userscloud.com/zv5qzs1a4ca9/Howard%20the%20Duck%20013-026%20(1977-1978).zip
104.21.69.102301 Moved Permanently 0 B URL HTTP/1.1 userscloud.com/zv5qzs1a4ca9/Howard%20the%20Duck%20013-026%20(1977-1978).zip
IP 104.21.69.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zv5qzs1a4ca9/Howard%20the%20Duck%20013-026%20(1977-1978).zip HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 29 Sep 2022 08:06:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 29 Sep 2022 09:06:58 GMT
Location: https://userscloud.com/zv5qzs1a4ca9/Howard%20the%20Duck%20013-026%20(1977-1978).zip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3jT5ur2AkhJsBgBO7dueT3XxcVDkJxfcJD1qTr%2Bacqks5SJS1baEo6pkWA7CnV1LfoUSv%2FX0nCKG7cPbutaEzaG4FHMKG4HsmmnG5kvcIEjDUlio3DWy%2BUK30LwsJSbnVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 752338f75ff4b4f3-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6dd4587c98aef98ad0939030a6976a7f
92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e
a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15947
Expires: Thu, 29 Sep 2022 12:32:45 GMT
Date: Thu, 29 Sep 2022 08:06:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 07:15:52 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6Go06mswXwbzlcAFmN5LzNkIwijdH5b9v9uZ6GslJNwj1Hbo-ENGFw==
Age: 3066
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hvzRYgmWX0G0MDiEOZYjUvU_f_JhMzuY5bWi0z3gMlOaHukMFCQnDg==
age: 9511
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5e9b0c86817a4d5d89c920b7ed85057b
a248e3a32ab059434400ee945c7b8f4fedb83ffe
b140486f05a6e21ab6193259a40f65734ac7ecb7be043c26977cd5e77388f19c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6243
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:58 GMT
Last-Modified: Thu, 29 Sep 2022 06:22:55 GMT
Server: ECS (amb/6BC3)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 07:29:33 GMT
Expires: Thu, 29 Sep 2022 07:40:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: K-FM-e46VEqePf-5hpX27jlLtxGEf3cYUOIwDUUpXxs71-rnK17IMw==
Age: 2246
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3526d5ce1381ba26cbc553db057e1915
fe01c920696448e8bf12e6fff877bce8281d34a2
09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4865
Cache-Control: max-age=91255
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:59 GMT
Etag: "63340099-1d7"
Expires: Fri, 30 Sep 2022 09:27:54 GMT
Last-Modified: Wed, 28 Sep 2022 08:06:49 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.70.239.215101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.70.239.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: b/6llaRb0HZscuQOlA0yFQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NwemN4H9LeBTPSh8cLtQexRFUi8=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5e9b0c86817a4d5d89c920b7ed85057b
a248e3a32ab059434400ee945c7b8f4fedb83ffe
b140486f05a6e21ab6193259a40f65734ac7ecb7be043c26977cd5e77388f19c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6245
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:00 GMT
Last-Modified: Thu, 29 Sep 2022 06:22:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 12 kB IP 93.184.220.29:0
Hash e0154402b0935fecd3103925972d38c5
5f6aa1e63fec5b05e07b9cedb9c85eaa936fedc9
d2bbcf2c01b93b88aeb4dec561d9b5b7a1dd07f83a3484058ca603ad4624eff4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6486
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:00 GMT
Last-Modified: Thu, 29 Sep 2022 06:18:54 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
172.64.156.26200 OK 65 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 172.64.156.26:0
Hash 365ca0c293001b8262a9c96e638655fa
77bbca6491b5acfffb83e153daaf68884cc76bd3
b3f0675273521052db0e7dcbd32da813ee12e23a9f42f9076c0974d332ab2cea
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233902fea0b509-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 75eebff373cf84ae810a9e326f9e3d03
a5b22b0eee98dda385cb4e90d119205bc5f3a25f
f2089c63c7c2b3024972aba8cbc12dfcffc79dfc1ef9f7be801c79e7737b0d71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-70768172-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-70768172-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (2039)
Hash 5d9990964a29620c87c41cfbbb7b6054
ea6dbd25dc25c9a7df0a954465292ab9eb416a8a
f88e5cfc021e955a85693b43e7d967d580db4c0496c8a4199d2db363626658f8
GET /gtag/js?id=UA-70768172-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Sep 2022 08:07:00 GMT
expires: Thu, 29 Sep 2022 08:07:00 GMT
cache-control: private, max-age=900
last-modified: Thu, 29 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42392
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 10 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 559326c96426d06e263c822ec56e87d0
3ffb71d1d04d65ded95b51d7817531a185bec3ab
fc9f49eca0873c5469478cf55e4529b13a93ec683300eb55a5bf46750eca3962
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E9AF4878804BF34E63D54DE0CD2B6EB9E690880F619A69EE2705EC61B7EB5EC"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14336
Expires: Thu, 29 Sep 2022 12:05:56 GMT
Date: Thu, 29 Sep 2022 08:07:00 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 75eebff373cf84ae810a9e326f9e3d03
a5b22b0eee98dda385cb4e90d119205bc5f3a25f
f2089c63c7c2b3024972aba8cbc12dfcffc79dfc1ef9f7be801c79e7737b0d71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10012
Expires: Thu, 29 Sep 2022 10:53:52 GMT
Date: Thu, 29 Sep 2022 08:07:00 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10012
Expires: Thu, 29 Sep 2022 10:53:52 GMT
Date: Thu, 29 Sep 2022 08:07:00 GMT
Connection: keep-alive
andamafraidt.xyz/utx?cb=cr863GfD9SE7&top=userscloud.com&tid=600304
54.230.111.8204 No Content 0 B URL HTTP/2 andamafraidt.xyz/utx?cb=cr863GfD9SE7&top=userscloud.com&tid=600304
