userscloud.com/jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip
104.21.69.102301 Moved Permanently 0 B URL HTTP/1.1 userscloud.com/jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip
IP 104.21.69.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 29 Sep 2022 08:06:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 29 Sep 2022 09:06:41 GMT
Location: https://userscloud.com/jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6viyTNsQGxFEUsD%2Bt4xHT3jVfenUBtmCpB2lhVvO7W9LnWw%2FwyxPbrQtZcfKApSl%2BCwjJvDBmxvJl2NtF4idjkeMa1KAQDMF2uBCCb%2B5x9VGYbQcjssbUhl42PKg9qdn4g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7523388c8fd1b52d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6dd4587c98aef98ad0939030a6976a7f
92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e
a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15967
Expires: Thu, 29 Sep 2022 12:32:48 GMT
Date: Thu, 29 Sep 2022 08:06:41 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 07:15:52 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: e_Z0qY6Ily53Wr2WABlwGQD8WurwSgdt0ZVTc4i5HS7axxR3SgFn1Q==
Age: 3049
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 97KMK8j00lFyjbZvraHMayha91uXyY03wmgnA7XU67V4JfeIEnB76w==
age: 9494
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5e9b0c86817a4d5d89c920b7ed85057b
a248e3a32ab059434400ee945c7b8f4fedb83ffe
b140486f05a6e21ab6193259a40f65734ac7ecb7be043c26977cd5e77388f19c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2571
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:41 GMT
Last-Modified: Thu, 29 Sep 2022 07:23:50 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 07:29:33 GMT
Expires: Thu, 29 Sep 2022 07:40:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GaDpktqIuP8U8eQRCX_utc1IXTxSQtz8qcWSw8ODa82nAMxsFFD_Hg==
Age: 2228
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5e9b0c86817a4d5d89c920b7ed85057b
a248e3a32ab059434400ee945c7b8f4fedb83ffe
b140486f05a6e21ab6193259a40f65734ac7ecb7be043c26977cd5e77388f19c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2572
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:42 GMT
Last-Modified: Thu, 29 Sep 2022 07:23:50 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 20 kB IP 93.184.220.29:0
Hash b7e841fc271ae2685572d2226a2fd2cb
e187bf6cb5275c41dfcdf53891d9e51554082c05
fb9133d54ad4ae64168ed4d3ce47b3e679917e8e687304b8ff8f86b9d722a11c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1708
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:42 GMT
Last-Modified: Thu, 29 Sep 2022 07:38:14 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3526d5ce1381ba26cbc553db057e1915
fe01c920696448e8bf12e6fff877bce8281d34a2
09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3348
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:42 GMT
Last-Modified: Thu, 29 Sep 2022 07:10:54 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 34 kB IP 142.250.74.3:0
Hash 2707e11f3800a0a78ad63adccaf81761
9b1dd568ad081e61cdec58a9f611b36440a73da1
f95a661c59099123052f07a424e1747fc9bfaa4e9d4ed403f8c31764e266ac63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-70768172-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-70768172-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (2039)
Hash c0a0166a30a5c3637d52f4f7da049e4b
0cd768451b6540b9b55da085474ef55752a32072
06b1cf8764e33090d269e3bf4eef44fb7a090f67d2c765bab807336eee30ce03
GET /gtag/js?id=UA-70768172-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Sep 2022 08:06:42 GMT
expires: Thu, 29 Sep 2022 08:06:42 GMT
cache-control: private, max-age=900
last-modified: Thu, 29 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42394
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fd469409720ae819039ee786fc14c04b
28408757f0a13a499e07e44141ba192aec9ec32d
3e9af4878804bf34e63d54de0cd2b6eb9e690880f619a69ee2705ec61b7eb5ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E9AF4878804BF34E63D54DE0CD2B6EB9E690880F619A69EE2705EC61B7EB5EC"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14357
Expires: Thu, 29 Sep 2022 12:05:59 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 75eebff373cf84ae810a9e326f9e3d03
a5b22b0eee98dda385cb4e90d119205bc5f3a25f
f2089c63c7c2b3024972aba8cbc12dfcffc79dfc1ef9f7be801c79e7737b0d71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10021
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10021
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive
andamafraidt.xyz/utx?cb=yf66L70oLdPU&top=userscloud.com&tid=600304
54.230.111.24204 No Content 0 B URL HTTP/2 andamafraidt.xyz/utx?cb=yf66L70oLdPU&top=userscloud.com&tid=600304
IP 54.230.111.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=yf66L70oLdPU&top=userscloud.com&tid=600304 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _LmkHbCVs124MYJwrvs1f5lQWwjyzcGy_ho_jFs_YSUv3p73Ib1oeA==
X-Firefox-Spdy: h2
andamafraidt.xyz/utx?cb=8K6uc9MoYdGS&top=userscloud.com&tid=708052
54.230.111.24204 No Content 0 B URL HTTP/2 andamafraidt.xyz/utx?cb=8K6uc9MoYdGS&top=userscloud.com&tid=708052
IP 54.230.111.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=8K6uc9MoYdGS&top=userscloud.com&tid=708052 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wvESPZ2H5gfbw4_E-EXuIoHMBjVGK4fWiKdXL8S391Xs6suoJ0UP_g==
