userscloud.com/9ak8cernw75n
172.67.207.105301 Moved Permanently 0 B URL HTTP/1.1 userscloud.com/9ak8cernw75n
IP 172.67.207.105:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /9ak8cernw75n HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Dec 2022 20:42:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 07 Dec 2022 21:42:14 GMT
Location: https://userscloud.com/9ak8cernw75n
Server-Timing: cf-q-config;dur=7.9999954323284e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LOL8WUGm64YANJjoMynOBeS5OreX4gO%2FQlF7D7YnQXx6nwGvIwBpgfi17DMdNfMu%2Fwxd57GxLWjgD4mcQP9fgbvAFulb2nuzMr05hrQjpyDef3%2Bv6DWRagdA2dLwppWrpA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77601631eb44b529-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15755
Expires: Thu, 08 Dec 2022 01:04:49 GMT
Date: Wed, 07 Dec 2022 20:42:14 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21049
Expires: Thu, 08 Dec 2022 02:33:03 GMT
Date: Wed, 07 Dec 2022 20:42:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 20:08:05 GMT
content-type: application/json
age: 2049
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11696
Expires: Wed, 07 Dec 2022 23:57:10 GMT
Date: Wed, 07 Dec 2022 20:42:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: sCByT8i+idnZma6iWkwg71zKmFyqqCxD8Pyfg4tKXwZYXf0Fl8y1qTNEiOsDaRNBxy5Mpy3thgQ=
x-amz-request-id: K6B2MBM1P2ZFS6SH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 19:47:38 GMT
age: 3276
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 03e97e6d56b8437cb2ce28fbcd46b818
ca4fd273602750a577243698e5b351dbfef328bb
1d11021aaca027f90e7532d75bb77baeca067026ac5637787223066fdaab8949
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1523
Cache-Control: max-age=95524
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:14 GMT
Etag: "638fc6d7-117"
Expires: Thu, 08 Dec 2022 23:14:18 GMT
Last-Modified: Tue, 06 Dec 2022 22:48:55 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 20:42:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 20:07:55 GMT
age: 2060
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3599
Cache-Control: max-age=134674
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:15 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:06:49 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.41.253.170101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.253.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5ZwS9ry9d3mA6aPSlnXMAg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5v0EHUcJNTp7KEG4152+WyRVkxU=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 03e97e6d56b8437cb2ce28fbcd46b818
ca4fd273602750a577243698e5b351dbfef328bb
1d11021aaca027f90e7532d75bb77baeca067026ac5637787223066fdaab8949
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1525
Cache-Control: max-age=95524
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:16 GMT
Etag: "638fc6d7-117"
Expires: Thu, 08 Dec 2022 23:14:20 GMT
Last-Modified: Tue, 06 Dec 2022 22:48:55 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 6.0 kB IP 93.184.220.29:0
Hash cd302e9e1adf047093a3c39fa80eb375
8bbd59c435acf4d71d823911c36cf40ddf9aaae5
5b6f2d72f050a8a2c7e1aee08430153b8bc9057f7aceb6ebd624f1ab64ca2408
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3025
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:16 GMT
Last-Modified: Wed, 07 Dec 2022 19:51:51 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.57.101200 OK 12 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.57.101:0
Hash 0ebe8e860e91f68889a0028c5b8f7e59
941e4c3994f1b67376f722ab9e3fa5202658463a
2d69917e16a2705f28599bc5dc3984453abab520bdb61f7832f0c1bfb8462d26
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 20:42:16 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760163d58bcb505-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 18 kB IP 142.250.74.131:0
Hash 1701804f83a06cadcd6c73bb01215a43
587a56daaf1a0967fe9d75614892551b51844a67
30200d2ce847eb7b48d9810fcef94594667b8211fd5fbe0e7b1842a2a2a5d293
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
userscloud.com/9ak8cernw75n
104.21.69.102200 OK 150 kB URL HTTP/2 userscloud.com/9ak8cernw75n
IP 104.21.69.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (50438)
Size 150 kB (150349 bytes)
Hash 78b27adfe0fffdbaa92df03af2028a5a