IP 54.230.111.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=cr863GfD9SE7&top=userscloud.com&tid=600304 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:07:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:08:00 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uv9Fpb2boR20-8pHSljM9jy7eH1BFwnY8_6mvDbVxpGEzPESJMORVA==
X-Firefox-Spdy: h2
andamafraidt.xyz/V29JOWw2DSpUUzZSKx8ZJQN0HF4RSnt/CGYFPkkIZl4mXwQzWi4XDzsAPF0KJQAnTUI5Cj0cXhFXKGEcIjoRbCcRPggKPz9fHXoBLysebBwzNhx/PBIteRxeFSgxVSQHF3FaIS1fBHcuJAkMQCFjKxt7DxAGOms6Eh8AaT4GJwFvImQqCFo2Al0LbS8VWwRbKRE/DVFYcl0LcQAGNw9DVDQtGEo2HT1xdTQVHD5qLQY5D30LDS0bTSAOFQdaOhFaeWtdOzwPVC4SOwxSHzMqLWMqMAxsCyoWLQ9fNBAqB2w5IBcTCSoaPBpBXAVeInArHz0OcikZNi8JOhY3eBQUPyouTjYVO3xoOy0XKmA5BTUaVVU/PQxBJQ8FKlorL1cAaQtmIhp6BDg+eV0nBCwbcDsWSSNKAzkfdGgiPjUOWwk5GSB0BS8W
54.230.111.8200 OK 1.2 kB URL HTTP/2 andamafraidt.xyz/V29JOWw2DSpUUzZSKx8ZJQN0HF4RSnt/CGYFPkkIZl4mXwQzWi4XDzsAPF0KJQAnTUI5Cj0cXhFXKGEcIjoRbCcRPggKPz9fHXoBLysebBwzNhx/PBIteRxeFSgxVSQHF3FaIS1fBHcuJAkMQCFjKxt7DxAGOms6Eh8AaT4GJwFvImQqCFo2Al0LbS8VWwRbKRE/DVFYcl0LcQAGNw9DVDQtGEo2HT1xdTQVHD5qLQY5D30LDS0bTSAOFQdaOhFaeWtdOzwPVC4SOwxSHzMqLWMqMAxsCyoWLQ9fNBAqB2w5IBcTCSoaPBpBXAVeInArHz0OcikZNi8JOhY3eBQUPyouTjYVO3xoOy0XKmA5BTUaVVU/PQxBJQ8FKlorL1cAaQtmIhp6BDg+eV0nBCwbcDsWSSNKAzkfdGgiPjUOWwk5GSB0BS8W
IP 54.230.111.8:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash 045ae1546bcbc7f838f6df3614ee5702
c54810785fc2433222e078c01a369a5416ce9e54
4092da47a32e41992c2e5e1469a9ab88d134f6c3b36eabd3a91a59f19888d2d7
GET /V29JOWw2DSpUUzZSKx8ZJQN0HF4RSnt/CGYFPkkIZl4mXwQzWi4XDzsAPF0KJQAnTUI5Cj0cXhFXKGEcIjoRbCcRPggKPz9fHXoBLysebBwzNhx/PBIteRxeFSgxVSQHF3FaIS1fBHcuJAkMQCFjKxt7DxAGOms6Eh8AaT4GJwFvImQqCFo2Al0LbS8VWwRbKRE/DVFYcl0LcQAGNw9DVDQtGEo2HT1xdTQVHD5qLQY5D30LDS0bTSAOFQdaOhFaeWtdOzwPVC4SOwxSHzMqLWMqMAxsCyoWLQ9fNBAqB2w5IBcTCSoaPBpBXAVeInArHz0OcikZNi8JOhY3eBQUPyouTjYVO3xoOy0XKmA5BTUaVVU/PQxBJQ8FKlorL1cAaQtmIhp6BDg+eV0nBCwbcDsWSSNKAzkfdGgiPjUOWwk5GSB0BS8W HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1180
date: Thu, 29 Sep 2022 08:07:00 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Rewr6_yJy7Zbb5fXpbQXMBRzSuzlG7m53peadYnyj-AfOKVXozAqxw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1a90308f30edbff6584ae7bf93b58a08
c2bf8321e1b5809f2501af0b20ba3189cadd2c75
b9afde96e2623a1f2f75b435027e2e8d686ec7c07cac397755f4695b412e9f82
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9AFDE96E2623A1F2F75B435027E2E8D686EC7C07CAC397755F4695B412E9F82"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13913
Expires: Thu, 29 Sep 2022 11:58:53 GMT
Date: Thu, 29 Sep 2022 08:07:00 GMT
Connection: keep-alive
andamafraidt.xyz/utx?cb=nxs0rLNCvwhr&top=userscloud.com&tid=708052
54.230.111.8204 No Content 0 B URL HTTP/2 andamafraidt.xyz/utx?cb=nxs0rLNCvwhr&top=userscloud.com&tid=708052
IP 54.230.111.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=nxs0rLNCvwhr&top=userscloud.com&tid=708052 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:07:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:08:00 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: y_f6LJ4qHXu1nkpzWHKW7NZ8E5u4Q_fhyjn4dze-cR2Rp22e6AZVcQ==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10012
Expires: Thu, 29 Sep 2022 10:53:52 GMT
Date: Thu, 29 Sep 2022 08:07:00 GMT
Connection: keep-alive
esathyaspsu.xyz/bTdDZk1CCCAVcDdwMwoeOlMbMXw/DhZXGwhvG1cfNWEvPigrVGUSJAkKdVZ9Xgd3QD0EU35Xax5DIhI4HgpyQCQDUSxbaxsKckh+WRlxX2NdETZbfEtDMwcqUAZlFjkZW35Xe1sDd1V1VQZ0UXRb
104.21.80.127204 No Content 34 kB URL HTTP/2 esathyaspsu.xyz/bTdDZk1CCCAVcDdwMwoeOlMbMXw/DhZXGwhvG1cfNWEvPigrVGUSJAkKdVZ9Xgd3QD0EU35Xax5DIhI4HgpyQCQDUSxbaxsKckh+WRlxX2NdETZbfEtDMwcqUAZlFjkZW35Xe1sDd1V1VQZ0UXRb
IP 104.21.80.127:0
Hash acb8d0b78c4bb26895ce96ba1abe64bc
96c10ab03e3f8ad26dcd24ccd8582e45c5a3b388
4e08d146c5a7c0ded89a44f39330fe1d54b2b13010f9816eb1df8de77db6fd24
GET /bTdDZk1CCCAVcDdwMwoeOlMbMXw/DhZXGwhvG1cfNWEvPigrVGUSJAkKdVZ9Xgd3QD0EU35Xax5DIhI4HgpyQCQDUSxbaxsKckh+WRlxX2NdETZbfEtDMwcqUAZlFjkZW35Xe1sDd1V1VQZ0UXRb HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:07:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oCp4mUbrc5J2wMu4qEAgDbksk6iT8UCkWvrrN8DScupf2jAUxVAZ%2Ffcce4i4NzMs%2FdyO%2BLydx2bHnmbFZVzKhKbEF8GCRgI%2FGYvpEKlngfSYhJEBPQ%2FugsdkQxUDa2XbTMk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75233904aafeb4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1a90308f30edbff6584ae7bf93b58a08
c2bf8321e1b5809f2501af0b20ba3189cadd2c75
b9afde96e2623a1f2f75b435027e2e8d686ec7c07cac397755f4695b412e9f82
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9AFDE96E2623A1F2F75B435027E2E8D686EC7C07CAC397755F4695B412E9F82"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13913
Expires: Thu, 29 Sep 2022 11:58:53 GMT
Date: Thu, 29 Sep 2022 08:07:00 GMT
Connection: keep-alive
andamafraidt.xyz/ZVRobDYENgsBCQRpCkpDFzhVSQQjcVoqUlQ+HxxSVGUHCl4BYQ9CVQk7HQhQFzsGGBgLMRxJBCM9MjlSLAcwC3EuFzEaZB0RHSB+NwQ+NA9RMi0ccikAGwFwDQJeL2QWDiYFb0BmKiheLCAkP1kSDAApDykcOiVnHCcYJk5cDTE/BgsTWQQEBz0PD3RWJFAOQRICIy94VRI6G0YsBz0mcw8ZAScHUQUiAmMOEhBUQy8XPTZnLQEnCnA/AjECRlABKl0EAAMQIHxXHl4JZDQZIzgGHQw+CAUoHC4jeQsSUA5zFjoxAkZQFwAiXwAjAC5jVzhcNXBUDAwVG10nLxsCCjYwHxNXFj5fUlAxPQRjAWcEH2UJAQAlYhYwKRVREjYtA1wDOl0CZSAZEQhuAnICH1kLJFUtZAQHCRpxDxwCDk8
54.230.111.8200 OK 1.2 kB URL HTTP/2 andamafraidt.xyz/ZVRobDYENgsBCQRpCkpDFzhVSQQjcVoqUlQ+HxxSVGUHCl4BYQ9CVQk7HQhQFzsGGBgLMRxJBCM9MjlSLAcwC3EuFzEaZB0RHSB+NwQ+NA9RMi0ccikAGwFwDQJeL2QWDiYFb0BmKiheLCAkP1kSDAApDykcOiVnHCcYJk5cDTE/BgsTWQQEBz0PD3RWJFAOQRICIy94VRI6G0YsBz0mcw8ZAScHUQUiAmMOEhBUQy8XPTZnLQEnCnA/AjECRlABKl0EAAMQIHxXHl4JZDQZIzgGHQw+CAUoHC4jeQsSUA5zFjoxAkZQFwAiXwAjAC5jVzhcNXBUDAwVG10nLxsCCjYwHxNXFj5fUlAxPQRjAWcEH2UJAQAlYhYwKRVREjYtA1wDOl0CZSAZEQhuAnICH1kLJFUtZAQHCRpxDxwCDk8
IP 54.230.111.8:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Hash 7aa8a17e05917d48bcc13c8aa37677b5
2e4e1d99d1ea109f89821fb44eeeff49a27146b4