X-Firefox-Spdy: h2
andamafraidt.xyz/ZzcxUXEGVVI8TgYKU3cEFVsMdEMhEgMXFVZdRiEVVgZeNxkDAlZ/EgtYRDUXFVhfJV8JUkV0QyF+UxcnPWQBCCEoXVIlFDVQCQEpPUBpFicWUgIbOjdOXjo6JU9eHhhSEgMTMCZxWRgGMlVzKzwUU3BkCytjdDgkMGEUYzctTlISPAplRRgGLgVrGQEAc2UURgNZexo4NFxaHSciA3gSJBF2cgAEN05GHhIeQEA0BiIBeCg4FnZ1A0kCZnMLFFVbRDU3Hw54CQFUZGYIEwVZYzI+M3ZdHAk1QFBiAkIFcwc2KnBXCTstbVklBANxRj89VQIAHSYfQWsJKyFUdnwFUH5gOkMqXmM7KQ95QzRCA1RrBhlQUwE9HwZkASc5DXYUYzctcwQbKx8OSDI0LVtXK0RQb2B3GxRYXyFMBFIJPSVfX3ImIw1QAzM
54.230.111.24200 OK 1.2 kB URL HTTP/2 andamafraidt.xyz/ZzcxUXEGVVI8TgYKU3cEFVsMdEMhEgMXFVZdRiEVVgZeNxkDAlZ/EgtYRDUXFVhfJV8JUkV0QyF+UxcnPWQBCCEoXVIlFDVQCQEpPUBpFicWUgIbOjdOXjo6JU9eHhhSEgMTMCZxWRgGMlVzKzwUU3BkCytjdDgkMGEUYzctTlISPAplRRgGLgVrGQEAc2UURgNZexo4NFxaHSciA3gSJBF2cgAEN05GHhIeQEA0BiIBeCg4FnZ1A0kCZnMLFFVbRDU3Hw54CQFUZGYIEwVZYzI+M3ZdHAk1QFBiAkIFcwc2KnBXCTstbVklBANxRj89VQIAHSYfQWsJKyFUdnwFUH5gOkMqXmM7KQ95QzRCA1RrBhlQUwE9HwZkASc5DXYUYzctcwQbKx8OSDI0LVtXK0RQb2B3GxRYXyFMBFIJPSVfX3ImIw1QAzM
IP 54.230.111.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash 73232016a9915deb50465c4152b984da
3a896252c923cbfea97159b69746091c1d64825b
ba75f6a52db89bbb9c8b20cfa52677ef6863ddba84555cc4d3259673c1d97b91
GET /ZzcxUXEGVVI8TgYKU3cEFVsMdEMhEgMXFVZdRiEVVgZeNxkDAlZ/EgtYRDUXFVhfJV8JUkV0QyF+UxcnPWQBCCEoXVIlFDVQCQEpPUBpFicWUgIbOjdOXjo6JU9eHhhSEgMTMCZxWRgGMlVzKzwUU3BkCytjdDgkMGEUYzctTlISPAplRRgGLgVrGQEAc2UURgNZexo4NFxaHSciA3gSJBF2cgAEN05GHhIeQEA0BiIBeCg4FnZ1A0kCZnMLFFVbRDU3Hw54CQFUZGYIEwVZYzI+M3ZdHAk1QFBiAkIFcwc2KnBXCTstbVklBANxRj89VQIAHSYfQWsJKyFUdnwFUH5gOkMqXmM7KQ95QzRCA1RrBhlQUwE9HwZkASc5DXYUYzctcwQbKx8OSDI0LVtXK0RQb2B3GxRYXyFMBFIJPSVfX3ImIw1QAzM HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1181
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: E8xu4psnu0ClgAmd6bZxYIVevyVqYEXNF880xDbhoPZCyHJ8Ml2DiQ==
X-Firefox-Spdy: h2
userscloud.com/jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip
172.67.207.105200 OK 173 kB URL HTTP/2 userscloud.com/jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip
IP 172.67.207.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (64106)
Size 173 kB (173220 bytes)
Hash dc301c7ea00b9971789f2435bed935d6
c5040e3cf492dc31996db8af82f2afc88845251b
a2fc55c86a382f745b5dec4f10126c3bee40af09f7557dc538917eb8200622ca
GET /jme7cf0y3elu/Howard%20the%20Duck%20027-033%20+%20Annual%20(1977-1979).zip HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Wed, 28 Sep 2022 08:06:41 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: BYPASS
set-cookie: lang=english; domain=.userscloud.com; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jl%2Fzu8XQGU3KbVC4mOG48rnwaSGItZwdp%2F1ycA2y9Q8r4V3iV7SS4ieq1IjMbnHoLeMsY4DrKm2M3iwSHDL538k9Jn0AaqZguYn455y3CKOe0CHexIkFqStdx11GTKVOqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7523388e5c3fb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
172.64.156.26200 OK 5.6 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 172.64.156.26:0
Hash 71a57443bcb1914f0147e6c8147db9a4
c7adab6a989ddd3a854e4f4bcda2122ce28cd875
75b72edc20320252f4d8d8dd75981cb16d0606acb0f4cddcfe8bf4cc78ab77d3
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233891da54b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
esathyaspsu.xyz/bXZjd2NCSQAEXjsbNR4GOCAOIVI3NAcgVjgjNkZRNCA5IDclP0UDCglLVUdTXkZXURMEEl5GRR4CAgMWHktSUQoDEAxKRRtLUllQWVhRTk1dUBZKUksCExYEUEdFBxcZGl5GVVtCV0RbWk9aQVZU
104.21.80.127204 No Content 0 B URL HTTP/2 esathyaspsu.xyz/bXZjd2NCSQAEXjsbNR4GOCAOIVI3NAcgVjgjNkZRNCA5IDclP0UDCglLVUdTXkZXURMEEl5GRR4CAgMWHktSUQoDEAxKRRtLUllQWVhRTk1dUBZKUksCExYEUEdFBxcZGl5GVVtCV0RbWk9aQVZU
IP 104.21.80.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bXZjd2NCSQAEXjsbNR4GOCAOIVI3NAcgVjgjNkZRNCA5IDclP0UDCglLVUdTXkZXURMEEl5GRR4CAgMWHktSUQoDEAxKRRtLUllQWVhRTk1dUBZKUksCExYEUEdFBxcZGl5GVVtCV0RbWk9aQVZU HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vpUb1IGUGUYPruNqWPIwHdG3xP03Af1cpdvEFBTA8DogkTyiWA2f%2FfVvevYUb7y58mK8daA8aJW%2BhJEUHvZl6W8vRyvQTcGdSUCXyr%2FD6fl1cfPoVZ3jyk9L7oSpl8OH2YU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338936fdbb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 103 kB IP 172.64.199.35:0
Size 103 kB (102903 bytes)
Hash 049f1b10e3a0e77f5786aab3f0357e6f
48fae84fe1c8029175abdac67baf5e37cd4b2c79
5115ef84c320bb1bd4f0598aae6e1735372a0bab1931b5cff09408620a842cb6
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3372
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zMJ2u4QGl60s%2BNX%2FCOQN1M843WQkrpUFAM7%2FPgQOUhRb44JkFJwpq2%2F7j%2BameKd3CfpsOyW5mFFlgPwFh7ot0NO%2FFDlUAIib3UgGaI6dtphpiIo9L%2BgO8HokaKz7iA6F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233893a847769e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.70.239.215101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.70.239.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: adE3KOTxsXz1TMaL/OVLvQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sikrs6DLMYoLVN8sEQxNNIiyFkk=