2f0bc3e5ca3462ea81983b381d001c8a46a0a47a
9b5a8d55534d58f043460d1e98175a85402220b60efaa0a12ab73f05db0f3e3f
GET /9ak8cernw75n HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 07 Dec 2022 20:42:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=0;includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Tue, 06 Dec 2022 20:42:16 GMT
set-cookie: lang=english; domain=.userscloud.com; path=/
aff=372357; domain=.userscloud.com; path=/; expires=Wed, 21-Dec-2022 20:42:16 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QTqlqSEde%2Bnx%2F%2FshRJLF44IG09Jq08YxQOi9hTeM3CxU%2BtS0%2Fiwr%2B4UZtlsONPdB5DI5pa%2B7ps9sd6clNDXT%2BcmaU5967e7Iyr9IudTbbabK9Z%2FuU3dWfwn1acfUYiyELw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77601633eff90afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
godpvqnszo.com/get/1955146?zoneid=1955146&jp=_cl45gt5blmgrqvqm3vpk5t&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6864873772833326
62.122.171.6200 OK 1.8 kB URL HTTP/2 godpvqnszo.com/get/1955146?zoneid=1955146&jp=_cl45gt5blmgrqvqm3vpk5t&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6864873772833326
IP 62.122.171.6:0
Hash 5b8ac2f9f2dc9a99411c5a12333150ec
397f25903a58b75b63a4ad9ece71e119935b65e0
01afd2ab5bfda6a059fd2134c089ee0ecb21355b94f43a2f2f92fd0951d354c4
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1955146?zoneid=1955146&jp=_cl45gt5blmgrqvqm3vpk5t&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6864873772833326 HTTP/1.1
Host: godpvqnszo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 20:42:16 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=221207154208b2f6074bfb40fa9e4771f206; Path=/; Expires=Thu, 07 Dec 2023 20:42:16 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 142.250.74.131:0
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5931
Expires: Wed, 07 Dec 2022 22:21:07 GMT
Date: Wed, 07 Dec 2022 20:42:16 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5931
Expires: Wed, 07 Dec 2022 22:21:07 GMT
Date: Wed, 07 Dec 2022 20:42:16 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 142.250.74.131:0
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5931
Expires: Wed, 07 Dec 2022 22:21:07 GMT
Date: Wed, 07 Dec 2022 20:42:16 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10060
Expires: Wed, 07 Dec 2022 23:29:57 GMT
Date: Wed, 07 Dec 2022 20:42:17 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 142.250.74.131:0
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10060
Expires: Wed, 07 Dec 2022 23:29:57 GMT
Date: Wed, 07 Dec 2022 20:42:17 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10060
Expires: Wed, 07 Dec 2022 23:29:57 GMT
Date: Wed, 07 Dec 2022 20:42:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 604a4132da78a0c013b5818644adb121
ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566
eecab519c33596c67f2d2021dfd1af24e7fd8f2ed403f99b4ba0c265c08a259f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8701
x-amzn-requestid: 653284c3-ee7f-45f1-9513-3a6c81e1d6e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cm3-2HRWIAMFjfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c39f8-6f8969a26787a9463ba6c2ec;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 06:11:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cmRvAOLmk_xZC4RKdin-lozUNeK9-icqkzsQmSjP9scXnnCLxkvJ5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:01:53 GMT
age: 81624
etag: "ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:32:51 GMT
age: 43766
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19ffa93b-2002-4f40-ab8b-aa163e9b5939.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19ffa93b-2002-4f40-ab8b-aa163e9b5939.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 535710165275856757bd7d1689f79de3
d51162b7fcba50022482b7130a556f3a7dfe822f
c93e2df13b78cd4b718eb4fe3fe70a9d6d12fd0a0d7f505219ec0d5e6a70653c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19ffa93b-2002-4f40-ab8b-aa163e9b5939.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6186
x-amzn-requestid: 53d1d373-ff6c-4c59-bdeb-fff592bca586
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUsyGOEIAMFwfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e67eb-0156077b52dc07fb124c087b;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:51:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KkP8o_5GoqAukEAUkPrvsHE0v_36vO0wI7_97kvnUkqYc4ziC7UPpw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 16:47:32 GMT