01a5f1cc5d38b33246cf2a3f7068d9006b15f3cb8f58485d2cdceb49dc782d80
GET /ZVRobDYENgsBCQRpCkpDFzhVSQQjcVoqUlQ+HxxSVGUHCl4BYQ9CVQk7HQhQFzsGGBgLMRxJBCM9MjlSLAcwC3EuFzEaZB0RHSB+NwQ+NA9RMi0ccikAGwFwDQJeL2QWDiYFb0BmKiheLCAkP1kSDAApDykcOiVnHCcYJk5cDTE/BgsTWQQEBz0PD3RWJFAOQRICIy94VRI6G0YsBz0mcw8ZAScHUQUiAmMOEhBUQy8XPTZnLQEnCnA/AjECRlABKl0EAAMQIHxXHl4JZDQZIzgGHQw+CAUoHC4jeQsSUA5zFjoxAkZQFwAiXwAjAC5jVzhcNXBUDAwVG10nLxsCCjYwHxNXFj5fUlAxPQRjAWcEH2UJAQAlYhYwKRVREjYtA1wDOl0CZSAZEQhuAnICH1kLJFUtZAQHCRpxDxwCDk8 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Thu, 29 Sep 2022 08:07:00 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sVTFpILS03xVbIUyfqk8WDMIMrNEu0UDEIv7xik0fA_Rnk9QpsJ30Q==
X-Firefox-Spdy: h2
esathyaspsu.xyz/RDBpMXFrDwpCTAlnDXQlDHUrZEJ1BjhGJxZTMUE7BmY/SRcvW09FGCANXgFJdAVbFwEtVFQDSGJDHVAFMUNUAFctXg9eTGJGVABfdB5fAV90FhwMQGJEGVAWeQFPQQUwXFQAR3IEXQJJfAFeCUJw
104.21.80.127204 No Content 0 B URL HTTP/2 esathyaspsu.xyz/RDBpMXFrDwpCTAlnDXQlDHUrZEJ1BjhGJxZTMUE7BmY/SRcvW09FGCANXgFJdAVbFwEtVFQDSGJDHVAFMUNUAFctXg9eTGJGVABfdB5fAV90FhwMQGJEGVAWeQFPQQUwXFQAR3IEXQJJfAFeCUJw
IP 104.21.80.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RDBpMXFrDwpCTAlnDXQlDHUrZEJ1BjhGJxZTMUE7BmY/SRcvW09FGCANXgFJdAVbFwEtVFQDSGJDHVAFMUNUAFctXg9eTGJGVABfdB5fAV90FhwMQGJEGVAWeQFPQQUwXFQAR3IEXQJJfAFeCUJw HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:07:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Phdg1FpjnnZ55bqvF9kdlXQXQZlAoTphpA78l8fPqo2zekeg3Sj4Muv1sOLVprSOU5pe8BrwQxb4fLoeksfnLh3oFQgajzo7FWE01rJfZPx%2BAw%2B2r%2B9fe0Y7uxYHnFKj8%2BQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75233904cb26b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
andamafraidt.xyz/utx?cb=CixT5tUS9b9a&top=userscloud.com&tid=816973
54.230.111.8204 No Content 0 B URL HTTP/2 andamafraidt.xyz/utx?cb=CixT5tUS9b9a&top=userscloud.com&tid=816973
IP 54.230.111.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=CixT5tUS9b9a&top=userscloud.com&tid=816973 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:07:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:08:00 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -SmOsZ0mSI0Hh24GBf8GlF8herZ4G5ODabvUntmVV_10sbyJbYsySA==
X-Firefox-Spdy: h2
andamafraidt.xyz/N29CM21WDSFeUlZSIBUYRQN/Fl9xSnB1CQYFNUMJBl4tVQVTWiUdDlsAN1cLRQAsR0NZCjYWX3FcEwEeQA4uZgp1KXZ+DF0MAWUrUxshX119NxVpAXY6D3UiTSEVayl2LgFLBQY3EFwCewILFl91DDhQP2EpJl83ZgsQcSl9SnBxOWE6B30DAg4EVB5PJhRqKGMsB0kvcRsafClYKRViNFwhAAoMdCcPAS5QXwp8B1wsGnI0BzUuX19vXDZJOVAlI1U5Qw4DZlRaLhcHLmAFKUIvYjoRUCVxDRF1J10nBAMoY10bcTlQJSN5F2EgA0oZRAsXZixmXABLOgZCIWMjXggHdTtQOyFlHnU4L2UUYBgEYzcEIgxkP1AYCGI/fjtwUCtiCBh2N2A6J3c7REkoQAJZH39fN2InMXZaeAQHYTk
54.230.111.8200 OK 1.2 kB URL HTTP/2 andamafraidt.xyz/N29CM21WDSFeUlZSIBUYRQN/Fl9xSnB1CQYFNUMJBl4tVQVTWiUdDlsAN1cLRQAsR0NZCjYWX3FcEwEeQA4uZgp1KXZ+DF0MAWUrUxshX119NxVpAXY6D3UiTSEVayl2LgFLBQY3EFwCewILFl91DDhQP2EpJl83ZgsQcSl9SnBxOWE6B30DAg4EVB5PJhRqKGMsB0kvcRsafClYKRViNFwhAAoMdCcPAS5QXwp8B1wsGnI0BzUuX19vXDZJOVAlI1U5Qw4DZlRaLhcHLmAFKUIvYjoRUCVxDRF1J10nBAMoY10bcTlQJSN5F2EgA0oZRAsXZixmXABLOgZCIWMjXggHdTtQOyFlHnU4L2UUYBgEYzcEIgxkP1AYCGI/fjtwUCtiCBh2N2A6J3c7REkoQAJZH39fN2InMXZaeAQHYTk
IP 54.230.111.8:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Hash f990180957b879ecaf20a3df08a85d07
e2c68d3fbbf3483c5a9c5ec63e50f54d9f73a430
444ae445121a49b8e9aeb16a42212ad9735729cb8f7a2ed6b4d7908576bf24bc
GET /N29CM21WDSFeUlZSIBUYRQN/Fl9xSnB1CQYFNUMJBl4tVQVTWiUdDlsAN1cLRQAsR0NZCjYWX3FcEwEeQA4uZgp1KXZ+DF0MAWUrUxshX119NxVpAXY6D3UiTSEVayl2LgFLBQY3EFwCewILFl91DDhQP2EpJl83ZgsQcSl9SnBxOWE6B30DAg4EVB5PJhRqKGMsB0kvcRsafClYKRViNFwhAAoMdCcPAS5QXwp8B1wsGnI0BzUuX19vXDZJOVAlI1U5Qw4DZlRaLhcHLmAFKUIvYjoRUCVxDRF1J10nBAMoY10bcTlQJSN5F2EgA0oZRAsXZixmXABLOgZCIWMjXggHdTtQOyFlHnU4L2UUYBgEYzcEIgxkP1AYCGI/fjtwUCtiCBh2N2A6J3c7REkoQAJZH39fN2InMXZaeAQHYTk HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Thu, 29 Sep 2022 08:07:00 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NYpHX6XzHkgTTVEwpvU3M5bKOAYMOBUkoTcx_Bb8NMkgYtSPzjdTVg==
X-Firefox-Spdy: h2
esathyaspsu.xyz/RlQxbDBpa1IfDSMcZypREBJ6PngMN2gHWAA3ZxhXFWR7XGh0PxcYWSJpCV0Gf2MCSkAvMAxeCWAnRQ1EMycMXRYvOlcDDWAiDF0ednoHXB52ckRRAWAgQQ1Xe2UXHEQyOAxdBnBgBV8IfmUGVAR/
104.21.80.127204 No Content 0 B URL HTTP/2 esathyaspsu.xyz/RlQxbDBpa1IfDSMcZypREBJ6PngMN2gHWAA3ZxhXFWR7XGh0PxcYWSJpCV0Gf2MCSkAvMAxeCWAnRQ1EMycMXRYvOlcDDWAiDF0ednoHXB52ckRRAWAgQQ1Xe2UXHEQyOAxdBnBgBV8IfmUGVAR/
IP 104.21.80.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RlQxbDBpa1IfDSMcZypREBJ6PngMN2gHWAA3ZxhXFWR7XGh0PxcYWSJpCV0Gf2MCSkAvMAxeCWAnRQ1EMycMXRYvOlcDDWAiDF0ednoHXB52ckRRAWAgQQ1Xe2UXHEQyOAxdBnBgBV8IfmUGVAR/ HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:07:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BlNVocniwqljTwLZtaZLti%2BSdCDcz7Up2xelfYfm58zB1RjLE69iAE%2BecU%2Bbdd0opjZ%2Ffw26JRTyHB2YvELppmfJ%2FVK3GLAuI6cd%2Bwkv5zO6GlNhbs%2FbwTAxf9AXZlOFIc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75233904eb46b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waisheph.com/tag.min.js
139.45.197.245200 OK 23 kB IP 139.45.197.245:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 55bfb65a45375a59df27572861a64783
2838cf8e3623bfbccf2618dac1495f992dae2b6c
9c86b08b70bf998cacd69539dbd479bfe6cc5f973cd514cd8c3f29c21092b5c1
GET /tag.min.js HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: text/javascript; charset=utf-8
content-length: 22987
content-encoding: br
x-trace-id: 58aad8914d304c793629fc888c8c1152
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 28 Sep 2022 07:58:44 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2824
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 08:07:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2824
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 08:07:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4505f57697072468da82e0b536d0d5b
