21.80.127
HTTP/2 204 No Content
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mq2aLO1dPl8fEcDKK7sYv%2Brdh8MX7auq%2FrzsheKYFX0ljPsvvNCrCvcuO%2Fv9UwpS9tqy61r3rWlSq3NuS9T7rRcJ7LVavnzDHCLkvi1KSiGUi%2FrmnCJ6U1EKbXd9a5RdYNk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338938819b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /NGNxejdVARIXCFVeE1xCRg9MXwVyRkM8UwUJBgpTBVIeHF9QVhZUVFgMBB5RRgwfDhlaBgVfBXIZJ0lbcjpAGQdyCgI8VncuIDNhAQQrSnEFNRwsT3EZKDd4Zwc0N3FXDhMSD1IpNR0Pewo8K3IHJj8qQFASK0sPRCIbEUBmJDw9eGAxNB5yYVE8AkMANUI/XXcwHjNWXgwwMUBbVDsdA0wgJSxPcCAjH3heBDU2dgxUPxZPBykmMAJnNDMobQdbMx5xfhorPkNTNiYZAHEgAi17Byk9HmVAFSgpbU41QjBce1EzKG1NNiEjcXU0ExEORjZCT05nUFwvcnkJICl8XzkdP2JAUiQXU1owOSxkVw4nMH5DDB03XwwSNkl9WDNCAmFRNBUcenJWHFxdRwwfCgpBVwBDUW4kHhF0UhA1 HTTP/1.1 
Host: andamafraidt.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.24
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1176
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: g-o9pFPXutAxZDqJBcFBZ7j9p8o794Zl93JS3ZExqSeo0SAb3bkVgg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Size:   1176
Md5:    e35f91d865d0ddc9d787a7536f305c07
Sha1:   8248e4fc34489aac0590b33b4a96ccc48653efa2
Sha256: 82051d192ef52b87a4d3490a1100df4b50881e40e3d40cc4209ee0c7acd36ad3
                                        
                                            GET /tag.min.js HTTP/1.1 
Host: waisheph.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.245
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
content-length: 22987
content-encoding: br
x-trace-id: c91930ea82e2d8d57322b737f476bfa6
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 28 Sep 2022 07:57:59 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   22987
Md5:    55bfb65a45375a59df27572861a64783
Sha1:   2838cf8e3623bfbccf2618dac1495f992dae2b6c
Sha256: 9c86b08b70bf998cacd69539dbd479bfe6cc5f973cd514cd8c3f29c21092b5c1
                                        
                                            GET /IbFVZS0YPOjcteRg8PXZwXGVqe3JKPyokKBxoOi5+AAFhIwUbBzMsdA5zLTEiUWV/JycCMmRtIwI2ZHpgDTE7dnJKISkkLVE4ICUvACQuPywOcywqewE6IyIqADR8eQBZe2ludFx9IXp3SWYbbnRcOTAlMxRwa3s+VGMGfXJJZhtudFwnL251LWxvZXZFcG-t7IQk2MiRjXhNre3dcZWh7d0lnaS0vHjA/JD5JZx9ycEJlfz57XQ HTTP/1.1 
Host: d1jwpd11ofhd5g.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.42.138
HTTP/2 200 OK
                                        
content-length: 768
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Px8ZVn_PX6riSHA-IdMBvJkdJiLivzLpylCGWvw7xeItDJcl-dCd6w==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1094), with no line terminators
Size:   788
Md5:    3777e82b976de179a64d918dc6aabd84
Sha1:   f61ff88077716450aa95a19ee6380d37451247e8
Sha256: 9d8f936506ecd000be5608f342391da0689ef2feab85392234eb24d3d23bde78
                                        
                                            GET /GY2RqaDkACwQOBhcNDlUBUlJTXwpFDhkHVxNZOFlDIVY8Hlw6UDMhUzcoTBxDB1laTlUCCg1VHwYKCVUIRQUOCgRXQh4YVghZBxFXCggbH00JBkwdWF4JBRJQDwgLTQslUURYHFFUQhAIUkFZKhxRVAYBVxYcT1oJG1xcNw9XQVkqHFFUGB4cUCVTXhdTTU-9aCQQBCQNWRlYsWglSVFpZCVJBWFhfChYPDlYbQVguAFVKWk5MXlU HTTP/1.1 
Host: d1jwpd11ofhd5g.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.42.138
HTTP/2 200 OK
                                        
content-length: 437
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: I5RxWyVwj4N7281BJFPEuCW6zMy009AhOuAKBQ7V5WkW0UgNbRcZ3Q==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (575), with no line terminators
Size:   437
Md5:    f4f17b4c429bac79ad5bac4fe388181f
Sha1:   8175270669294b64fbcc3c66c7c3a461690bc2b0
Sha256: fde3b17a7b23163ab9e3e3efe551a4bf45ba924246c78658fb75958feedff7e4
                                        