age: 14085
etag: "d51162b7fcba50022482b7130a556f3a7dfe822f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b92721cbe24623f1713a5248d6a7c1b2
3628390c62642dcc375b28f58c9b48180c4abd73
37d0451c03bc7cf0253aba6d3204cbf38502692a0fbc751a3ead01b07e9a65d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9613
x-amzn-requestid: 31270e51-34df-4980-9221-e21a5521b3de
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clZQYHzvoAMFvdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ba268-509300b867fcbfb71a7cf6ad;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 19:24:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Xk1sLSRBl1t872eGrnw1dVjQO7XvAM4NDFd5Y0wKjdvkKtaqDneEKg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:01:54 GMT
age: 81623
etag: "3628390c62642dcc375b28f58c9b48180c4abd73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7ee62c5e846e8ad4808f4724f15146d
6d55b299f906908309f91eaf0a720ad65866db04
0d8f51d6f7f3bad4bb9d9c3000999739147f6dd718b290b0dca71a4cba85cb38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6846
x-amzn-requestid: 53452103-6559-460c-ac40-4685e6816aa4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGx4E-mIAMFatg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a5-5327ec9a2f247cc91654df80;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fo3lMa6shsclTxMwkqU7b-FdfADL1J2vHt8BNpEImo0gsmmI01BNTQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 06:31:28 GMT
age: 51049
etag: "6d55b299f906908309f91eaf0a720ad65866db04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 20:49:34 GMT
age: 85963
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5930
Expires: Wed, 07 Dec 2022 22:21:07 GMT
Date: Wed, 07 Dec 2022 20:42:17 GMT
Connection: keep-alive
thethesmahat.com/MU8ySG8ecFE7UmYbWjkKXDdaCSlBC2QPV3sXdzA5UB5wGzxnfxQ8BlVyBXhXAXoAbh9YKw96Vhc8RikbRDwPeUlYIVQnUhc5D3lBAWEEeEEAaUd1Xhc7QikIDH4UOBtFIw95WQZ/BnxaBnwEfF4D
104.21.34.106204 No Content 0 B URL HTTP/2 thethesmahat.com/MU8ySG8ecFE7UmYbWjkKXDdaCSlBC2QPV3sXdzA5UB5wGzxnfxQ8BlVyBXhXAXoAbh9YKw96Vhc8RikbRDwPeUlYIVQnUhc5D3lBAWEEeEEAaUd1Xhc7QikIDH4UOBtFIw95WQZ/BnxaBnwEfF4D
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MU8ySG8ecFE7UmYbWjkKXDdaCSlBC2QPV3sXdzA5UB5wGzxnfxQ8BlVyBXhXAXoAbh9YKw96Vhc8RikbRDwPeUlYIVQnUhc5D3lBAWEEeEEAaUd1Xhc7QikIDH4UOBtFIw95WQZ/BnxaBnwEfF4D HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 20:42:17 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjKGtkT1AFvopPQtdfLGcpJvnZ5kR7hgERpN5x%2BKVnn7SZb0G6BZw7cynLBJTFgHzgYA3Iz62cx8a0msetazGBFble8r416vGGwytQDci1MZT%2B9rqWjfgvNaCjaI31JmKiVM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760163ffa0db503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thethesmahat.com/ZlR3cGtJaxQDVjw5AyQ5CBoiJ1kCLiUcIQAOREUjPjgPHA9WBVEEAgJpT0FdX2NEVhsPMEpCUkAnAxEfEydKQU0POhEfVkAiSkFFVnpBQEVXcgJNWkAgBxEMW2VRAB8SOEpBXVFkQ0ReUWdBRFlR
104.21.34.106204 No Content 0 B URL HTTP/2 thethesmahat.com/ZlR3cGtJaxQDVjw5AyQ5CBoiJ1kCLiUcIQAOREUjPjgPHA9WBVEEAgJpT0FdX2NEVhsPMEpCUkAnAxEfEydKQU0POhEfVkAiSkFFVnpBQEVXcgJNWkAgBxEMW2VRAB8SOEpBXVFkQ0ReUWdBRFlR
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZlR3cGtJaxQDVjw5AyQ5CBoiJ1kCLiUcIQAOREUjPjgPHA9WBVEEAgJpT0FdX2NEVhsPMEpCUkAnAxEfEydKQU0POhEfVkAiSkFFVnpBQEVXcgJNWkAgBxEMW2VRAB8SOEpBXVFkQ0ReUWdBRFlR HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 20:42:17 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qe77%2BhCUCilswL%2FWVRDK%2FACaZsTHNdaxpgkjqjW6hSTblqcFRaZCgt5HgmrVHRg%2FB5SbLlpQteVwnsQhAo3S01NjKl86S7upLeAoqVbXIlse5rYDa%2B7PjokR64HtOlVHbqhK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776016403a8bb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uthecrimorew.com/utx?cb=HzQcVXfH47Lc&top=userscloud.com&tid=816973
18.66.15.61204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=HzQcVXfH47Lc&top=userscloud.com&tid=816973
IP 18.66.15.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=HzQcVXfH47Lc&top=userscloud.com&tid=816973 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 20:42:17 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 20:43:17 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: mOu2WCEv6nhai-shcqZHCthAJCPsTsEASNw4rGG0G5gvru-LO8bPHw==