andamafraidt.xyz/RThSMHckWjFdSCQFMBYCN1RvFUUDHWB2E3RSJUATdAk9Vh8hDTUeFClXJ1QRN1c8RFkrXSYVRQN/CwIlNFkWWzYGTwN/NS1bHHQbEHoHXD0RYCVAMQFQOXghPXYIfzEpfBtmLn1wPkdBEHwfWCI/Wz1kNT18EAEbJGw+ZTQGX2NmPzJhGXMhEHEAYSIKezViLxRQZmkhIlAIcg8DYBFXECdwYgA9B1MlVCADDBhyJQ9pFkcQCWwDQxsQbQBpPwN+B2EfBHEHWzEfczpIJRN5C3IhPWExZEYqchUBDyZ2JQkvFG45QT8Dfgd3NXFbB3MhEWA6VCMRbX8JFgZpA3I0FHYFYhscSwVXGxZuFEAtBm4YciADUDRzHxxoFlwuJ2kEVwIEfgR7IC4NH2gbEB44QxgrSG9iRj96YGYBIGFmaT4vbB4
54.230.111.24200 OK 1.2 kB URL HTTP/2 andamafraidt.xyz/RThSMHckWjFdSCQFMBYCN1RvFUUDHWB2E3RSJUATdAk9Vh8hDTUeFClXJ1QRN1c8RFkrXSYVRQN/CwIlNFkWWzYGTwN/NS1bHHQbEHoHXD0RYCVAMQFQOXghPXYIfzEpfBtmLn1wPkdBEHwfWCI/Wz1kNT18EAEbJGw+ZTQGX2NmPzJhGXMhEHEAYSIKezViLxRQZmkhIlAIcg8DYBFXECdwYgA9B1MlVCADDBhyJQ9pFkcQCWwDQxsQbQBpPwN+B2EfBHEHWzEfczpIJRN5C3IhPWExZEYqchUBDyZ2JQkvFG45QT8Dfgd3NXFbB3MhEWA6VCMRbX8JFgZpA3I0FHYFYhscSwVXGxZuFEAtBm4YciADUDRzHxxoFlwuJ2kEVwIEfgR7IC4NH2gbEB44QxgrSG9iRj96YGYBIGFmaT4vbB4
IP 54.230.111.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3025), with no line terminators
Hash ead2ff0ffb7f74d4916dc6cb7a97e474
9da6e7ec8e3ccf8c1ad557526b1a6ca69c634b2e
d70c4deac8ea27d6d7a630b4cfcb90c0a7892aeaca950fa89c0d7db9f9771cb0
GET /RThSMHckWjFdSCQFMBYCN1RvFUUDHWB2E3RSJUATdAk9Vh8hDTUeFClXJ1QRN1c8RFkrXSYVRQN/CwIlNFkWWzYGTwN/NS1bHHQbEHoHXD0RYCVAMQFQOXghPXYIfzEpfBtmLn1wPkdBEHwfWCI/Wz1kNT18EAEbJGw+ZTQGX2NmPzJhGXMhEHEAYSIKezViLxRQZmkhIlAIcg8DYBFXECdwYgA9B1MlVCADDBhyJQ9pFkcQCWwDQxsQbQBpPwN+B2EfBHEHWzEfczpIJRN5C3IhPWExZEYqchUBDyZ2JQkvFG45QT8Dfgd3NXFbB3MhEWA6VCMRbX8JFgZpA3I0FHYFYhscSwVXGxZuFEAtBm4YciADUDRzHxxoFlwuJ2kEVwIEfgR7IC4NH2gbEB44QxgrSG9iRj96YGYBIGFmaT4vbB4 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1178
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pfFOZW0iO79NTFneahsClbRhws5o4s2OHfCi12VuFzYm5b9o5yvzVA==
X-Firefox-Spdy: h2
esathyaspsu.xyz/Y3FudGhMTg0HVQBBFiI+DSMtES8xHzohGFMoXDolMTk8GTE2BkgAAQdMWURQU0RcUhgKFVNGUUUCGhUcFgJTRU4KHwgbVUUHU0VGU19YREZTVxtJWUUFHhUPXkBIBBwXHVNFXlVFWkdQVEhXQ1hT
104.21.80.127204 No Content 3.9 kB URL HTTP/2 esathyaspsu.xyz/Y3FudGhMTg0HVQBBFiI+DSMtES8xHzohGFMoXDolMTk8GTE2BkgAAQdMWURQU0RcUhgKFVNGUUUCGhUcFgJTRU4KHwgbVUUHU0VGU19YREZTVxtJWUUFHhUPXkBIBBwXHVNFXlVFWkdQVEhXQ1hT
IP 104.21.80.127:0
File type gzip compressed data, from Unix\012- data
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
GET /Y3FudGhMTg0HVQBBFiI+DSMtES8xHzohGFMoXDolMTk8GTE2BkgAAQdMWURQU0RcUhgKFVNGUUUCGhUcFgJTRU4KHwgbVUUHU0VGU19YREZTVxtJWUUFHhUPXkBIBBwXHVNFXlVFWkdQVEhXQ1hT HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BcfVltU6jKrq%2BqrqiMl5WdLavtEJLHIAOgCExu%2BYE6NK5w7UO0%2Bkdj9749Bqs9UsCc0RiRmZmn%2FIfBpf2tnmt00CMzFcFjqoHVGm%2BfkMuE2mGrsgguBmhiu3HgObY8FBrbg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338937809b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10021
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive
esathyaspsu.xyz/cEF3Q0JffhQwfyo7HzYnOAcgBwQcDyYVAzkXR3oGJiYbFBE1BFE3KxR8T3J0SXZEZTIZJUpxe1YyAyI2BTJKcmQZLxEsf1Y3SnJsQG9Bc2xAZwJ+c1Y1ByIlTXBRMzYELUpydEZ1Q3B6R3hOdHNE
104.21.80.127204 No Content 0 B URL HTTP/2 esathyaspsu.xyz/cEF3Q0JffhQwfyo7HzYnOAcgBwQcDyYVAzkXR3oGJiYbFBE1BFE3KxR8T3J0SXZEZTIZJUpxe1YyAyI2BTJKcmQZLxEsf1Y3SnJsQG9Bc2xAZwJ+c1Y1ByIlTXBRMzYELUpydEZ1Q3B6R3hOdHNE
IP 104.21.80.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cEF3Q0JffhQwfyo7HzYnOAcgBwQcDyYVAzkXR3oGJiYbFBE1BFE3KxR8T3J0SXZEZTIZJUpxe1YyAyI2BTJKcmQZLxEsf1Y3SnJsQG9Bc2xAZwJ+c1Y1ByIlTXBRMzYELUpydEZ1Q3B6R3hOdHNE HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mq2aLO1dPl8fEcDKK7sYv%2Brdh8MX7auq%2FrzsheKYFX0ljPsvvNCrCvcuO%2Fv9UwpS9tqy61r3rWlSq3NuS9T7rRcJ7LVavnzDHCLkvi1KSiGUi%2FrmnCJ6U1EKbXd9a5RdYNk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338938819b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
andamafraidt.xyz/NGNxejdVARIXCFVeE1xCRg9MXwVyRkM8UwUJBgpTBVIeHF9QVhZUVFgMBB5RRgwfDhlaBgVfBXIZJ0lbcjpAGQdyCgI8VncuIDNhAQQrSnEFNRwsT3EZKDd4Zwc0N3FXDhMSD1IpNR0Pewo8K3IHJj8qQFASK0sPRCIbEUBmJDw9eGAxNB5yYVE8AkMANUI/XXcwHjNWXgwwMUBbVDsdA0wgJSxPcCAjH3heBDU2dgxUPxZPBykmMAJnNDMobQdbMx5xfhorPkNTNiYZAHEgAi17Byk9HmVAFSgpbU41QjBce1EzKG1NNiEjcXU0ExEORjZCT05nUFwvcnkJICl8XzkdP2JAUiQXU1owOSxkVw4nMH5DDB03XwwSNkl9WDNCAmFRNBUcenJWHFxdRwwfCgpBVwBDUW4kHhF0UhA1
54.230.111.24200 OK 1.2 kB URL HTTP/2 andamafraidt.xyz/NGNxejdVARIXCFVeE1xCRg9MXwVyRkM8UwUJBgpTBVIeHF9QVhZUVFgMBB5RRgwfDhlaBgVfBXIZJ0lbcjpAGQdyCgI8VncuIDNhAQQrSnEFNRwsT3EZKDd4Zwc0N3FXDhMSD1IpNR0Pewo8K3IHJj8qQFASK0sPRCIbEUBmJDw9eGAxNB5yYVE8AkMANUI/XXcwHjNWXgwwMUBbVDsdA0wgJSxPcCAjH3heBDU2dgxUPxZPBykmMAJnNDMobQdbMx5xfhorPkNTNiYZAHEgAi17Byk9HmVAFSgpbU41QjBce1EzKG1NNiEjcXU0ExEORjZCT05nUFwvcnkJICl8XzkdP2JAUiQXU1owOSxkVw4nMH5DDB03XwwSNkl9WDNCAmFRNBUcenJWHFxdRwwfCgpBVwBDUW4kHhF0UhA1
IP 54.230.111.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash e35f91d865d0ddc9d787a7536f305c07
8248e4fc34489aac0590b33b4a96ccc48653efa2
82051d192ef52b87a4d3490a1100df4b50881e40e3d40cc4209ee0c7acd36ad3
GET /NGNxejdVARIXCFVeE1xCRg9MXwVyRkM8UwUJBgpTBVIeHF9QVhZUVFgMBB5RRgwfDhlaBgVfBXIZJ0lbcjpAGQdyCgI8VncuIDNhAQQrSnEFNRwsT3EZKDd4Zwc0N3FXDhMSD1IpNR0Pewo8K3IHJj8qQFASK0sPRCIbEUBmJDw9eGAxNB5yYVE8AkMANUI/XXcwHjNWXgwwMUBbVDsdA0wgJSxPcCAjH3heBDU2dgxUPxZPBykmMAJnNDMobQdbMx5xfhorPkNTNiYZAHEgAi17Byk9HmVAFSgpbU41QjBce1EzKG1NNiEjcXU0ExEORjZCT05nUFwvcnkJICl8XzkdP2JAUiQXU1owOSxkVw4nMH5DDB03XwwSNkl9WDNCAmFRNBUcenJWHFxdRwwfCgpBVwBDUW4kHhF0UhA1 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Thu, 29 Sep 2022 08:06:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: g-o9pFPXutAxZDqJBcFBZ7j9p8o794Zl93JS3ZExqSeo0SAb3bkVgg==