e1067a2dfbc22e7eb196046d57bd1e17604dba75
b5e79054f165f38b99f93a8128284f82076523988aeb102b85dd8ff1a2870d00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10023
x-amzn-requestid: 0cb6b9a1-0707-4094-b197-5a0add2df717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK4dHJLIAMFWmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be9c-2d8bbb17157900f126c5bb3c;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wZ2hBqHAdwimAVV3p-CJFrb9zQ-CTN5ar9CB-cu0mZoENYUFTKKPWQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:43 GMT
age: 37577
etag: "e1067a2dfbc22e7eb196046d57bd1e17604dba75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11594ce7500d8776bfd5162b17f87d72
72603efba82d649ce5a7a0ca45dc830c0d9ef012
511f5aa33750cd4a02cf3968bf165ffa521e77cb4fb7135b516d7ad14e8b9d01
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14073
x-amzn-requestid: 4ff72590-e28d-4d4b-af1a-4d62e75e3d66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKnpEsJoAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be30-38b014a25551aa0a2ab04ccf;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gP4V4fq53Z5BFfjDlx1LCR9AhUPTq0qusBaOY_UEXjJjM6SByqDgXg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:41:45 GMT
etag: "72603efba82d649ce5a7a0ca45dc830c0d9ef012"
content-type: image/jpeg
age: 37515
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c62a6368c456e9614ca4c8e360a2ef12
35ec6e80d324bb215796c590a7ffafbaea55d88e
90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7859
x-amzn-requestid: 34d0718f-46d4-446f-bb06-8449bd8f4287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZIlO4FcBoAMFy0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63334f2b-58ae81c9077e4f1575750f15;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 19:29:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XwUZAphoqael30FgWCRQlHqBpjBOSG7rnlbPNKyojhONZ625gCUI5g==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 08:28:02 GMT
age: 85138
etag: "35ec6e80d324bb215796c590a7ffafbaea55d88e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg
34.120.237.76200 OK 3.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ac86079d2901fb11bfaff81d91bb2d2
4fc0699c763f67a2602b4b3f46b8b4013d2049c6
8c25b9129fc01f6ffad911994e91436ab0026ed0b54568757a20ab7f92584467
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3332
x-amzn-requestid: 34214e89-7232-4fd5-9257-adf231670681
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDb3vGkOIAMFVhg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63314031-3056111d48a5027a2062ad1b;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 06:01:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VosALWNOhCfUDfo2bXgYE0Cx2duyHRaLb5DCn9IydXtoIsYyg9vWhA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:49:13 GMT
age: 37067
etag: "4fc0699c763f67a2602b4b3f46b8b4013d2049c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c80d7ce8a9d3fba54855e05731db759c
d76293673a7aa2861b069ced614cdcdb84fed6d3
eabd1bfef29cad4045d688a909b9a8c88818d80bb432ce642d055583cf66d77d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9002
x-amzn-requestid: 0623931b-a4d6-49de-ba32-d071c08eddbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKoiGKRIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be36-1573e2e91c85617424db019f;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:50 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3kkSL0VcJl64iZ0TiKfOwK620pLX2CAVWqY1Bp2NhokTX0572t_nnQ==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:47 GMT
etag: "d76293673a7aa2861b069ced614cdcdb84fed6d3"
content-type: image/jpeg
age: 37573
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36ae9444071dd70dcf86802c370ffda9
44cc19b21912d07f82a88af5b2fa6d3e370459bf
99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9654
x-amzn-requestid: 7277f59f-452d-4cb6-a76e-1561b4ff3de0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGW2REPzoAMFrww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326b5b-4f5d775830c95b065ce40d3f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:17:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jTiWrrcC29QaFlnaiNH_KmEaphRZhWyzf1JbWb6uL00D3vOMR7Wfyg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 03:28:09 GMT
age: 16731
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2f5989d4743444fc557dab6bf17a3a62
342d1dccc65999045ef7d3ac1933d4393431cf78
dda1c7a6542a0b3c0c9dafe943fb8fbd85e508e57150175b89222a45b650cd89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DDA1C7A6542A0B3C0C9DAFE943FB8FBD85E508E57150175B89222A45B650CD89"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4612
Expires: Thu, 29 Sep 2022 09:23:52 GMT
Date: Thu, 29 Sep 2022 08:07:00 GMT
Connection: keep-alive
d1jwpd11ofhd5g.cloudfront.net/8aXpuUXUKFQA3Sh0TCmxDWUpdYUFPEB0+GxlHPx8cMz0MNBsfEyM4DRBcGisRVEpIPRQHHVN3EAcZU2BTCB4MbEFPDh4+HlQXFz8cBQsZJR8LXBswSAQVFDgZBRtLYzNcVF50R1lSFmBETEksdEdZFgc/ABFfXGENUUwxZ0FMSSx0R1kIGHRGKENYf0VAX1-xhEgwZBT5QWzxcYURZSl9hRExIXjccGx8IPg1MSChoQ0dKSCRIWA
143.204.42.106200 OK 768 B URL HTTP/2 d1jwpd11ofhd5g.cloudfront.net/8aXpuUXUKFQA3Sh0TCmxDWUpdYUFPEB0+GxlHPx8cMz0MNBsfEyM4DRBcGisRVEpIPRQHHVN3EAcZU2BTCB4MbEFPDh4+HlQXFz8cBQsZJR8LXBswSAQVFDgZBRtLYzNcVF50R1lSFmBETEksdEdZFgc/ABFfXGENUUwxZ0FMSSx0R1kIGHRGKENYf0VAX1-xhEgwZBT5QWzxcYURZSl9hRExIXjccGx8IPg1MSChoQ0dKSCRIWA
IP 143.204.42.106:0
File type ASCII text, with very long lines (1094), with no line terminators
Hash 6c2589853f794eb0412bc872b64c2da9
b67e46548a8032be56f9d708b849b6783945d8d6
7cdeba3070b72cfbee2d3f7674a29e069149925856a60c2853277f0ef1f8d78e
GET /8aXpuUXUKFQA3Sh0TCmxDWUpdYUFPEB0+GxlHPx8cMz0MNBsfEyM4DRBcGisRVEpIPRQHHVN3EAcZU2BTCB4MbEFPDh4+HlQXFz8cBQsZJR8LXBswSAQVFDgZBRtLYzNcVF50R1lSFmBETEksdEdZFgc/ABFfXGENUUwxZ0FMSSx0R1kIGHRGKENYf0VAX1-xhEgwZBT5QWzxcYURZSl9hRExIXjccGx8IPg1MSChoQ0dKSCRIWA HTTP/1.1