                                            GET /5/535061/?oo=1&aab=1 HTTP/1.1 
Host: waisheph.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.245
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
x-trace-id: e902c4bb97a3b3d9bc8304fc9301c14e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=3288da6e6e5e44a183f7a50d0fa23db5; expires=Fri, 29 Sep 2023 08:06:42 GMT; path=/; secure; SameSite=None oaidts=1664438802; expires=Fri, 29 Sep 2023 08:06:42 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (3318), with no line terminators
Size:   1766
Md5:    ec196a16f11438c308df770023631601
Sha1:   c0fdf9f175927e63e95cc39a50eb0d298e4b1529
Sha256: 404d6c02dc4060f46c86842015e5d66b480e7b7ff3fd37f2c42b153cb185563a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DDA1C7A6542A0B3C0C9DAFE943FB8FBD85E508E57150175B89222A45B650CD89"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4714
Expires: Thu, 29 Sep 2022 09:25:16 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:42 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 00:52:20 GMT
Expires: Mon, 03 Oct 2022 00:52:19 GMT
Etag: "a28e34ab71eea646efaf0a505a3bd07671bd6012"
Cache-Control: max-age=318936,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 752338965e37b529-OSL

                                        
                                            POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1 
Host: fleraprt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://userscloud.com
Content-Length: 1583
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.254
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Thu, 29 Sep 2022 08:07:02 GMT
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://userscloud.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    adb4650bfc9d2a73d4dd69583b0ceb14
Sha1:   1ce399d6e936232aaf2192cd7903a279c5015f22
Sha256: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /42/38?z=2892518 HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=42b1c6f6a4854f21bac19ec85f110e6b; oaidts=1664438802
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 9f7950dbd1bd842d2df1be5fd7c1da0a
access-control-expose-headers: X-Sc
set-cookie: OAID=42b1c6f6a4854f21bac19ec85f110e6b; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None oaidts=1664438802; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /multi?cs=U24wa0ViWgFafGpWBl59ZFYDXH0&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=826202848885564&agec=1664438802&fs=1&mbkb=649.3506493506494&ref=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_bseS=1664438800232&crc=1 HTTP/1.1 
Host: andamafraidt.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.24
HTTP/2 200 OK
content-type: text/plain
                                        
content-length: 1510
date: Thu, 29 Sep 2022 08:06:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=f23ee5ef-d9e5-4cd7-8085-780153b451d7 csu=826202848885564
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qBie1EyRdn9o-M0ist11-0-dJl3WglfM385aciOOzH4uCOi5tNIujw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1545
Md5:    c14fb6906422910155e5ba8c67798b5f
Sha1:   ef5202ca5480fc6d8bc9d77ce8379991584f674f
Sha256: f7b900f5b5b96ea3d85127469ec7f10e450581719c1b92f517e1b8c4e3b7f0a8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3300
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 08:06:43 GMT
Last-Modified: Thu, 29 Sep 2022 07:11:43 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 29 Sep 2022 06:41:09 GMT
expires: Thu, 29 Sep 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 5134
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?v=1&_v=j97&a=1433708009&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=1656375064&gjid=1649118129&cid=1032123285.1664438801&tid=UA-70768172-1&_gid=2081442078.1664438801&_r=1&gtm=2ou9q0&z=1909205916 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://userscloud.com
date: Thu, 29 Sep 2022 08:06:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.237
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:43 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1073607209%3A1664438803385097&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqYy67CObdV6wO84DPkKde3Jg6WNE8zfX2j-OdjSm_y0HTV049glVNGV2j437pm4TpNd57SHg
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-FWZKtcS3LbISTfJhMV9DTA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
set-cookie: __Host-GAPS=1:RlV81AaxG-lKrbg1FPFPm8q_DaaVgg:ceLpbCe2wf22wF09;Path=/;Expires=Sat, 28-Sep-2024 08:06:43 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Size:   400
Md5:    98f0c8b29db4b5464eb0222c22a9a173
Sha1:   2872a4cd0869f6af857edd53ad07635193ccc36a
Sha256: bd1dfbdb15f0231456c633578feb61b80f360fc3d64a5035b627d7fca195104f
                                        