X-Firefox-Spdy: h2
waisheph.com/tag.min.js
139.45.197.245200 OK 23 kB IP 139.45.197.245:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 55bfb65a45375a59df27572861a64783
2838cf8e3623bfbccf2618dac1495f992dae2b6c
9c86b08b70bf998cacd69539dbd479bfe6cc5f973cd514cd8c3f29c21092b5c1
GET /tag.min.js HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: text/javascript; charset=utf-8
content-length: 22987
content-encoding: br
x-trace-id: c91930ea82e2d8d57322b737f476bfa6
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 28 Sep 2022 07:57:59 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
d1jwpd11ofhd5g.cloudfront.net/IbFVZS0YPOjcteRg8PXZwXGVqe3JKPyokKBxoOi5+AAFhIwUbBzMsdA5zLTEiUWV/JycCMmRtIwI2ZHpgDTE7dnJKISkkLVE4ICUvACQuPywOcywqewE6IyIqADR8eQBZe2ludFx9IXp3SWYbbnRcOTAlMxRwa3s+VGMGfXJJZhtudFwnL251LWxvZXZFcG-t7IQk2MiRjXhNre3dcZWh7d0lnaS0vHjA/JD5JZx9ycEJlfz57XQ
143.204.42.138200 OK 788 B URL HTTP/2 d1jwpd11ofhd5g.cloudfront.net/IbFVZS0YPOjcteRg8PXZwXGVqe3JKPyokKBxoOi5+AAFhIwUbBzMsdA5zLTEiUWV/JycCMmRtIwI2ZHpgDTE7dnJKISkkLVE4ICUvACQuPywOcywqewE6IyIqADR8eQBZe2ludFx9IXp3SWYbbnRcOTAlMxRwa3s+VGMGfXJJZhtudFwnL251LWxvZXZFcG-t7IQk2MiRjXhNre3dcZWh7d0lnaS0vHjA/JD5JZx9ycEJlfz57XQ
IP 143.204.42.138:0
File type ASCII text, with very long lines (1094), with no line terminators
Hash 3777e82b976de179a64d918dc6aabd84
f61ff88077716450aa95a19ee6380d37451247e8
9d8f936506ecd000be5608f342391da0689ef2feab85392234eb24d3d23bde78
GET /IbFVZS0YPOjcteRg8PXZwXGVqe3JKPyokKBxoOi5+AAFhIwUbBzMsdA5zLTEiUWV/JycCMmRtIwI2ZHpgDTE7dnJKISkkLVE4ICUvACQuPywOcywqewE6IyIqADR8eQBZe2ludFx9IXp3SWYbbnRcOTAlMxRwa3s+VGMGfXJJZhtudFwnL251LWxvZXZFcG-t7IQk2MiRjXhNre3dcZWh7d0lnaS0vHjA/JD5JZx9ycEJlfz57XQ HTTP/1.1
Host: d1jwpd11ofhd5g.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 768
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Px8ZVn_PX6riSHA-IdMBvJkdJiLivzLpylCGWvw7xeItDJcl-dCd6w==
X-Firefox-Spdy: h2
d1jwpd11ofhd5g.cloudfront.net/GY2RqaDkACwQOBhcNDlUBUlJTXwpFDhkHVxNZOFlDIVY8Hlw6UDMhUzcoTBxDB1laTlUCCg1VHwYKCVUIRQUOCgRXQh4YVghZBxFXCggbH00JBkwdWF4JBRJQDwgLTQslUURYHFFUQhAIUkFZKhxRVAYBVxYcT1oJG1xcNw9XQVkqHFFUGB4cUCVTXhdTTU-9aCQQBCQNWRlYsWglSVFpZCVJBWFhfChYPDlYbQVguAFVKWk5MXlU
143.204.42.138200 OK 437 B URL HTTP/2 d1jwpd11ofhd5g.cloudfront.net/GY2RqaDkACwQOBhcNDlUBUlJTXwpFDhkHVxNZOFlDIVY8Hlw6UDMhUzcoTBxDB1laTlUCCg1VHwYKCVUIRQUOCgRXQh4YVghZBxFXCggbH00JBkwdWF4JBRJQDwgLTQslUURYHFFUQhAIUkFZKhxRVAYBVxYcT1oJG1xcNw9XQVkqHFFUGB4cUCVTXhdTTU-9aCQQBCQNWRlYsWglSVFpZCVJBWFhfChYPDlYbQVguAFVKWk5MXlU
IP 143.204.42.138:0
File type ASCII text, with very long lines (575), with no line terminators
Hash f4f17b4c429bac79ad5bac4fe388181f
8175270669294b64fbcc3c66c7c3a461690bc2b0
fde3b17a7b23163ab9e3e3efe551a4bf45ba924246c78658fb75958feedff7e4
GET /GY2RqaDkACwQOBhcNDlUBUlJTXwpFDhkHVxNZOFlDIVY8Hlw6UDMhUzcoTBxDB1laTlUCCg1VHwYKCVUIRQUOCgRXQh4YVghZBxFXCggbH00JBkwdWF4JBRJQDwgLTQslUURYHFFUQhAIUkFZKhxRVAYBVxYcT1oJG1xcNw9XQVkqHFFUGB4cUCVTXhdTTU-9aCQQBCQNWRlYsWglSVFpZCVJBWFhfChYPDlYbQVguAFVKWk5MXlU HTTP/1.1
Host: d1jwpd11ofhd5g.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 437
date: Thu, 29 Sep 2022 08:06:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: I5RxWyVwj4N7281BJFPEuCW6zMy009AhOuAKBQ7V5WkW0UgNbRcZ3Q==
X-Firefox-Spdy: h2
waisheph.com/5/535061/?oo=1&aab=1
139.45.197.245200 OK 1.8 kB URL HTTP/2 waisheph.com/5/535061/?oo=1&aab=1
IP 139.45.197.245:0
File type JSON data\012- , ASCII text, with very long lines (3318), with no line terminators
Hash ec196a16f11438c308df770023631601
c0fdf9f175927e63e95cc39a50eb0d298e4b1529
404d6c02dc4060f46c86842015e5d66b480e7b7ff3fd37f2c42b153cb185563a
GET /5/535061/?oo=1&aab=1 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: application/json
x-trace-id: e902c4bb97a3b3d9bc8304fc9301c14e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=3288da6e6e5e44a183f7a50d0fa23db5; expires=Fri, 29 Sep 2023 08:06:42 GMT; path=/; secure; SameSite=None
oaidts=1664438802; expires=Fri, 29 Sep 2023 08:06:42 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2f5989d4743444fc557dab6bf17a3a62
342d1dccc65999045ef7d3ac1933d4393431cf78
dda1c7a6542a0b3c0c9dafe943fb8fbd85e508e57150175b89222a45b650cd89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DDA1C7A6542A0B3C0C9DAFE943FB8FBD85E508E57150175B89222A45B650CD89"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4714
Expires: Thu, 29 Sep 2022 09:25:16 GMT
Date: Thu, 29 Sep 2022 08:06:42 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 008bb0f15929580c49beb48408615d01
a28e34ab71eea646efaf0a505a3bd07671bd6012
f612ef9519f2b8baad9918a77a873fb28c691518df1504fb32a47af79b8f7e18
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:06:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 00:52:20 GMT
Expires: Mon, 03 Oct 2022 00:52:19 GMT
Etag: "a28e34ab71eea646efaf0a505a3bd07671bd6012"
Cache-Control: max-age=318936,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 752338965e37b529-OSL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://userscloud.com