Host: d1jwpd11ofhd5g.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 768
date: Thu, 29 Sep 2022 08:07:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: s7BCn1BQsH6FFO4PCUpFhH8Fj_dVGylSN6gw5S4Q5nLtGi2Qa3wjyg==
X-Firefox-Spdy: h2
d1jwpd11ofhd5g.cloudfront.net/3Q2swalUgBF4MajcCVFdtcl0JXWZlAUMFOzNWXDAACxh1XRooLmI+czcRVFdlZQdRBDJ+TVUENn5aFgsxIVYETCEzBFtXODoFWQYkNB9aCHM2Cg0HOjkCXAY0Zll2X3tzTgJafTtaAU9mAU4CWjkqBUUScHFbSFJjHF0ET2YBTgJaJzVOAytsdUUAQ3BxW1-cPNigEFVgTcVsBWmVyWwFPZ3MNWRgwJQRIT2cFUgZEZWUeDVs
143.204.42.106200 OK 434 B URL HTTP/2 d1jwpd11ofhd5g.cloudfront.net/3Q2swalUgBF4MajcCVFdtcl0JXWZlAUMFOzNWXDAACxh1XRooLmI+czcRVFdlZQdRBDJ+TVUENn5aFgsxIVYETCEzBFtXODoFWQYkNB9aCHM2Cg0HOjkCXAY0Zll2X3tzTgJafTtaAU9mAU4CWjkqBUUScHFbSFJjHF0ET2YBTgJaJzVOAytsdUUAQ3BxW1-cPNigEFVgTcVsBWmVyWwFPZ3MNWRgwJQRIT2cFUgZEZWUeDVs
IP 143.204.42.106:0
File type ASCII text, with very long lines (572), with no line terminators
Hash f3f3d8150913761bd82df64e0a274b05
0b3ef187f6e5a281a4a9c766965aaa66e2073b99
fd0759f3c2559cd0eba5d1ec2ac61045abdec5cedef4c7bf824307d8fbe50fa7
GET /3Q2swalUgBF4MajcCVFdtcl0JXWZlAUMFOzNWXDAACxh1XRooLmI+czcRVFdlZQdRBDJ+TVUENn5aFgsxIVYETCEzBFtXODoFWQYkNB9aCHM2Cg0HOjkCXAY0Zll2X3tzTgJafTtaAU9mAU4CWjkqBUUScHFbSFJjHF0ET2YBTgJaJzVOAytsdUUAQ3BxW1-cPNigEFVgTcVsBWmVyWwFPZ3MNWRgwJQRIT2cFUgZEZWUeDVs HTTP/1.1
Host: d1jwpd11ofhd5g.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 434
date: Thu, 29 Sep 2022 08:07:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FIBuus_ZhYhTzxDCrXp7S6eop7owRKCH7k4xcvdOD2zWhXa3uat7hg==
X-Firefox-Spdy: h2
d1jwpd11ofhd5g.cloudfront.net/iZUdISXgGKCYvRxEuLHRPVX94fEpDLTsmFhV6CRsZNiY+DhItLSowXhE9LHRIQyspJx9YYS0nG1h2bigcB3p8bwwVKCN0FRwpISUJEjMiK14QJnUkFx8uJCUZQHUOfFZVYnp5UB12eWxLJ2J6eRQMKT0xXVd3MHFOOnF8bEsnYnp5ChNiewhBU2l4YF1Xdy-8sGw4obXs+V3d5eUhUd3lsSlUhITsdAygwbEojfn5nSEMydXg
143.204.42.106200 OK 446 B URL HTTP/2 d1jwpd11ofhd5g.cloudfront.net/iZUdISXgGKCYvRxEuLHRPVX94fEpDLTsmFhV6CRsZNiY+DhItLSowXhE9LHRIQyspJx9YYS0nG1h2bigcB3p8bwwVKCN0FRwpISUJEjMiK14QJnUkFx8uJCUZQHUOfFZVYnp5UB12eWxLJ2J6eRQMKT0xXVd3MHFOOnF8bEsnYnp5ChNiewhBU2l4YF1Xdy-8sGw4obXs+V3d5eUhUd3lsSlUhITsdAygwbEojfn5nSEMydXg
IP 143.204.42.106:0
File type ASCII text, with very long lines (588), with no line terminators
Hash 90e246c6ba8e02ea26f3253481827098
20a548215eb85f051126e1532c4f3ad3e6a826ae
4d3b7000735c270ed03050c4ceb068abbb693f86d3802fc2b6e5d08d49483979
GET /iZUdISXgGKCYvRxEuLHRPVX94fEpDLTsmFhV6CRsZNiY+DhItLSowXhE9LHRIQyspJx9YYS0nG1h2bigcB3p8bwwVKCN0FRwpISUJEjMiK14QJnUkFx8uJCUZQHUOfFZVYnp5UB12eWxLJ2J6eRQMKT0xXVd3MHFOOnF8bEsnYnp5ChNiewhBU2l4YF1Xdy-8sGw4obXs+V3d5eUhUd3lsSlUhITsdAygwbEojfn5nSEMydXg HTTP/1.1
Host: d1jwpd11ofhd5g.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 446
date: Thu, 29 Sep 2022 08:07:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: JPnMKFAJx54uTj_7WZ3hAtMroV-9hcUQ7TPMNqS6qbCRfn8tq4nE6A==
X-Firefox-Spdy: h2
tovanillitechan.com/42/38?z=2892518
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=2892518
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=2892518 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=f38947934f4444f788d447cc96224d13; oaidts=1664438820
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:01 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 5756285047eb56bd2775a209bdc94307
access-control-expose-headers: X-Sc
set-cookie: OAID=f38947934f4444f788d447cc96224d13; expires=Fri, 29 Sep 2023 08:07:01 GMT; secure; SameSite=None
oaidts=1664438820; expires=Fri, 29 Sep 2023 08:07:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 008bb0f15929580c49beb48408615d01
a28e34ab71eea646efaf0a505a3bd07671bd6012
f612ef9519f2b8baad9918a77a873fb28c691518df1504fb32a47af79b8f7e18
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:07:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 00:52:20 GMT
Expires: Mon, 03 Oct 2022 00:52:19 GMT
Etag: "a28e34ab71eea646efaf0a505a3bd07671bd6012"
Cache-Control: max-age=318917,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75233906ebc80b4d-OSL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://userscloud.com
Content-Length: 1570
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 29 Sep 2022 08:07:20 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://userscloud.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 366fbb58b56c6469840359066ae0ef4b
519ec2d019a3df15e1555ee7e9f784207f3ee604
4c03f3b3b06d0359ff6c3e72e91c39cb8f6e6406ed7b8ba9e09708da8e2d38f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1853
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:01 GMT
Last-Modified: Thu, 29 Sep 2022 07:36:08 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 29 Sep 2022 06:41:09 GMT
expires: Thu, 29 Sep 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 5152
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c3da91f34812391491a0b02df83a7670
c1bb27bae663584e2b1af0632e291cb1b16475ec
604e15400aa4b851d27581040b17fc890d74bc9f7b6533c699dc682266fdc939
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c3da91f34812391491a0b02df83a7670
c1bb27bae663584e2b1af0632e291cb1b16475ec
604e15400aa4b851d27581040b17fc890d74bc9f7b6533c699dc682266fdc939
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash b6dd6c2835213a28d62a1e5f184fcd3a
ce115cc4894bd92621ddcc5c62b1da872e3e69c5
2f282958c87105a023ebfb011a6bf0fa351baa637503c03b45e41c1353636c8a
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:07:01 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1259090705%3A1664438821783605&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpmGQ_lzhaf1nsNFe4PLihc0GuzB5cXYXbAu0bGqoVxbCfrzyiVtkujiNuu2aLlZJ_GJuzzBg
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-dJCv7EyZKJKPWlbLbK0Ivw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:UkZSfazmZ8Z36kmWHklD7Ly7pBXa4g:hhNUa5tccs5IWdop;Path=/;Expires=Sat, 28-Sep-2024 08:07:01 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 399 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash df3d38d76eb075518ac094a39a89afb0