                                            GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.237
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:43 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S755440684%3A1664438803390478&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpRhOp7xFsI6AhL77_3TZbrC6qxTNfA9n6hzUChpfaXbFf-Lon8c57qqg4YHOqNM15g3ltXeg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-SksYgU_7W5GZjjfPVmRa9Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:aoERAwnAnn1BXe0d_2Pyrr5zysNKaQ:qgPeL1buJ6uRiEIO;Path=/;Expires=Sat, 28-Sep-2024 08:06:43 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Size:   393
Md5:    6d8f071061b967b841fd0c1e547c87ea
Sha1:   1f29b375f5ba6607935bce10dea9d28cf9ac2e46
Sha256: 3fec205a6c5194a73e8a077bdb397c29f28dda1559a011185c9adbadd7712f12
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3300
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 08:06:43 GMT
Last-Modified: Thu, 29 Sep 2022 07:11:43 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.199.35
HTTP/2 200 OK
content-type: text/plain
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
set-cookie: csu=371794227753611@1@1664438802; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TIV62804sGN%2BTEy0MRCVpxG43u5gcwqXRB%2FM8lCncdw0GpXZ3Nh4dAJ28mZxxEHIJ0qV9kvXrPDTi9O1yhKfZvTr4bO0dAM21BqCbnijrqQKff269P%2Fd1muOeh4EZ4RN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75233893a849769e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   28
Md5:    754bdacd0e3abf31da7ff231d5bd9fe0
Sha1:   aa194e37c9f8ddf57424ccff5981a99724f35b6e
Sha256: c553edab488e8bd533ba4088f390160a34d5bb27a67d455cd57784b2a5315d3b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2920
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 08:06:43 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2920
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 08:06:43 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2920
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 08:06:43 GMT
Connection: keep-alive

                                        
                                            POST /9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e5ks887023qy222304688q2q8hghd532 HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 191
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=42b1c6f6a4854f21bac19ec85f110e6b; oaidts=1664438802
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:43 GMT
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 7fd24731666d9a97ab2226161199dfc0
access-control-expose-headers: X-Sc
set-cookie: OAID=e5ks887023qy222304688q2q8hghd532; expires=Fri, 29 Sep 2023 08:06:43 GMT; secure; SameSite=None oaidts=1664438802; expires=Fri, 29 Sep 2023 08:06:43 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    a97eb6fbe6f13b601d5d48c0eba8baae
Sha1:   736efb938caf3d0edec406932ada889f1a4f2268
Sha256: a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /asd100.bin HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                         
                                         172.64.199.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3372
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c8LKv%2FYsyzsTUyVKsm%2FNVc4LjnwMfWZqFHb7l%2FfxewiSNr5kRV7NK7Ge%2FWTSET%2Fy%2Bh4G46Zw0DUAV4ymn9rSqG1vjfQGDWShbQsm5yRdPMUs51w6eHpNtCf5e3IhbzZx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233893a848769e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   112054
Md5:    1895c4663d43fbee80dad945db9f09c6
Sha1:   119a5714d74ea174b3a4ffc0341474004758b01b
Sha256: 248117119d890a109a145d22dd9a441c5cdbab04f250bbb9044a9ad4bd3622b2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9002
x-amzn-requestid: 0623931b-a4d6-49de-ba32-d071c08eddbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKoiGKRIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be36-1573e2e91c85617424db019f;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:50 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3kkSL0VcJl64iZ0TiKfOwK620pLX2CAVWqY1Bp2NhokTX0572t_nnQ==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:47 GMT
etag: "d76293673a7aa2861b069ced614cdcdb84fed6d3"
age: 37556
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9002
Md5:    c80d7ce8a9d3fba54855e05731db759c
Sha1:   d76293673a7aa2861b069ced614cdcdb84fed6d3
Sha256: eabd1bfef29cad4045d688a909b9a8c88818d80bb432ce642d055583cf66d77d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9034
x-amzn-requestid: ccfaad8d-c270-491f-b0fa-ac56fb1ba14e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVJ_G2doAMFXqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633268a6-1599ec83051ceef5038d1296;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:06:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: G--ubYYfq5CFGAZzorD-TAgKentdIyvzSjrvqjTf_yGWDvjwX75KHg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:21 GMT
age: 13582
etag: "927d5a375d9607b23caadae148566fdff10147b1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9034
Md5:    2054ae778a3079d8233ee33045127df6
Sha1:   927d5a375d9607b23caadae148566fdff10147b1
Sha256: 6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3332
x-amzn-requestid: 34214e89-7232-4fd5-9257-adf231670681
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDb3vGkOIAMFVhg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63314031-3056111d48a5027a2062ad1b;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 06:01:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VosALWNOhCfUDfo2bXgYE0Cx2duyHRaLb5DCn9IydXtoIsYyg9vWhA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:49:13 GMT
age: 37050
etag: "4fc0699c763f67a2602b4b3f46b8b4013d2049c6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3332
Md5:    6ac86079d2901fb11bfaff81d91bb2d2
Sha1:   4fc0699c763f67a2602b4b3f46b8b4013d2049c6
Sha256: 8c25b9129fc01f6ffad911994e91436ab0026ed0b54568757a20ab7f92584467
                                        