X-Firefox-Spdy: h2
uthecrimorew.com/Q1pVSjgiODYnByJnN2xNMTZobwoFf2cMXHEwMjoAcjc/PV8kIydkWy81IC5eMTU7PhYtPyFvCgUSAQ5uOwkSOU4UMm0/bgcyNgxgFT4zC24APxNzSRstHCR6Fy0cBEIoNjAfCC0YFCVJFAkYImARMgYcQjQIHgtQATgyKUwUIg97bBA2Nw9WFTs0JmkVETkQDAYtAH56ADkcAnwkPB4heQAWFD0AF2s2c3stHAwCUgoZHAxTEjgDIXMCHGx+bC1uEx1sexkcJn0mCi0iSAFqECdwcTEdG2AvOAwtbhY/LCZIAWoQbwoFGzwDfBENZBN8KxgRL3oNbBQcFRFtHh1TCwsBJVwiCww9XRUuYA0IBTIBJAwFHDx6cQlrJR9dKmtweHoBDxd+b3BqExt/cgAzDHUaFTJ+SRQ9OT5vEjUQG2ByHDMIdQY+AyUeKSk6JEh+HCQEDTsMGSteLwg8fGwk
18.66.15.61200 OK 35 kB URL HTTP/2 uthecrimorew.com/Q1pVSjgiODYnByJnN2xNMTZobwoFf2cMXHEwMjoAcjc/PV8kIydkWy81IC5eMTU7PhYtPyFvCgUSAQ5uOwkSOU4UMm0/bgcyNgxgFT4zC24APxNzSRstHCR6Fy0cBEIoNjAfCC0YFCVJFAkYImARMgYcQjQIHgtQATgyKUwUIg97bBA2Nw9WFTs0JmkVETkQDAYtAH56ADkcAnwkPB4heQAWFD0AF2s2c3stHAwCUgoZHAxTEjgDIXMCHGx+bC1uEx1sexkcJn0mCi0iSAFqECdwcTEdG2AvOAwtbhY/LCZIAWoQbwoFGzwDfBENZBN8KxgRL3oNbBQcFRFtHh1TCwsBJVwiCww9XRUuYA0IBTIBJAwFHDx6cQlrJR9dKmtweHoBDxd+b3BqExt/cgAzDHUaFTJ+SRQ9OT5vEjUQG2ByHDMIdQY+AyUeKSk6JEh+HCQEDTsMGSteLwg8fGwk
IP 18.66.15.61:0
Hash c76ff2654ad90fa0a6564b0b77475684
3c96d45340a37221e5334781f2b185ab625c61e0
d9f8906c66005c2b63c982ad5fe46fd952a02412610945152170c74e25065506
GET /Q1pVSjgiODYnByJnN2xNMTZobwoFf2cMXHEwMjoAcjc/PV8kIydkWy81IC5eMTU7PhYtPyFvCgUSAQ5uOwkSOU4UMm0/bgcyNgxgFT4zC24APxNzSRstHCR6Fy0cBEIoNjAfCC0YFCVJFAkYImARMgYcQjQIHgtQATgyKUwUIg97bBA2Nw9WFTs0JmkVETkQDAYtAH56ADkcAnwkPB4heQAWFD0AF2s2c3stHAwCUgoZHAxTEjgDIXMCHGx+bC1uEx1sexkcJn0mCi0iSAFqECdwcTEdG2AvOAwtbhY/LCZIAWoQbwoFGzwDfBENZBN8KxgRL3oNbBQcFRFtHh1TCwsBJVwiCww9XRUuYA0IBTIBJAwFHDx6cQlrJR9dKmtweHoBDxd+b3BqExt/cgAzDHUaFTJ+SRQ9OT5vEjUQG2ByHDMIdQY+AyUeKSk6JEh+HCQEDTsMGSteLwg8fGwk HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1199
date: Wed, 07 Dec 2022 20:42:17 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: SDkPvOWTDrDcIA_KGs8A6izYJNLloJa7-RdHAmttcIQL1snmnPt4aw==
X-Firefox-Spdy: h2
uthecrimorew.com/utx?cb=e7VLnpWO5JUu&top=userscloud.com&tid=708052
18.66.15.61204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=e7VLnpWO5JUu&top=userscloud.com&tid=708052
IP 18.66.15.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=e7VLnpWO5JUu&top=userscloud.com&tid=708052 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 20:42:17 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 20:43:17 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: ityavKjDDgwq_Xip8NyM5PnVwm3kZPAA6FAfIG3BqBqBv_VMDK4GKQ==
X-Firefox-Spdy: h2
uthecrimorew.com/VW5Xblc0DDQDaDRTNUgiJwJqS2UTS2UoM2cEMB5vZAM9GTAyFyVANDkBIgoxJwE5Gnk7CyNLZRM2MyoCZCASXg8CAiM9NDIsNDsGOV8FPxoYL2RbBA1eDQweIj8eOTAMDBopFTQ2PV8VAgNuCRg5JBU6ZhcZBSwZDzgEIwMWLBk8Hi0NHiwVHB0SKDQcLxAdFgc4Jwg0FwIRPwEcWhVfEQY8EwoEBCgGJB4XGgc2ETIGETwWHQ05BjYXPBYpMQMWFDYROh4QXh0SKw9XEgJeEjwxZT8SLAUlVwI/DWYrD1cSBAIvDzJlLwYsOQ8BBQkBGy85AgUXAHoNBTNeBSYGLShyXBUbPwYoFgIgEiYVFCkxPBkEODtWPgA/MxQVO18RLAYAKDE7AgQsID8lHTszPwI8JxorFjEXMSsGFCkgPCUUPzArcT8dOAAnaAFlOBMAAT0eYjo0Axk
18.66.15.61200 OK 1.2 kB URL HTTP/2 uthecrimorew.com/VW5Xblc0DDQDaDRTNUgiJwJqS2UTS2UoM2cEMB5vZAM9GTAyFyVANDkBIgoxJwE5Gnk7CyNLZRM2MyoCZCASXg8CAiM9NDIsNDsGOV8FPxoYL2RbBA1eDQweIj8eOTAMDBopFTQ2PV8VAgNuCRg5JBU6ZhcZBSwZDzgEIwMWLBk8Hi0NHiwVHB0SKDQcLxAdFgc4Jwg0FwIRPwEcWhVfEQY8EwoEBCgGJB4XGgc2ETIGETwWHQ05BjYXPBYpMQMWFDYROh4QXh0SKw9XEgJeEjwxZT8SLAUlVwI/DWYrD1cSBAIvDzJlLwYsOQ8BBQkBGy85AgUXAHoNBTNeBSYGLShyXBUbPwYoFgIgEiYVFCkxPBkEODtWPgA/MxQVO18RLAYAKDE7AgQsID8lHTszPwI8JxorFjEXMSsGFCkgPCUUPzArcT8dOAAnaAFlOBMAAT0eYjo0Axk
IP 18.66.15.61:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash 01b509d6f489dd4417209a2d3de1546a
6c71f3801943d29d23f97f62fa7fb150a58c81eb
83272c7751a3ba937f76bf2576ac81539764d3c9eaff4f292dfe861ff46b7983
GET /VW5Xblc0DDQDaDRTNUgiJwJqS2UTS2UoM2cEMB5vZAM9GTAyFyVANDkBIgoxJwE5Gnk7CyNLZRM2MyoCZCASXg8CAiM9NDIsNDsGOV8FPxoYL2RbBA1eDQweIj8eOTAMDBopFTQ2PV8VAgNuCRg5JBU6ZhcZBSwZDzgEIwMWLBk8Hi0NHiwVHB0SKDQcLxAdFgc4Jwg0FwIRPwEcWhVfEQY8EwoEBCgGJB4XGgc2ETIGETwWHQ05BjYXPBYpMQMWFDYROh4QXh0SKw9XEgJeEjwxZT8SLAUlVwI/DWYrD1cSBAIvDzJlLwYsOQ8BBQkBGy85AgUXAHoNBTNeBSYGLShyXBUbPwYoFgIgEiYVFCkxPBkEODtWPgA/MxQVO18RLAYAKDE7AgQsID8lHTszPwI8JxorFjEXMSsGFCkgPCUUPzArcT8dOAAnaAFlOBMAAT0eYjo0Axk HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Wed, 07 Dec 2022 20:42:17 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: pWir2K74va2tDYrwQdMegyOKgRY7Ae2d65Lz1xKeVwzHO2XM6wkHHA==