ab72b5d70be901935257cfd56e36e5e0c271e38b
3d7c39d9a6ee7d258602f496f8aa40b4ebec7c79a0c8519bfb5d356b49292702
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:07:01 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1930179641%3A1664438821802967&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrKl38HF8fb7Dyq06gzLmIApZeh1J9VG76qCu_cyBjIefaHEW1wHsHNjNlR7UA78sxrX7zgIg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-zL6-nTWPjiLhANo6DyUjnA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 399
server: GSE
set-cookie: __Host-GAPS=1:tDUWqzavdj9UwA0Y9l_wmwegwTctvw:DRNia284rQ0udvVC;Path=/;Expires=Sat, 28-Sep-2024 08:07:01 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7f6c1bbbde940ad17ceda150b7b1664d
7273da22f182d9540784068537cc678ec27800d3
4d8a6cd94e298a71543331248750230237a56a67cef251c7a204291612dbb569
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 366fbb58b56c6469840359066ae0ef4b
519ec2d019a3df15e1555ee7e9f784207f3ee604
4c03f3b3b06d0359ff6c3e72e91c39cb8f6e6406ed7b8ba9e09708da8e2d38f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1853
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:01 GMT
Last-Modified: Thu, 29 Sep 2022 07:36:08 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=j4bt217178pa237006160p4z5zdpl758
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=j4bt217178pa237006160p4z5zdpl758
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=j4bt217178pa237006160p4z5zdpl758 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 29 Sep 2022 08:07:01 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=j4bt217178pa237006160p4z5zdpl758
139.45.197.239200 OK 7 B URL HTTP/2 tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=j4bt217178pa237006160p4z5zdpl758
IP 139.45.197.239:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=j4bt217178pa237006160p4z5zdpl758 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 191
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=f38947934f4444f788d447cc96224d13; oaidts=1664438820
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:01 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 704d9c4e9025f11c403d9827c5533ef2
access-control-expose-headers: X-Sc
set-cookie: OAID=j4bt217178pa237006160p4z5zdpl758; expires=Fri, 29 Sep 2023 08:07:01 GMT; secure; SameSite=None
oaidts=1664438820; expires=Fri, 29 Sep 2023 08:07:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:07:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=338896,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7523390d1a6f0b4d-OSL
tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
139.45.197.239200 OK 133 kB URL HTTP/2 tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
IP 139.45.197.239:0
Size 133 kB (132736 bytes)
Hash bbb1f1ba2915b49c345bbbd8896a457a
5d6184d3736942aab220fa703caf5115f14818b4
b223267122f55d0bc6c33cde44812cc8ae89188090e87a8adc687f9c23ba2431
Analyzer Verdict Alert quad9 Sinkholed
GET /27/b7bd02994a2771796f8a835cfb750d4b HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=f38947934f4444f788d447cc96224d13; oaidts=1664438820
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:01 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 22 Sep 2022 08:42:06 GMT
expires: Thu, 22 Oct 2082 08:42:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=j4bt217178pa237006160p4z5zdpl758
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=j4bt217178pa237006160p4z5zdpl758
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 106bf92c9a59f16a56d3768f348074ec
d374b5c09e7c4098630c99391d350fbc4a6f87a3
178c90d9c514085b431708faf1e0f48c93c56ae7ee590cc8f390a2fd51ced0bf
GET /gid.js?userId=j4bt217178pa237006160p4z5zdpl758 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:02 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=j4bt217178pa237006160p4z5zdpl758; expires=Fri, 29 Sep 2023 08:07:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
waisheph.com/?rb=c5Tz6Igjl3aEwlWhonuWhdes0oXef_nS608l5PlcfGJClYAL6U7Ko6C0C47eyPF9r09MOJ3c4UrHdqf9nf_Loo6zb6qEMJBY5NOplrdCUYev2tP1RtELgXrt6s4FvZ3UklC2EwrB10Sr0s_kdEUtZ8S3Fj6dyUHtQ-Vn__bbq0EXGrXDaEmjIZRMgtS3YD2kvsNhrldUY-2xQJfMeiz7yGUw_Hw%3D&request_ab2=0&zoneid=535061&js_build=iclick-v1.431.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.431.0&bs=36a99847-bfa5-4153-b6be-c4cd19851632&userId=j4bt217178pa237006160p4z5zdpl758&m=link
139.45.197.245200 OK 14 kB URL HTTP/2 waisheph.com/?rb=c5Tz6Igjl3aEwlWhonuWhdes0oXef_nS608l5PlcfGJClYAL6U7Ko6C0C47eyPF9r09MOJ3c4UrHdqf9nf_Loo6zb6qEMJBY5NOplrdCUYev2tP1RtELgXrt6s4FvZ3UklC2EwrB10Sr0s_kdEUtZ8S3Fj6dyUHtQ-Vn__bbq0EXGrXDaEmjIZRMgtS3YD2kvsNhrldUY-2xQJfMeiz7yGUw_Hw%3D&request_ab2=0&zoneid=535061&js_build=iclick-v1.431.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.431.0&bs=36a99847-bfa5-4153-b6be-c4cd19851632&userId=j4bt217178pa237006160p4z5zdpl758&m=link
IP 139.45.197.245:0
Hash 4e1089d9967a110ae3709aebc238240c
965b83bd8c9598360c8ed1e250398d3143c962c1
f36fbeb82138fddd84a8d4009fbab1a0cd0c845a251a93cf431a5e3fa2713bbf
GET /?rb=c5Tz6Igjl3aEwlWhonuWhdes0oXef_nS608l5PlcfGJClYAL6U7Ko6C0C47eyPF9r09MOJ3c4UrHdqf9nf_Loo6zb6qEMJBY5NOplrdCUYev2tP1RtELgXrt6s4FvZ3UklC2EwrB10Sr0s_kdEUtZ8S3Fj6dyUHtQ-Vn__bbq0EXGrXDaEmjIZRMgtS3YD2kvsNhrldUY-2xQJfMeiz7yGUw_Hw%3D&request_ab2=0&zoneid=535061&js_build=iclick-v1.431.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.431.0&bs=36a99847-bfa5-4153-b6be-c4cd19851632&userId=j4bt217178pa237006160p4z5zdpl758&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Cookie: OAID=f09a17e412ff4ffe928fc807f1777b8f; oaidts=1664438820
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:01 GMT
content-type: application/json