                                            GET /?rb=VQW86SjHrvnPX6MB8tzqRgbXpwaAAckRnbGyQtKgXDnfnavW-MTj32c26A0jYNFJMEqx68LxP1eicuvNUP_KvvVCt52o0ByI8VGt0hn3SAgxWb0qu3GNW4-HHLb43IIrJUg9U9m67GSTU4w6xAA8iwt3T3R9gNt3OzsUmsZluWOyD4--UY08ah-hmZEkoCa8s1DBjBX0YNHvGsfW1zsh4ReF7eo%3D&request_ab2=0&zoneid=535061&js_build=iclick-v1.431.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.431.0&bs=54318339-a681-4569-8057-d4b320db4b09&userId=e5ks887023qy222304688q2q8hghd532&m=link HTTP/1.1 
Host: waisheph.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Cookie: OAID=3288da6e6e5e44a183f7a50d0fa23db5; oaidts=1664438802
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.245
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:43 GMT
x-trace-id: 6d3582450e0c3234bf28df78269beab1
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=e5ks887023qy222304688q2q8hghd532; expires=Fri, 29 Sep 2023 08:06:43 GMT; path=/; secure; SameSite=None oaidts=1664438803; expires=Fri, 29 Sep 2023 08:06:43 GMT; path=/; secure; SameSite=None syncedCookie=true; expires=Thu, 06 Oct 2022 08:06:43 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   9625
Md5:    767cff5b17f43d82556221568892f951
Sha1:   1e151b758a0a2e5574f0e9879f5f6531a667507a
Sha256: b99b2dc4de1ee33931433ead80292654ced5941b76dc1434fef64189ca7fe04a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VwWbbPJtnsSB1Y6riPtCZXX0Ocmxw024YRmlebWN1UQxZX3uvjsvOw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 05:41:14 GMT
age: 8729
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6390
Md5:    14218a43c5e5bbce546735a780c8ccce
Sha1:   61676358cdbb2373bc644e66f8a84fbc8cc5daf6
Sha256: 905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
                                        
                                            OPTIONS /500/4859604?excludes=&oaid=e5ks887023qy222304688q2q8hghd532&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: goomaphy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:43 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /stattag.js HTTP/1.1 
Host: tzegilo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.194.45
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 961
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ffOpW4rbukI1qS1kPwsGVa8nL1BmIq0GlxkRYDwA3PXYMlqWvZQ5ueOiZZe1oo0kCHKfPaHh%2BVQCoE60WDuOYu%2F%2FDrSovQOzfwsVXgqvV%2FGy1BYuokBsHpTcsqqbUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233894bb79b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Size:   11821
Md5:    38120dba8a1e6038d8b583e76c5ff38e
Sha1:   e1be4514faeaaab38c7311c15db593fed78efde7
Sha256: 7753037ea86e043518ef33e39ff5a57fefb6cfe3eabace8d113687dffa9addad
                                        
                                            GET /www/images/96d73cf80f752e9319997c6e575c3b82.jpeg HTTP/1.1 
Host: offerimage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.22.32.172
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Thu, 29 Sep 2022 08:06:44 GMT
content-length: 11449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "627e5574-2cb9"
expires: Fri, 30 Sep 2022 04:42:27 GMT
last-modified: Fri, 13 May 2022 12:56:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 12257
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7523389d2f7695eb-ARN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size:   11449
Md5:    96d73cf80f752e9319997c6e575c3b82
Sha1:   3dcf9d3b3e94698a842b1a98de17a02a8c3b4457
Sha256: 44dc0e0d92f12e669842f12722ca1a1848fb4be50deabd86c7d9deb64946db86
                                        