Content-Length: 1583
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 29 Sep 2022 08:07:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://userscloud.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
tovanillitechan.com/42/38?z=2892518
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=2892518
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=2892518 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=42b1c6f6a4854f21bac19ec85f110e6b; oaidts=1664438802
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 9f7950dbd1bd842d2df1be5fd7c1da0a
access-control-expose-headers: X-Sc
set-cookie: OAID=42b1c6f6a4854f21bac19ec85f110e6b; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None
oaidts=1664438802; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
andamafraidt.xyz/multi?cs=U24wa0ViWgFafGpWBl59ZFYDXH0&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=826202848885564&agec=1664438802&fs=1&mbkb=649.3506493506494&ref=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_bseS=1664438800232&crc=1
54.230.111.24200 OK 1.5 kB URL HTTP/2 andamafraidt.xyz/multi?cs=U24wa0ViWgFafGpWBl59ZFYDXH0&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=826202848885564&agec=1664438802&fs=1&mbkb=649.3506493506494&ref=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_bseS=1664438800232&crc=1
IP 54.230.111.24:0
Hash c14fb6906422910155e5ba8c67798b5f
ef5202ca5480fc6d8bc9d77ce8379991584f674f
f7b900f5b5b96ea3d85127469ec7f10e450581719c1b92f517e1b8c4e3b7f0a8
GET /multi?cs=U24wa0ViWgFafGpWBl59ZFYDXH0&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=826202848885564&agec=1664438802&fs=1&mbkb=649.3506493506494&ref=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_bseS=1664438800232&crc=1 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1510
date: Thu, 29 Sep 2022 08:06:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=f23ee5ef-d9e5-4cd7-8085-780153b451d7
csu=826202848885564
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qBie1EyRdn9o-M0ist11-0-dJl3WglfM385aciOOzH4uCOi5tNIujw==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 366fbb58b56c6469840359066ae0ef4b
519ec2d019a3df15e1555ee7e9f784207f3ee604
4c03f3b3b06d0359ff6c3e72e91c39cb8f6e6406ed7b8ba9e09708da8e2d38f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3300
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:43 GMT
Last-Modified: Thu, 29 Sep 2022 07:11:43 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c3da91f34812391491a0b02df83a7670
c1bb27bae663584e2b1af0632e291cb1b16475ec
604e15400aa4b851d27581040b17fc890d74bc9f7b6533c699dc682266fdc939
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 29 Sep 2022 06:41:09 GMT
expires: Thu, 29 Sep 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 5134
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c3da91f34812391491a0b02df83a7670
c1bb27bae663584e2b1af0632e291cb1b16475ec
604e15400aa4b851d27581040b17fc890d74bc9f7b6533c699dc682266fdc939
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j97&a=1433708009&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=1656375064&gjid=1649118129&cid=1032123285.1664438801&tid=UA-70768172-1&_gid=2081442078.1664438801&_r=1>m=2ou9q0&z=1909205916
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j97&a=1433708009&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=1656375064&gjid=1649118129&cid=1032123285.1664438801&tid=UA-70768172-1&_gid=2081442078.1664438801&_r=1>m=2ou9q0&z=1909205916
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j97&a=1433708009&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=1656375064&gjid=1649118129&cid=1032123285.1664438801&tid=UA-70768172-1&_gid=2081442078.1664438801&_r=1>m=2ou9q0&z=1909205916 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://userscloud.com
date: Thu, 29 Sep 2022 08:06:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 400 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 98f0c8b29db4b5464eb0222c22a9a173
2872a4cd0869f6af857edd53ad07635193ccc36a
bd1dfbdb15f0231456c633578feb61b80f360fc3d64a5035b627d7fca195104f
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:43 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1073607209%3A1664438803385097&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqYy67CObdV6wO84DPkKde3Jg6WNE8zfX2j-OdjSm_y0HTV049glVNGV2j437pm4TpNd57SHg
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-FWZKtcS3LbISTfJhMV9DTA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
set-cookie: __Host-GAPS=1:RlV81AaxG-lKrbg1FPFPm8q_DaaVgg:ceLpbCe2wf22wF09;Path=/;Expires=Sat, 28-Sep-2024 08:06:43 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 6d8f071061b967b841fd0c1e547c87ea
1f29b375f5ba6607935bce10dea9d28cf9ac2e46
3fec205a6c5194a73e8a077bdb397c29f28dda1559a011185c9adbadd7712f12
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:43 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S755440684%3A1664438803390478&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpRhOp7xFsI6AhL77_3TZbrC6qxTNfA9n6hzUChpfaXbFf-Lon8c57qqg4YHOqNM15g3ltXeg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-SksYgU_7W5GZjjfPVmRa9Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:aoERAwnAnn1BXe0d_2Pyrr5zysNKaQ:qgPeL1buJ6uRiEIO;Path=/;Expires=Sat, 28-Sep-2024 08:06:43 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7f6c1bbbde940ad17ceda150b7b1664d