X-Firefox-Spdy: h2
uthecrimorew.com/M2ZrN1FSBAhablJbCREkQQpWEmN1Q1lxNQEMDEdpAgsBQDZUHxkZMl8JHlM3QQkFQ39dAx8SY3UXCm85YCgjWBp1HBNkA2FWOXk2Xyg8YhNaJz5fAXYPLVUXcQotdQcLPCpAEHo8OWE3dg4HDhR3Dg59OgcDPXI5AzEpRBl7VFNkGUQFCVUmZQUodSZEJT4CAXclIVUUZTc9fjpyBSN2IgEzHFgFaw8PYQNENzN8FwMxKWU9ACQBTzJlCyJlAnUKOn0HAzMvZTJfNFoOM2AiE3YJAhIibiZhMzxhYFsCBw4zYCU9Uxd1XyZTJlBSP3IhWjIuTzVrMUZxY2tXH34YdiwNYDtfDClyaHs1I0QDYCAAUR8CBTl1PQIBCFw5aTU8fhRgVwd9NUQ8IHMpdgE+ZSZ0JyNUFmMgA34LSxYgYyYCEClmd1kVBFkhDjEAVDtLPDpYZ1ktIl0A
18.66.15.61200 OK 1.2 kB URL HTTP/2 uthecrimorew.com/M2ZrN1FSBAhablJbCREkQQpWEmN1Q1lxNQEMDEdpAgsBQDZUHxkZMl8JHlM3QQkFQ39dAx8SY3UXCm85YCgjWBp1HBNkA2FWOXk2Xyg8YhNaJz5fAXYPLVUXcQotdQcLPCpAEHo8OWE3dg4HDhR3Dg59OgcDPXI5AzEpRBl7VFNkGUQFCVUmZQUodSZEJT4CAXclIVUUZTc9fjpyBSN2IgEzHFgFaw8PYQNENzN8FwMxKWU9ACQBTzJlCyJlAnUKOn0HAzMvZTJfNFoOM2AiE3YJAhIibiZhMzxhYFsCBw4zYCU9Uxd1XyZTJlBSP3IhWjIuTzVrMUZxY2tXH34YdiwNYDtfDClyaHs1I0QDYCAAUR8CBTl1PQIBCFw5aTU8fhRgVwd9NUQ8IHMpdgE+ZSZ0JyNUFmMgA34LSxYgYyYCEClmd1kVBFkhDjEAVDtLPDpYZ1ktIl0A
IP 18.66.15.61:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 5ecba73421001cb64b34a82060bd0658
8053c5897fd4d5fd50fb6803b3457ebeebfdb4c8
e10908a02dcc175553b132862419a23e55a40ff684afa88677ff157686d59854
GET /M2ZrN1FSBAhablJbCREkQQpWEmN1Q1lxNQEMDEdpAgsBQDZUHxkZMl8JHlM3QQkFQ39dAx8SY3UXCm85YCgjWBp1HBNkA2FWOXk2Xyg8YhNaJz5fAXYPLVUXcQotdQcLPCpAEHo8OWE3dg4HDhR3Dg59OgcDPXI5AzEpRBl7VFNkGUQFCVUmZQUodSZEJT4CAXclIVUUZTc9fjpyBSN2IgEzHFgFaw8PYQNENzN8FwMxKWU9ACQBTzJlCyJlAnUKOn0HAzMvZTJfNFoOM2AiE3YJAhIibiZhMzxhYFsCBw4zYCU9Uxd1XyZTJlBSP3IhWjIuTzVrMUZxY2tXH34YdiwNYDtfDClyaHs1I0QDYCAAUR8CBTl1PQIBCFw5aTU8fhRgVwd9NUQ8IHMpdgE+ZSZ0JyNUFmMgA34LSxYgYyYCEClmd1kVBFkhDjEAVDtLPDpYZ1ktIl0A HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Wed, 07 Dec 2022 20:42:17 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: yjy3eSpmjNHOJilgevlO54pTY1DMN3EEUOs4FbXc-78GkoAoJsaHEQ==
X-Firefox-Spdy: h2
thethesmahat.com/UEJ3UVN/fRQibjMvQysBYHcxBjQCNRIUATMAGRNhAXMAEjA+elElOjR/QWFjY3JDdyM5JkpgdSM2FiUmI39Gdzo+JBhsdSZ/Rn9gZGxEYH1hZAJsYnY2BzA0bXNRISckLkpgZWdyQ2VmZ3FBYmpg
104.21.34.106204 No Content 0 B URL HTTP/2 thethesmahat.com/UEJ3UVN/fRQibjMvQysBYHcxBjQCNRIUATMAGRNhAXMAEjA+elElOjR/QWFjY3JDdyM5JkpgdSM2FiUmI39Gdzo+JBhsdSZ/Rn9gZGxEYH1hZAJsYnY2BzA0bXNRISckLkpgZWdyQ2VmZ3FBYmpg
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UEJ3UVN/fRQibjMvQysBYHcxBjQCNRIUATMAGRNhAXMAEjA+elElOjR/QWFjY3JDdyM5JkpgdSM2FiUmI39Gdzo+JBhsdSZ/Rn9gZGxEYH1hZAJsYnY2BzA0bXNRISckLkpgZWdyQ2VmZ3FBYmpg HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 20:42:17 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNbrE4n5nmIGJShVOoDjtpCxctXZAKOYyEBdOTYzMmkGUo0%2BpxmVEFTuLeDL9sF4yF8svJhkKv40pQwvd2vSJMW%2B7xaZj9Rlf8WiNzvkVRdXDmmQDL9IqR5RCMQYPYzGwyCH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776016408b57b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uthecrimorew.com/utx?cb=boIbc2n9gzC7&top=userscloud.com&tid=600304
18.66.15.61204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=boIbc2n9gzC7&top=userscloud.com&tid=600304
IP 18.66.15.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=boIbc2n9gzC7&top=userscloud.com&tid=600304 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 20:42:17 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 20:43:17 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: YMo1dreaEgrF4V0t27NZ4drYyxHgv4jLU_p9WhCrpUfmi8YEkL02gg==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 142.250.74.131:0
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d2jgp81mjwggyr.cloudfront.net/qaXhSNHoKFzxSRR0RNglNWUBiAUhPEiFbFBlFBV8ZAwAIZRVfEhl9EDheJk4eVEh0WBsHH28SHwcbbwVcCBwwCU5PDCJbEVQVIkAcHAs2UwoTXidVRwQXKF0WBRl3BjxcVmIRSFlQJV0UDRclR19bSDxAX1tIYwRUWV1hdl9bSCVdFF9Mdwc4TEpiTExdXW-F2X1tIIEJfWjljBE9HSHsRSFkfN1cRBl1gckhZSWIES1lJdwZKDxEgURwGAHcGPFhIZxpKTw1vBQ
143.204.42.124200 OK 454 B URL HTTP/2 d2jgp81mjwggyr.cloudfront.net/qaXhSNHoKFzxSRR0RNglNWUBiAUhPEiFbFBlFBV8ZAwAIZRVfEhl9EDheJk4eVEh0WBsHH28SHwcbbwVcCBwwCU5PDCJbEVQVIkAcHAs2UwoTXidVRwQXKF0WBRl3BjxcVmIRSFlQJV0UDRclR19bSDxAX1tIYwRUWV1hdl9bSCVdFF9Mdwc4TEpiTExdXW-F2X1tIIEJfWjljBE9HSHsRSFkfN1cRBl1gckhZSWIES1lJdwZKDxEgURwGAHcGPFhIZxpKTw1vBQ
IP 143.204.42.124:0