x-trace-id: bbfaffbe6edc9f1bf7280e9e0500ac33
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=j4bt217178pa237006160p4z5zdpl758; expires=Fri, 29 Sep 2023 08:07:01 GMT; path=/; secure; SameSite=None
oaidts=1664438821; expires=Fri, 29 Sep 2023 08:07:01 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 06 Oct 2022 08:07:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
andamafraidt.xyz/multi?cs=ZmZ3N3VWUk4BR1JQQgFNUlRCBU0&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=177778533612623&agec=1664438820&fs=1&mbkb=800&ref=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_6FZV=1664438818331&crc=1
54.230.111.8200 OK 1.5 kB URL HTTP/2 andamafraidt.xyz/multi?cs=ZmZ3N3VWUk4BR1JQQgFNUlRCBU0&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=177778533612623&agec=1664438820&fs=1&mbkb=800&ref=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_6FZV=1664438818331&crc=1
IP 54.230.111.8:0
File type ASCII text, with very long lines (3183), with no line terminators
Hash a1b19a9230d4f0a042e2098dce234ea3
ef50dfbddc05144e929a144b6d4f143ea99d5d77
2b797713ce3d6cfe44d23e0713d89826b325de89671eb7c60c07bf116524d701
GET /multi?cs=ZmZ3N3VWUk4BR1JQQgFNUlRCBU0&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=177778533612623&agec=1664438820&fs=1&mbkb=800&ref=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_6FZV=1664438818331&crc=1 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1508
date: Thu, 29 Sep 2022 08:07:02 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=bf72f0d1-59ab-4a91-946b-781ef4596f32
csu=177778533612623
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: y9-_S3QHaea5uidSNjRZ8c8xf7GfVk6lxHe3Pj_V0DL9DxDKXNaPWw==
X-Firefox-Spdy: h2
goomaphy.com/impression/-KWCRW9K8_K9wpjjUAwB9yHa-Es4i-O-3mnSAXjzY4dAFmXJVPUMGd2QYvrEDzcCsEqqldUVCANTA-0mALzZjlCDeUyGNJaVJ5rBlABNwRROHHjdf1Akpdq5_a3Jt18YfxhDc-cM-ya98GIrW_Q8bdjgjGt3cGBhRpi967NYOLwUyYmNajrnUPya248_y41xSDYVDDUZ0zUJFqReKjnOrahvVvFqocgMmocQlOJI6qNwasVn_qMBqfXkrjUX0veSmHFTH1bT9Q65NLtwJg6LDe6Pa6SvkPvismbX3F2sM5ofABra9Qdi55TLWUlrFg1Lck86MRCCI_jtT725iw409uiJ8TSeax5jDCUZZNAvjMWFeOdkEbRAhGzPQbxN-_NPcnqazXJygDtbOqh_GD-8VoYgET_hbXoE94Q7XN8_2b3dp57dupZbNWIyP2WyF4Jg29E3nknJbJEY_7EPeqW0Sukopv5AjTVFRPFzqP-fasiyLVM6sXCZaknsHfGDClXQ3HHF-2SByncBd6hK-WvEea5NbtRi6ePR_zGSvU8owq9TimWniSJlpBEA4icitJasuOnyRhTYu5bGrppYuwljTkzfMiW0h1nz?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 goomaphy.com/impression/-KWCRW9K8_K9wpjjUAwB9yHa-Es4i-O-3mnSAXjzY4dAFmXJVPUMGd2QYvrEDzcCsEqqldUVCANTA-0mALzZjlCDeUyGNJaVJ5rBlABNwRROHHjdf1Akpdq5_a3Jt18YfxhDc-cM-ya98GIrW_Q8bdjgjGt3cGBhRpi967NYOLwUyYmNajrnUPya248_y41xSDYVDDUZ0zUJFqReKjnOrahvVvFqocgMmocQlOJI6qNwasVn_qMBqfXkrjUX0veSmHFTH1bT9Q65NLtwJg6LDe6Pa6SvkPvismbX3F2sM5ofABra9Qdi55TLWUlrFg1Lck86MRCCI_jtT725iw409uiJ8TSeax5jDCUZZNAvjMWFeOdkEbRAhGzPQbxN-_NPcnqazXJygDtbOqh_GD-8VoYgET_hbXoE94Q7XN8_2b3dp57dupZbNWIyP2WyF4Jg29E3nknJbJEY_7EPeqW0Sukopv5AjTVFRPFzqP-fasiyLVM6sXCZaknsHfGDClXQ3HHF-2SByncBd6hK-WvEea5NbtRi6ePR_zGSvU8owq9TimWniSJlpBEA4icitJasuOnyRhTYu5bGrppYuwljTkzfMiW0h1nz?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/-KWCRW9K8_K9wpjjUAwB9yHa-Es4i-O-3mnSAXjzY4dAFmXJVPUMGd2QYvrEDzcCsEqqldUVCANTA-0mALzZjlCDeUyGNJaVJ5rBlABNwRROHHjdf1Akpdq5_a3Jt18YfxhDc-cM-ya98GIrW_Q8bdjgjGt3cGBhRpi967NYOLwUyYmNajrnUPya248_y41xSDYVDDUZ0zUJFqReKjnOrahvVvFqocgMmocQlOJI6qNwasVn_qMBqfXkrjUX0veSmHFTH1bT9Q65NLtwJg6LDe6Pa6SvkPvismbX3F2sM5ofABra9Qdi55TLWUlrFg1Lck86MRCCI_jtT725iw409uiJ8TSeax5jDCUZZNAvjMWFeOdkEbRAhGzPQbxN-_NPcnqazXJygDtbOqh_GD-8VoYgET_hbXoE94Q7XN8_2b3dp57dupZbNWIyP2WyF4Jg29E3nknJbJEY_7EPeqW0Sukopv5AjTVFRPFzqP-fasiyLVM6sXCZaknsHfGDClXQ3HHF-2SByncBd6hK-WvEea5NbtRi6ePR_zGSvU8owq9TimWniSJlpBEA4icitJasuOnyRhTYu5bGrppYuwljTkzfMiW0h1nz?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fzv5qzs1a4ca9%2FHoward%2520the%2520Duck%2520013-026%2520(1977-1978).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=j4bt217178pa237006160p4z5zdpl758
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:05 GMT
content-type: image/gif
content-length: 43
x-trace-id: d44b4993775ea6f47acba510a94fb394
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3e9d3eab1fba386c4fdf3af9a757cfa9
b50127a1072c95ed71110b07dd58eab72747e6f8
869e09d135cff97a1073e32fa1808d0068195421369d138ad6bba86cfef18091
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3e9d3eab1fba386c4fdf3af9a757cfa9
b50127a1072c95ed71110b07dd58eab72747e6f8
869e09d135cff97a1073e32fa1808d0068195421369d138ad6bba86cfef18091
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pogothere.xyz/asd100.bin
172.64.198.35200 OK 104 kB IP 172.64.198.35:0
Size 104 kB (104034 bytes)
Hash 451f48b7504f8a2d66320fdf01b4a5d3
e5196fe7bcb2c4e770e4df003986eee572967d47
371ad54c526e2dd9e2bd24e1256f79b0ba9a126a56a1ca526ed8d8106c9a3380
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5483
last-modified: Thu, 29 Sep 2022 06:35:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yt9EmtOhSu9cNnTxfVPyrvIfcRmFEouctNCpiKH4AB7Ajq5gbnNcbPl8quP2nuVK4sZa4J9mjtcAjCZ1OZky1DPTnNefg5%2B%2BLjlH0FkqRiCm0t%2FTSsuAtVXB7nreqkQU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752339052ac78865-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 45177
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 45177
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:07:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tzegilo.com/stattag.js
172.67.194.45200 OK 0 B IP 172.67.194.45:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 979
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykCAhim7kS0lieRUbdk%2BqLw3oWQ2s4ZxJsy4KieGqzCDbrcL%2Fp4iWq18JI%2BxreknW%2FQ2cJzIpgVVBwgczgRaBOCOrREYZ9OV5EarwgQU8EIkHdL9Z671OcZn%2Baj%2BsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752339059d390b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5483