7273da22f182d9540784068537cc678ec27800d3
4d8a6cd94e298a71543331248750230237a56a67cef251c7a204291612dbb569
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 366fbb58b56c6469840359066ae0ef4b
519ec2d019a3df15e1555ee7e9f784207f3ee604
4c03f3b3b06d0359ff6c3e72e91c39cb8f6e6406ed7b8ba9e09708da8e2d38f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3300
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:43 GMT
Last-Modified: Thu, 29 Sep 2022 07:11:43 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
pogothere.xyz/
172.64.199.35200 OK 28 B IP 172.64.199.35:0
File type ASCII text, with no line terminators
Hash 754bdacd0e3abf31da7ff231d5bd9fe0
aa194e37c9f8ddf57424ccff5981a99724f35b6e
c553edab488e8bd533ba4088f390160a34d5bb27a67d455cd57784b2a5315d3b
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: text/plain
set-cookie: csu=371794227753611@1@1664438802; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TIV62804sGN%2BTEy0MRCVpxG43u5gcwqXRB%2FM8lCncdw0GpXZ3Nh4dAJ28mZxxEHIJ0qV9kvXrPDTi9O1yhKfZvTr4bO0dAM21BqCbnijrqQKff269P%2Fd1muOeh4EZ4RN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75233893a849769e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2920
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 08:06:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2920
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 08:06:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2920
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 08:06:43 GMT
Connection: keep-alive
tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e5ks887023qy222304688q2q8hghd532
139.45.197.239200 OK 7 B URL HTTP/2 tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e5ks887023qy222304688q2q8hghd532
IP 139.45.197.239:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e5ks887023qy222304688q2q8hghd532 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 191
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=42b1c6f6a4854f21bac19ec85f110e6b; oaidts=1664438802
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:43 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 7fd24731666d9a97ab2226161199dfc0
access-control-expose-headers: X-Sc
set-cookie: OAID=e5ks887023qy222304688q2q8hghd532; expires=Fri, 29 Sep 2023 08:06:43 GMT; secure; SameSite=None
oaidts=1664438802; expires=Fri, 29 Sep 2023 08:06:43 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 112 kB IP 172.64.199.35:0
Size 112 kB (112054 bytes)
Hash 1895c4663d43fbee80dad945db9f09c6
119a5714d74ea174b3a4ffc0341474004758b01b
248117119d890a109a145d22dd9a441c5cdbab04f250bbb9044a9ad4bd3622b2
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3372
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c8LKv%2FYsyzsTUyVKsm%2FNVc4LjnwMfWZqFHb7l%2FfxewiSNr5kRV7NK7Ge%2FWTSET%2Fy%2Bh4G46Zw0DUAV4ymn9rSqG1vjfQGDWShbQsm5yRdPMUs51w6eHpNtCf5e3IhbzZx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233893a848769e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c80d7ce8a9d3fba54855e05731db759c
d76293673a7aa2861b069ced614cdcdb84fed6d3
eabd1bfef29cad4045d688a909b9a8c88818d80bb432ce642d055583cf66d77d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9002
x-amzn-requestid: 0623931b-a4d6-49de-ba32-d071c08eddbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKoiGKRIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be36-1573e2e91c85617424db019f;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:50 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3kkSL0VcJl64iZ0TiKfOwK620pLX2CAVWqY1Bp2NhokTX0572t_nnQ==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:47 GMT
etag: "d76293673a7aa2861b069ced614cdcdb84fed6d3"
content-type: image/jpeg
age: 37556
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2054ae778a3079d8233ee33045127df6
927d5a375d9607b23caadae148566fdff10147b1
6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9034
x-amzn-requestid: ccfaad8d-c270-491f-b0fa-ac56fb1ba14e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVJ_G2doAMFXqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633268a6-1599ec83051ceef5038d1296;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:06:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: G--ubYYfq5CFGAZzorD-TAgKentdIyvzSjrvqjTf_yGWDvjwX75KHg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:21 GMT
age: 13582
etag: "927d5a375d9607b23caadae148566fdff10147b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg
34.120.237.76200 OK 3.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ac86079d2901fb11bfaff81d91bb2d2
4fc0699c763f67a2602b4b3f46b8b4013d2049c6
8c25b9129fc01f6ffad911994e91436ab0026ed0b54568757a20ab7f92584467
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3332
x-amzn-requestid: 34214e89-7232-4fd5-9257-adf231670681
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDb3vGkOIAMFVhg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63314031-3056111d48a5027a2062ad1b;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 06:01:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VosALWNOhCfUDfo2bXgYE0Cx2duyHRaLb5DCn9IydXtoIsYyg9vWhA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:49:13 GMT