                                            GET /impression/gyvbGpmpdYF2C4AyFisvSHb3Gev0BVy77I6SKP3-QhWCcGzXI3l6ox_2H6kLvIMG3hL18r4TW_aPYBUVTQ_jWe7hms640yIMdHTu7HD0R1T6732fH17kEgJNyioz16pGOkFH5GG-N2E-eZ58APJYRfEooLFaabvgCW4Umh_dcRAs3Nj7o-_ifZ285VynqK610TM5ai-J-i2_VER6mKUrmOl_zk6W5M-3RxQ_m799YR_zY50nEDvH8aA3h3FkUu_4lnoTQduZ-OReqWb47CGlfTUyrYgKYu9WI2GGzP6sEfWZukrmXRDHVodGmOHTq_l2WMJ_sVyx75PCnnv84zVaWiINeA-OTCtCBFOHay3K03EjmO7pCysD7pwr5r7wazR5JaaWeN3mHl2eWGsLx23z7BwtlHR-ZTQf1G1-lup0qC5SSF2g-LtADChwWqRZdUBKB5q-_brICCNy7eQ3lxekm0Sq2lE3DHbjeUU7ZmVtGylwzs_G5apC_RDc1g7MP_HJEvEguwc4OeDskCGH04TgRl4KjLI1wNFPar1GZFxFQNWrhgacMYyzfiL2w5bghPrMiYctCKgcZTnwz82dQG5j7YjjsXB1tf4e?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: goomaphy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=e5ks887023qy222304688q2q8hghd532
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:47 GMT
content-length: 43
x-trace-id: 57747d2ead367eddd97f0c4b91a84c7b
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 08:06:48 GMT
date: Thu, 29 Sep 2022 08:06:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   16620
Md5:    49dcb3f23a58f998f11d8c2ca1b90a68
Sha1:   0aee92fad52d2f03484a134901a90260af43e913
Sha256: 92223ea8fd1122967d4b3adaec6c401be4ab899e973ed13fb3fb90520cdefcfa
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 45160
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /401/4859604 HTTP/1.1 
Host: goomaphy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
x-trace-id: 1657989a0589c65462d13f7beaf25cb1
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7413fa588a28406dbbe4db598bb06333; expires=Fri, 29 Sep 2023 08:06:42 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET / HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.64.199.35
HTTP/2 200 OK
content-type: text/plain
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
set-cookie: csu=953524653428595@1@1664438802; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FoMSiAElnR1Fk5H4lh5FwAeZDBB%2BX7WCSdjRbzDHqyWUKSSJfZFieab4r1l2%2BlaBEPAwMQMfn6np5%2BPBVhUezbiX%2FpfI9eiqHQ2u1Fz27PBMiUvwcyqg4Q1Xl0Ah63oI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338947939769e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /500/4859604?excludes=&oaid=e5ks887023qy222304688q2q8hghd532&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: goomaphy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=7413fa588a28406dbbe4db598bb06333
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:43 GMT
x-trace-id: b7c9d0ccbae10e8b7505d490d2887d57
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://userscloud.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=e5ks887023qy222304688q2q8hghd532; expires=Fri, 29 Sep 2023 08:06:43 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1?z=2582807 HTTP/1.1 
Host: tovanillitechan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: text/javascript
                                        
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 28c3cb5f8fdcccb9103e1321870884c2
access-control-expose-headers: X-Sc
x-sc: 0F3eTZW24Z_kGls_oFB2AMjllkZ-k7QOu5gnTYklR30ALbs0XiCqh8EIenl4cTESXlruEZKzDCtt1iZstpmLrzwwAv4=
set-cookie: scm=1; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None OAID=42b1c6f6a4854f21bac19ec85f110e6b; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None oaidts=1664438802; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /asd100.bin HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.199.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3372
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qkq8VKfr7RfY%2BcbU9mbECwsnLOiixXAnYgxuUU4gAHemHK0hil7447PX84dstf3SlNyxbvL4VGSab5WEbFE2WBJac9LCEb98LsjBKsGOBsWtPZl0m8cFtPwa7ypluHwO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233893a843769e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---