File type ASCII text, with very long lines (594), with no line terminators
Hash c595212230e3f0c9b15322c114d27189
2c172f8a916ff4c83bbe6e9a685dd8d062c0594d
48cd3f2ef5257564c6feb40878bb25cae046c16c764e853bf6fd07c497a578d6
GET /qaXhSNHoKFzxSRR0RNglNWUBiAUhPEiFbFBlFBV8ZAwAIZRVfEhl9EDheJk4eVEh0WBsHH28SHwcbbwVcCBwwCU5PDCJbEVQVIkAcHAs2UwoTXidVRwQXKF0WBRl3BjxcVmIRSFlQJV0UDRclR19bSDxAX1tIYwRUWV1hdl9bSCVdFF9Mdwc4TEpiTExdXW-F2X1tIIEJfWjljBE9HSHsRSFkfN1cRBl1gckhZSWIES1lJdwZKDxEgURwGAHcGPFhIZxpKTw1vBQ HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uthecrimorew.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 454
date: Wed, 07 Dec 2022 20:42:17 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 04pSzCIqOkvFT6B-OKAcr97JaFM5ecYylHLQ5NBRKMzST0hhBYrU3A==
X-Firefox-Spdy: h2
d2jgp81mjwggyr.cloudfront.net/HTDVxSGsvWh8uVDhcFXVdfAVCeF9qXwInBTwINzkleU0nBAoqWSMhXRhSVzwRKAhBbgctWxZ1TSlbEnVaalQVKlZ4EwU4BCcIHDgfKkACLAw8T1c9CnFYHjICIFkQbVkKAF94Tn4FWT8CIlEePxhpB0EmH2kHQXlbYgVUeylpB0E/AiIDRW1YDhBDeBN6AV-R7KWkHQTodaQYweVt5G0FhTn4FFi0IJ1pUei1+BUB4W30FQG1ZfFMYOg4qWgltWQoEQX1FfBMEdVo
143.204.42.124200 OK 761 B URL HTTP/2 d2jgp81mjwggyr.cloudfront.net/HTDVxSGsvWh8uVDhcFXVdfAVCeF9qXwInBTwINzkleU0nBAoqWSMhXRhSVzwRKAhBbgctWxZ1TSlbEnVaalQVKlZ4EwU4BCcIHDgfKkACLAw8T1c9CnFYHjICIFkQbVkKAF94Tn4FWT8CIlEePxhpB0EmH2kHQXlbYgVUeylpB0E/AiIDRW1YDhBDeBN6AV-R7KWkHQTodaQYweVt5G0FhTn4FFi0IJ1pUei1+BUB4W30FQG1ZfFMYOg4qWgltWQoEQX1FfBMEdVo
IP 143.204.42.124:0
File type ASCII text, with very long lines (1099), with no line terminators
Hash a50fa6e08254e1b7501838746bf3f443
f0da3e6825b0e7cc44e53aaa8ef2c5639f7ce164
b4ae40e7b44bcf4ce3bc6475b7dc4622d088dd18965ebe7e49da3573aad3ac35
GET /HTDVxSGsvWh8uVDhcFXVdfAVCeF9qXwInBTwINzkleU0nBAoqWSMhXRhSVzwRKAhBbgctWxZ1TSlbEnVaalQVKlZ4EwU4BCcIHDgfKkACLAw8T1c9CnFYHjICIFkQbVkKAF94Tn4FWT8CIlEePxhpB0EmH2kHQXlbYgVUeylpB0E/AiIDRW1YDhBDeBN6AV-R7KWkHQTodaQYweVt5G0FhTn4FFi0IJ1pUei1+BUB4W30FQG1ZfFMYOg4qWgltWQoEQX1FfBMEdVo HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uthecrimorew.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 761
date: Wed, 07 Dec 2022 20:42:17 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yFP9n1CexGEJjzpmeYLMjSM2Ncg-oRO21eKjgXqH_WCKobittGTsXw==
X-Firefox-Spdy: h2
d2jgp81mjwggyr.cloudfront.net/XdDU1NE0XWltScgBcUQl1RQMMA35SX0ZbIwQIWgYbMGBaXj1BWm9gOlJBT1BwRBNZVSMTCBNRIxcIBBIsEFcIAGsARVpfcBlFQVI4B1FSRDdSQFQJIBtPXFghFRAHcnhaBRAGfVxCXFopG0JGEX9EW0ERf0QEBRp9UQZ3EX9EQlxae0AQBnZoRgVNAnlRBn-cRf0RHQxF+NQQFAWNEHBAGfRNQVl8iUQdzBn1FBQUFfUUQBwQrHUdQUiIMEAdyfEQAGwRrAQgE
143.204.42.124200 OK 446 B URL HTTP/2 d2jgp81mjwggyr.cloudfront.net/XdDU1NE0XWltScgBcUQl1RQMMA35SX0ZbIwQIWgYbMGBaXj1BWm9gOlJBT1BwRBNZVSMTCBNRIxcIBBIsEFcIAGsARVpfcBlFQVI4B1FSRDdSQFQJIBtPXFghFRAHcnhaBRAGfVxCXFopG0JGEX9EW0ERf0QEBRp9UQZ3EX9EQlxae0AQBnZoRgVNAnlRBn-cRf0RHQxF+NQQFAWNEHBAGfRNQVl8iUQdzBn1FBQUFfUUQBwQrHUdQUiIMEAdyfEQAGwRrAQgE
IP 143.204.42.124:0
File type ASCII text, with very long lines (577), with no line terminators
Hash ced5a18dc2d813adf325158e4627f9aa
8ab17d06477375434c4cc8cafc20b9c0dd850bc9
7c751ae987051b79fc80c021c9b9b6bdaefefa27d0f574096b829a142634606d
GET /XdDU1NE0XWltScgBcUQl1RQMMA35SX0ZbIwQIWgYbMGBaXj1BWm9gOlJBT1BwRBNZVSMTCBNRIxcIBBIsEFcIAGsARVpfcBlFQVI4B1FSRDdSQFQJIBtPXFghFRAHcnhaBRAGfVxCXFopG0JGEX9EW0ERf0QEBRp9UQZ3EX9EQlxae0AQBnZoRgVNAnlRBn-cRf0RHQxF+NQQFAWNEHBAGfRNQVl8iUQdzBn1FBQUFfUUQBwQrHUdQUiIMEAdyfEQAGwRrAQgE HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uthecrimorew.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 446
date: Wed, 07 Dec 2022 20:42:17 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xU-idiDH6fIkJr_yw_MtgMITBNAF_zX1GaI9ugE6szqGx1awbjM4cw==
X-Firefox-Spdy: h2
uthecrimorew.com/multi?cs=bGxWVE9UVGZtd1pdYGJ2XFRuZ34&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.1&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1364398299373608&agec=1670445737&fs=1&mbkb=423.7288135593221&ref=https%3A%2F%2Fuserscloud.com%2F9ak8cernw75n&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_aqn0=1670445736848&crc=1
18.66.15.61200 OK 1.6 kB URL HTTP/2 uthecrimorew.com/multi?cs=bGxWVE9UVGZtd1pdYGJ2XFRuZ34&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.1&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1364398299373608&agec=1670445737&fs=1&mbkb=423.7288135593221&ref=https%3A%2F%2Fuserscloud.com%2F9ak8cernw75n&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_aqn0=1670445736848&crc=1