last-modified: Thu, 29 Sep 2022 06:35:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eaUQCB6JeliTmpr%2BrZQwPTcMj6MweA18B5HR27ilcKoVumMH0TpZYloAL%2F1GKXC%2B12GGI9aWXpGkFWCFBUMEfYRlga%2B5nxxCfronYPWBPgf61KEO2Mov3ImwUILm2Xto"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233904fa788865-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waisheph.com/5/535061/?oo=1&aab=1
139.45.197.245200 OK 0 B URL HTTP/2 waisheph.com/5/535061/?oo=1&aab=1
IP 139.45.197.245:0
GET /5/535061/?oo=1&aab=1 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: application/json
x-trace-id: 0deac0048287862ba1bf5d5c3ec01949
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=f09a17e412ff4ffe928fc807f1777b8f; expires=Fri, 29 Sep 2023 08:07:00 GMT; path=/; secure; SameSite=None
oaidts=1664438820; expires=Fri, 29 Sep 2023 08:07:00 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1930179641%3A1664438821802967&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrKl38HF8fb7Dyq06gzLmIApZeh1J9VG76qCu_cyBjIefaHEW1wHsHNjNlR7UA78sxrX7zgIg
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1930179641%3A1664438821802967&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrKl38HF8fb7Dyq06gzLmIApZeh1J9VG76qCu_cyBjIefaHEW1wHsHNjNlR7UA78sxrX7zgIg
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S1930179641%3A1664438821802967&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrKl38HF8fb7Dyq06gzLmIApZeh1J9VG76qCu_cyBjIefaHEW1wHsHNjNlR7UA78sxrX7zgIg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:07:01 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-VTtIwv0GZfkt5SKWnpu5Tg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=LAZzBPWhWaKldAW2U0zH-h1bMS9uoyxSH_DXdNQ4vwbiAj4AWdO4rYqhsbvTRxS1DheWyZEfAAhGgMtXt4KgLx1VPRBDRnlK-KdYdWTCzZDOA7_MsPjxlAqEsrJReVEClkrUx7zp0-NAKHVAR-316XpCoX-C5sM5dB3GU85YfaM; expires=Fri, 31-Mar-2023 08:07:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5483
last-modified: Thu, 29 Sep 2022 06:35:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hcHEtWmZwobW7auebuuRxbEDYV5PM3Y2%2BlsRTid1l6psQpnRR9S0pdlGgdluyyx%2FuudfFOnkOdVkErk%2F0TssPe783QdHRRzcNnxyYMjBlbVC76fSuMbjEGdZDl3x%2FfRY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75233904fa758865-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.198.35200 OK 0 B IP 172.64.198.35:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: text/plain
set-cookie: csu=494233229434349@1@1664438820; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BcDsdCMe%2BgKNHQbz6To%2BYZFf7axBkrZedsi5ExsrgZGV4GRGVRqB2uXBf4X6K%2FDtRULW5ly0nKWtp%2F0XJrZJx5nzWr4waiQuNw2L3YllqZi2QDSuMCeTXJr0k8PPLMPh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75233904fa718865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=2582807
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/1?z=2582807
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=2582807 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: d2ea0f1b4cf76a2f383cb6c8cdeaad53
access-control-expose-headers: X-Sc
x-sc: FvbuYCHB8BmrokbeP-T_q5XFuTvkTddpobHVeF0IB_MOOeBnEUQVjYm6OC3NedGWY-2bTYx48FkcrPlE65E7itgOB0E=
set-cookie: scm=1; expires=Fri, 29 Sep 2023 08:07:00 GMT; secure; SameSite=None
OAID=f38947934f4444f788d447cc96224d13; expires=Fri, 29 Sep 2023 08:07:00 GMT; secure; SameSite=None
oaidts=1664438820; expires=Fri, 29 Sep 2023 08:07:00 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
216.58.211.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP 216.58.211.10:0
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 08:07:05 GMT
date: Thu, 29 Sep 2022 08:07:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
goomaphy.com/401/4859604
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4859604 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: application/javascript
x-trace-id: a63a5c128e3d00acbe90c7b59a52ccd7
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=b6bdfd67fd5344608c28349658d5775b; expires=Fri, 29 Sep 2023 08:07:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1259090705%3A1664438821783605&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpmGQ_lzhaf1nsNFe4PLihc0GuzB5cXYXbAu0bGqoVxbCfrzyiVtkujiNuu2aLlZJ_GJuzzBg
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1259090705%3A1664438821783605&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpmGQ_lzhaf1nsNFe4PLihc0GuzB5cXYXbAu0bGqoVxbCfrzyiVtkujiNuu2aLlZJ_GJuzzBg
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S1259090705%3A1664438821783605&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpmGQ_lzhaf1nsNFe4PLihc0GuzB5cXYXbAu0bGqoVxbCfrzyiVtkujiNuu2aLlZJ_GJuzzBg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:07:01 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-4lbuKfmMifuOegOtPZZmLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=qksvL-bdEnubJvgYNcTlPaaTQd0zgZJNkVkV0xPbGKhsW0-oZITwFJ5mFn0ARf5GuwqjjNxmQ8dP3m4Dm9JRUeKXRogzmS6caMHsowG4yDTbDblm436AAMQz9ZHHJ1kuFVsgDMOJ_xvtl0tcUkAjRb2yTis6XE-yzDmh3qahmFs; expires=Fri, 31-Mar-2023 08:07:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
userscloud.com/zv5qzs1a4ca9/Howard%20the%20Duck%20013-026%20(1977-1978).zip
104.21.69.102200 OK 0 B URL HTTP/2 userscloud.com/zv5qzs1a4ca9/Howard%20the%20Duck%20013-026%20(1977-1978).zip
IP 104.21.69.102:0
GET /zv5qzs1a4ca9/Howard%20the%20Duck%20013-026%20(1977-1978).zip HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:07:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Wed, 28 Sep 2022 08:07:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: BYPASS
set-cookie: lang=english; domain=.userscloud.com; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RixSwmyjtGhz6jnXpxcZlyvOFDbzyiQJbWico%2BpKNbzFAuY5Efp9EB%2FMy6MNyaZVreS8o15WxRamlv8h8VazM6cChX3Ueo5rejlWZBd13LHTNQFV6NTly%2F9eCsRU%2BCCb6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338f97f21b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2