age: 37050
etag: "4fc0699c763f67a2602b4b3f46b8b4013d2049c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
waisheph.com/?rb=VQW86SjHrvnPX6MB8tzqRgbXpwaAAckRnbGyQtKgXDnfnavW-MTj32c26A0jYNFJMEqx68LxP1eicuvNUP_KvvVCt52o0ByI8VGt0hn3SAgxWb0qu3GNW4-HHLb43IIrJUg9U9m67GSTU4w6xAA8iwt3T3R9gNt3OzsUmsZluWOyD4--UY08ah-hmZEkoCa8s1DBjBX0YNHvGsfW1zsh4ReF7eo%3D&request_ab2=0&zoneid=535061&js_build=iclick-v1.431.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.431.0&bs=54318339-a681-4569-8057-d4b320db4b09&userId=e5ks887023qy222304688q2q8hghd532&m=link
139.45.197.245200 OK 9.6 kB URL HTTP/2 waisheph.com/?rb=VQW86SjHrvnPX6MB8tzqRgbXpwaAAckRnbGyQtKgXDnfnavW-MTj32c26A0jYNFJMEqx68LxP1eicuvNUP_KvvVCt52o0ByI8VGt0hn3SAgxWb0qu3GNW4-HHLb43IIrJUg9U9m67GSTU4w6xAA8iwt3T3R9gNt3OzsUmsZluWOyD4--UY08ah-hmZEkoCa8s1DBjBX0YNHvGsfW1zsh4ReF7eo%3D&request_ab2=0&zoneid=535061&js_build=iclick-v1.431.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.431.0&bs=54318339-a681-4569-8057-d4b320db4b09&userId=e5ks887023qy222304688q2q8hghd532&m=link
IP 139.45.197.245:0
Hash 767cff5b17f43d82556221568892f951
1e151b758a0a2e5574f0e9879f5f6531a667507a
b99b2dc4de1ee33931433ead80292654ced5941b76dc1434fef64189ca7fe04a
GET /?rb=VQW86SjHrvnPX6MB8tzqRgbXpwaAAckRnbGyQtKgXDnfnavW-MTj32c26A0jYNFJMEqx68LxP1eicuvNUP_KvvVCt52o0ByI8VGt0hn3SAgxWb0qu3GNW4-HHLb43IIrJUg9U9m67GSTU4w6xAA8iwt3T3R9gNt3OzsUmsZluWOyD4--UY08ah-hmZEkoCa8s1DBjBX0YNHvGsfW1zsh4ReF7eo%3D&request_ab2=0&zoneid=535061&js_build=iclick-v1.431.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.431.0&bs=54318339-a681-4569-8057-d4b320db4b09&userId=e5ks887023qy222304688q2q8hghd532&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Cookie: OAID=3288da6e6e5e44a183f7a50d0fa23db5; oaidts=1664438802
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:43 GMT
content-type: application/json
x-trace-id: 6d3582450e0c3234bf28df78269beab1
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=e5ks887023qy222304688q2q8hghd532; expires=Fri, 29 Sep 2023 08:06:43 GMT; path=/; secure; SameSite=None
oaidts=1664438803; expires=Fri, 29 Sep 2023 08:06:43 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 06 Oct 2022 08:06:43 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14218a43c5e5bbce546735a780c8ccce
61676358cdbb2373bc644e66f8a84fbc8cc5daf6
905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VwWbbPJtnsSB1Y6riPtCZXX0Ocmxw024YRmlebWN1UQxZX3uvjsvOw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 05:41:14 GMT
age: 8729
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
goomaphy.com/500/4859604?excludes=&oaid=e5ks887023qy222304688q2q8hghd532&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 goomaphy.com/500/4859604?excludes=&oaid=e5ks887023qy222304688q2q8hghd532&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4859604?excludes=&oaid=e5ks887023qy222304688q2q8hghd532&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:43 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 12 kB IP 172.67.194.45:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Hash 38120dba8a1e6038d8b583e76c5ff38e
e1be4514faeaaab38c7311c15db593fed78efde7
7753037ea86e043518ef33e39ff5a57fefb6cfe3eabace8d113687dffa9addad
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 961
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ffOpW4rbukI1qS1kPwsGVa8nL1BmIq0GlxkRYDwA3PXYMlqWvZQ5ueOiZZe1oo0kCHKfPaHh%2BVQCoE60WDuOYu%2F%2FDrSovQOzfwsVXgqvV%2FGy1BYuokBsHpTcsqqbUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233894bb79b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
104.22.32.172200 OK 11 kB URL HTTP/2 offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
IP 104.22.32.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 96d73cf80f752e9319997c6e575c3b82
3dcf9d3b3e94698a842b1a98de17a02a8c3b4457
44dc0e0d92f12e669842f12722ca1a1848fb4be50deabd86c7d9deb64946db86
GET /www/images/96d73cf80f752e9319997c6e575c3b82.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:44 GMT
content-type: image/jpeg
content-length: 11449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "627e5574-2cb9"
expires: Fri, 30 Sep 2022 04:42:27 GMT
last-modified: Fri, 13 May 2022 12:56:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 12257
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7523389d2f7695eb-ARN
X-Firefox-Spdy: h2