IP 18.66.15.61:0
Hash ad801d5a8836dfaa0381b29803d5f47c
55f746319b24560b1afa96a4851c8f2103772ed6
655c5c5b0c9359cf92571ca25731f53f916d46112897399457a64ef1c3bab457
GET /multi?cs=bGxWVE9UVGZtd1pdYGJ2XFRuZ34&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.1&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1364398299373608&agec=1670445737&fs=1&mbkb=423.7288135593221&ref=https%3A%2F%2Fuserscloud.com%2F9ak8cernw75n&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_aqn0=1670445736848&crc=1 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1558
date: Wed, 07 Dec 2022 20:42:17 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=cd4e14ec-a42e-4727-9e2b-f2b5c2db451d
csu=1364398299373608
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: 4H5CH0E551Cu0Fky53EBxVSCfWIgchr-YVxxhKsWe7FW0khcbA9qJQ==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 82cd1ce897294f8b6283690009066d4d
239c6d29c3574a2b4d591729f0ec5691875f1649
9141e07fa8daf3d95d50d43ad596b80e671693a4dd268f39cc83456cd07e93af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 82cd1ce897294f8b6283690009066d4d
239c6d29c3574a2b4d591729f0ec5691875f1649
9141e07fa8daf3d95d50d43ad596b80e671693a4dd268f39cc83456cd07e93af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2430
Cache-Control: max-age=112602
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:17 GMT
Etag: "63900605-1d7"
Expires: Fri, 09 Dec 2022 03:58:59 GMT
Last-Modified: Wed, 07 Dec 2022 03:18:29 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 07 Dec 2022 18:46:55 GMT
expires: Wed, 07 Dec 2022 20:46:55 GMT
cache-control: public, max-age=7200
age: 6922
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 31d17fd4cb7ef360ee9b5adf5f21d619
6f0970a9461cc9d7c2cf64661c654d47c7c6a3f5
3732287982334218c4b3f37bf467d61805e422da9b8a1f0bfe0fe6ca50957b0b
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 20:42:17 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1141196241%3A1670445737521869&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsRGDVs0Ikadu49K2oLgMwEz7x77wtsv-U_e_frUzLYNYRX6DAOcvuG1XsAIxi5nbhcx9ApAQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-PmvcAosrOs-xyiNdWkpd9w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:KRA6pUiv3a6kI0ifTKM9HC2EGMxw2w:Tna3jJ81LQQz3Ngf;Path=/;Expires=Fri, 06-Dec-2024 20:42:17 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 375b9abf749d18bce62a28d999713c78
af83be1a0a6420563819d1692387792315266029
54a93e3936c9ad9e293825f1184633471ee39eb7f9a30b43211fa5f06cbd2fa6
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 20:42:17 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S151879464%3A1670445737534803&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvsfNu7tYJnf-ujQC0rv8Rx91SnloHxYWhP_-_ulDtbj-25tz3tDZEItujm3wMWzSbY7sqo3Q
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-mfSzxJQIvSn-Exi5q7Iv-g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:3ZVPaN2GWwTIE9hFHoXbHXlW9rowVQ:52H2MbP0Wy4xVp9k;Path=/;Expires=Fri, 06-Dec-2024 20:42:17 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=2008368424&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2F9ak8cernw75n&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1671804927&gjid=256834203&cid=523341255.1670445737&tid=UA-70768172-1&_gid=270844625.1670445737&_r=1>m=2oubu0&z=1223386446
142.250.74.14200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=2008368424&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2F9ak8cernw75n&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1671804927&gjid=256834203&cid=523341255.1670445737&tid=UA-70768172-1&_gid=270844625.1670445737&_r=1>m=2oubu0&z=1223386446
IP 142.250.74.14:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=2008368424&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2F9ak8cernw75n&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1671804927&gjid=256834203&cid=523341255.1670445737&tid=UA-70768172-1&_gid=270844625.1670445737&_r=1>m=2oubu0&z=1223386446 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://userscloud.com
date: Wed, 07 Dec 2022 20:42:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 501 B IP 142.250.74.131:0
Hash 961de30e8b5b60044ee0a567e67ab300
77ed2d7e9e09fba7a427c8c8e4c590edbea8bff0
531d0cd59e230c607d7d0bb4653880e7a008453790fd47162eb2800ef184ad2f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 20:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.247.35200 OK 2.0 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.247.35:0
Hash e7f72c44c44186630c0f796bc1b32313
e12d23f48a44f201f014904cfb2420dcbbdbaca1
461c7d9448728dd4f20d8a0419da19f6fb599fd844f41dda6b7a4475ce9c6305
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: K4L+vO/LKOEr59NfBRjxwv+HIHU3+jJ2ajLqbQh9b51SuC2SsK2UtbqNCh4X9uee24uVG7b7CvCjE7PBSGoF5A==
date: Wed, 07 Dec 2022 20:42:17 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 20:42:16 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5987
last-modified: Wed, 07 Dec 2022 19:02:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqxcrol%2FNAWi7zABHPBbGID6T%2BZI9PH7yK7%2FU4HeBbd5WUfo4A9wX1tesA%2FNYO8CwgPLYY36RTIbcrAZ4vh7BxrIjA1u%2FaNJjYHuxXXGHJvWig6pLxM8IHbtA6TvDwRP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760164029447701-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
godpvqnszo.com/aas/r45d/vki/1955146/00cfb56f.js
62.122.171.6200 OK 0 B URL HTTP/2 godpvqnszo.com/aas/r45d/vki/1955146/00cfb56f.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /aas/r45d/vki/1955146/00cfb56f.js HTTP/1.1
Host: godpvqnszo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 20:42:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-10f52"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 20:42:17 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5988
last-modified: Wed, 07 Dec 2022 19:02:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H2H4DFrMiOa6PjUf9gbOQvSc97lJgSPUH%2FbxeWepvUQZPCCtnMC2akRdgUPdWXOQumAXh6HqM%2BQbvlZL813Jv8MR0G4gyY8HVubPV%2F1Hqu1%2BKuD79sipxWmJ1fNdbFBb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77601640599c7701-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 20:42:17 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5988
last-modified: Wed, 07 Dec 2022 19:02:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6sOVkhgtfE6iRwm7pGSWl6usYlnvfIFE97DNVZLFrP0RPuIjQPEqz5XmHBtuqhvbbVBp5XoS2UIRXOI0WbpwOtGPqRHS%2BmyvwsF3jj9RWKEj%2BSsrwMX9gFFAxnlp34l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760164049887701-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 20:42:17 GMT
content-type: text/plain
set-cookie: csu=1964763728272693@1@1670445737; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJrAxofKPYx1exuwbmN5E8IA0uuBd8LdwMCcN85E3a9DOn9Me9FmiPW3CMqZx%2FWVfFRMPCHpYfzVZQcAfDxeBiHv4yBqkUS21U2a3QNdi6bAOkvLwxKPM1B%2FH8fMuOaW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77601640395b7701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1141196241%3A1670445737521869&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsRGDVs0Ikadu49K2oLgMwEz7x77wtsv-U_e_frUzLYNYRX6DAOcvuG1XsAIxi5nbhcx9ApAQ
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1141196241%3A1670445737521869&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsRGDVs0Ikadu49K2oLgMwEz7x77wtsv-U_e_frUzLYNYRX6DAOcvuG1XsAIxi5nbhcx9ApAQ
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S1141196241%3A1670445737521869&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsRGDVs0Ikadu49K2oLgMwEz7x77wtsv-U_e_frUzLYNYRX6DAOcvuG1XsAIxi5nbhcx9ApAQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 20:42:17 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-KwJymb4rt0kQnKp-5K_81w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S151879464%3A1670445737534803&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvsfNu7tYJnf-ujQC0rv8Rx91SnloHxYWhP_-_ulDtbj-25tz3tDZEItujm3wMWzSbY7sqo3Q
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S151879464%3A1670445737534803&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvsfNu7tYJnf-ujQC0rv8Rx91SnloHxYWhP_-_ulDtbj-25tz3tDZEItujm3wMWzSbY7sqo3Q
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S151879464%3A1670445737534803&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvsfNu7tYJnf-ujQC0rv8Rx91SnloHxYWhP_-_ulDtbj-25tz3tDZEItujm3wMWzSbY7sqo3Q HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 20:42:17 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-t2Ajj47Czq_QoIscKNUlNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2