goomaphy.com/impression/gyvbGpmpdYF2C4AyFisvSHb3Gev0BVy77I6SKP3-QhWCcGzXI3l6ox_2H6kLvIMG3hL18r4TW_aPYBUVTQ_jWe7hms640yIMdHTu7HD0R1T6732fH17kEgJNyioz16pGOkFH5GG-N2E-eZ58APJYRfEooLFaabvgCW4Umh_dcRAs3Nj7o-_ifZ285VynqK610TM5ai-J-i2_VER6mKUrmOl_zk6W5M-3RxQ_m799YR_zY50nEDvH8aA3h3FkUu_4lnoTQduZ-OReqWb47CGlfTUyrYgKYu9WI2GGzP6sEfWZukrmXRDHVodGmOHTq_l2WMJ_sVyx75PCnnv84zVaWiINeA-OTCtCBFOHay3K03EjmO7pCysD7pwr5r7wazR5JaaWeN3mHl2eWGsLx23z7BwtlHR-ZTQf1G1-lup0qC5SSF2g-LtADChwWqRZdUBKB5q-_brICCNy7eQ3lxekm0Sq2lE3DHbjeUU7ZmVtGylwzs_G5apC_RDc1g7MP_HJEvEguwc4OeDskCGH04TgRl4KjLI1wNFPar1GZFxFQNWrhgacMYyzfiL2w5bghPrMiYctCKgcZTnwz82dQG5j7YjjsXB1tf4e?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 goomaphy.com/impression/gyvbGpmpdYF2C4AyFisvSHb3Gev0BVy77I6SKP3-QhWCcGzXI3l6ox_2H6kLvIMG3hL18r4TW_aPYBUVTQ_jWe7hms640yIMdHTu7HD0R1T6732fH17kEgJNyioz16pGOkFH5GG-N2E-eZ58APJYRfEooLFaabvgCW4Umh_dcRAs3Nj7o-_ifZ285VynqK610TM5ai-J-i2_VER6mKUrmOl_zk6W5M-3RxQ_m799YR_zY50nEDvH8aA3h3FkUu_4lnoTQduZ-OReqWb47CGlfTUyrYgKYu9WI2GGzP6sEfWZukrmXRDHVodGmOHTq_l2WMJ_sVyx75PCnnv84zVaWiINeA-OTCtCBFOHay3K03EjmO7pCysD7pwr5r7wazR5JaaWeN3mHl2eWGsLx23z7BwtlHR-ZTQf1G1-lup0qC5SSF2g-LtADChwWqRZdUBKB5q-_brICCNy7eQ3lxekm0Sq2lE3DHbjeUU7ZmVtGylwzs_G5apC_RDc1g7MP_HJEvEguwc4OeDskCGH04TgRl4KjLI1wNFPar1GZFxFQNWrhgacMYyzfiL2w5bghPrMiYctCKgcZTnwz82dQG5j7YjjsXB1tf4e?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/gyvbGpmpdYF2C4AyFisvSHb3Gev0BVy77I6SKP3-QhWCcGzXI3l6ox_2H6kLvIMG3hL18r4TW_aPYBUVTQ_jWe7hms640yIMdHTu7HD0R1T6732fH17kEgJNyioz16pGOkFH5GG-N2E-eZ58APJYRfEooLFaabvgCW4Umh_dcRAs3Nj7o-_ifZ285VynqK610TM5ai-J-i2_VER6mKUrmOl_zk6W5M-3RxQ_m799YR_zY50nEDvH8aA3h3FkUu_4lnoTQduZ-OReqWb47CGlfTUyrYgKYu9WI2GGzP6sEfWZukrmXRDHVodGmOHTq_l2WMJ_sVyx75PCnnv84zVaWiINeA-OTCtCBFOHay3K03EjmO7pCysD7pwr5r7wazR5JaaWeN3mHl2eWGsLx23z7BwtlHR-ZTQf1G1-lup0qC5SSF2g-LtADChwWqRZdUBKB5q-_brICCNy7eQ3lxekm0Sq2lE3DHbjeUU7ZmVtGylwzs_G5apC_RDc1g7MP_HJEvEguwc4OeDskCGH04TgRl4KjLI1wNFPar1GZFxFQNWrhgacMYyzfiL2w5bghPrMiYctCKgcZTnwz82dQG5j7YjjsXB1tf4e?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=e5ks887023qy222304688q2q8hghd532
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:47 GMT
content-type: image/gif
content-length: 43
x-trace-id: 57747d2ead367eddd97f0c4b91a84c7b
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3e9d3eab1fba386c4fdf3af9a757cfa9
b50127a1072c95ed71110b07dd58eab72747e6f8
869e09d135cff97a1073e32fa1808d0068195421369d138ad6bba86cfef18091
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3e9d3eab1fba386c4fdf3af9a757cfa9
b50127a1072c95ed71110b07dd58eab72747e6f8
869e09d135cff97a1073e32fa1808d0068195421369d138ad6bba86cfef18091
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
216.58.211.10200 OK 17 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP 216.58.211.10:0
Hash 49dcb3f23a58f998f11d8c2ca1b90a68
0aee92fad52d2f03484a134901a90260af43e913
92223ea8fd1122967d4b3adaec6c401be4ab899e973ed13fb3fb90520cdefcfa
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 08:06:48 GMT
date: Thu, 29 Sep 2022 08:06:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 45160
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
goomaphy.com/401/4859604
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4859604 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: application/javascript
x-trace-id: 1657989a0589c65462d13f7beaf25cb1
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7413fa588a28406dbbe4db598bb06333; expires=Fri, 29 Sep 2023 08:06:42 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: text/plain
set-cookie: csu=953524653428595@1@1664438802; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FoMSiAElnR1Fk5H4lh5FwAeZDBB%2BX7WCSdjRbzDHqyWUKSSJfZFieab4r1l2%2BlaBEPAwMQMfn6np5%2BPBVhUezbiX%2FpfI9eiqHQ2u1Fz27PBMiUvwcyqg4Q1Xl0Ah63oI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338947939769e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
goomaphy.com/500/4859604?excludes=&oaid=e5ks887023qy222304688q2q8hghd532&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 goomaphy.com/500/4859604?excludes=&oaid=e5ks887023qy222304688q2q8hghd532&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4859604?excludes=&oaid=e5ks887023qy222304688q2q8hghd532&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fjme7cf0y3elu%2FHoward%2520the%2520Duck%2520027-033%2520%2B%2520Annual%2520(1977-1979).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=7413fa588a28406dbbe4db598bb06333
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:43 GMT
content-type: application/javascript
x-trace-id: b7c9d0ccbae10e8b7505d490d2887d57
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://userscloud.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=e5ks887023qy222304688q2q8hghd532; expires=Fri, 29 Sep 2023 08:06:43 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=2582807
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/1?z=2582807
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=2582807 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 28c3cb5f8fdcccb9103e1321870884c2
access-control-expose-headers: X-Sc
x-sc: 0F3eTZW24Z_kGls_oFB2AMjllkZ-k7QOu5gnTYklR30ALbs0XiCqh8EIenl4cTESXlruEZKzDCtt1iZstpmLrzwwAv4=
set-cookie: scm=1; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None
OAID=42b1c6f6a4854f21bac19ec85f110e6b; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None
oaidts=1664438802; expires=Fri, 29 Sep 2023 08:06:42 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:42 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3372
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qkq8VKfr7RfY%2BcbU9mbECwsnLOiixXAnYgxuUU4gAHemHK0hil7447PX84dstf3SlNyxbvL4VGSab5WEbFE2WBJac9LCEb98LsjBKsGOBsWtPZl0m8cFtPwa7ypluHwO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233893a843769e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2