userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip
172.67.207.105301 Moved Permanently 0 B URL HTTP/1.1 userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip
IP 172.67.207.105:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 29 Sep 2022 08:06:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 29 Sep 2022 09:06:47 GMT
Location: https://userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lQz7Mi0EqCwSjJCUTiysdTrLznR0rHmc%2FcElt5jLtxQGCzeY24ZgJj4vWi7eToBTgrIEspiOinTpTZfDBZKT9rzWKzQxvm1mT58Gky0wcSR4FguPxqmowCHg5zt9sKSWjA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 752338b09c600af6-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 07:15:52 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: an9SJN6Pq56nfijjjHJFRr9GLrCZlfMchuevqLYJquk4tuNZH6iRmg==
Age: 3055
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6dd4587c98aef98ad0939030a6976a7f
92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e
a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15958
Expires: Thu, 29 Sep 2022 12:32:45 GMT
Date: Thu, 29 Sep 2022 08:06:47 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zDUnVxVZQA6gWLcXZb92npxEpXZbWagKZ8EB_eVfWEM1wLjVnfZ4-Q==
age: 9500
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5e9b0c86817a4d5d89c920b7ed85057b
a248e3a32ab059434400ee945c7b8f4fedb83ffe
b140486f05a6e21ab6193259a40f65734ac7ecb7be043c26977cd5e77388f19c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:47 GMT
Server: ECS (amb/6B7A)
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 07:29:33 GMT
Expires: Thu, 29 Sep 2022 07:40:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FIlBBJvizIzzrRRTIb7l7hvBo10SAAne9-ntOvnFUsKQs1YsbRUhPA==
Age: 2234
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3526d5ce1381ba26cbc553db057e1915
fe01c920696448e8bf12e6fff877bce8281d34a2
09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5875
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:47 GMT
Last-Modified: Thu, 29 Sep 2022 06:28:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.70.239.215101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.70.239.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8C870gANkGSgSKVsDTOdjg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kAN5ZQE9hod0/qZEDGMz9vkxa8Q=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5e9b0c86817a4d5d89c920b7ed85057b
a248e3a32ab059434400ee945c7b8f4fedb83ffe
b140486f05a6e21ab6193259a40f65734ac7ecb7be043c26977cd5e77388f19c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:48 GMT
Last-Modified: Thu, 29 Sep 2022 08:06:47 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 5fb614248794197f9b905b9acd612902
b5e0d092b74950353d30358d2622d78aeeb3997d
b86b06492883380617b0bd30a1339bf3ec8dcfcecbc2adffbf4e114022123d46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3134
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:49 GMT
Last-Modified: Thu, 29 Sep 2022 07:14:35 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip
172.67.207.105200 OK 230 kB URL HTTP/2 userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip
IP 172.67.207.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (64106)
Size 230 kB (229788 bytes)
Hash c73056da22d98d5c36308fa0bb742b7c
b97c29e14af07ce12c1821058f67cfa63e6471ca
3827b5618cd02941dbd293d9db44358c458179fde889c557a1a0d1443e5551a6
GET /umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Wed, 28 Sep 2022 08:06:48 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: BYPASS
set-cookie: lang=english; domain=.userscloud.com; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVssHwyCSEYynXefpJ%2FV0dGZGR%2B1DNxWi4GAEdkp1ELdwsd%2Fk2YRhIdZei12kkkK8RBdTeSGhGwU158IEd0q6w968ePup0te7ZwSf7WNbocZku0xdbqk%2F5TjPJ70nmEsJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338b37f440af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 75eebff373cf84ae810a9e326f9e3d03
a5b22b0eee98dda385cb4e90d119205bc5f3a25f
f2089c63c7c2b3024972aba8cbc12dfcffc79dfc1ef9f7be801c79e7737b0d71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
104.18.47.230200 OK 48 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 104.18.47.230:0
Hash 1c2cc8f955619a04fde20687c9fe83bc
c5616d0a5ebfcfca77882185abbadf50d6d0c910
c5e1470601d4aeada5a123e02df1e8ea15fdcecd8f2783abe300bf4da62d102c
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bd0d16b527-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fd469409720ae819039ee786fc14c04b
28408757f0a13a499e07e44141ba192aec9ec32d
3e9af4878804bf34e63d54de0cd2b6eb9e690880f619a69ee2705ec61b7eb5ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E9AF4878804BF34E63D54DE0CD2B6EB9E690880F619A69EE2705EC61B7EB5EC"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14347
Expires: Thu, 29 Sep 2022 12:05:56 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 75eebff373cf84ae810a9e326f9e3d03
a5b22b0eee98dda385cb4e90d119205bc5f3a25f
f2089c63c7c2b3024972aba8cbc12dfcffc79dfc1ef9f7be801c79e7737b0d71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10014
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10014
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
andamafraidt.xyz/utx?cb=IVFWKNDhSCby&top=userscloud.com&tid=600304
54.230.111.39204 No Content 9.7 kB URL HTTP/2 andamafraidt.xyz/utx?cb=IVFWKNDhSCby&top=userscloud.com&tid=600304
IP 54.230.111.39:0
Hash 370a048378766a2a5e262c2214dd1aa8
1de92fb3d7fd6053157b75a48e6f04b052ddbae5
08382ec495ab55e64ddfaa4191682182ad59b86f406d974ff0bd12d33215091f
GET /utx?cb=IVFWKNDhSCby&top=userscloud.com&tid=600304 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:49 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ciwDFxL0WinYfEKiOhf7zDZdFW6n0sYNtWVx0Nxj0hzOsaK12Ifyqw==
X-Firefox-Spdy: h2
andamafraidt.xyz/Y0JDUmECICA/XgJ/IXQUES5+d1MlZ3EUBVIoNCIFUnMsNAkHdyR8Ag8tNjYHES0tJk8NJzd3UyUVITw3DBgEai8kJRoRNCEtIBYnDxgbOTcBFAUmKCs6MB4gMXcKHgsmFAkHMAcHK2orMgd3AycyMgoFJCoGByoSMxUWOS0kNTcIOQglFhYgOREUPiwABAITJzADFjYgMiEZFTMuIAEQBSwHEmc1JAMgNyMECxkRNCUmCBcjJBQGIgIxFwIxOQ97EgUYOQkbFzQmBhIXAycXcgU5GxgNCgsXGBQ+IwEIKCICMRAsATIPcnMHNykAGz4ZLRQvaismA24hMSIHNxotDxglClE1GxUEWAUXBSI0IBMgGiUyCwIUDSEjCj47OhVyOiIkLg0XRwkxLDwRXgQWKCpSNzUiBlY
54.230.111.39200 OK 1.2 kB URL HTTP/2 andamafraidt.xyz/Y0JDUmECICA/XgJ/IXQUES5+d1MlZ3EUBVIoNCIFUnMsNAkHdyR8Ag8tNjYHES0tJk8NJzd3UyUVITw3DBgEai8kJRoRNCEtIBYnDxgbOTcBFAUmKCs6MB4gMXcKHgsmFAkHMAcHK2orMgd3AycyMgoFJCoGByoSMxUWOS0kNTcIOQglFhYgOREUPiwABAITJzADFjYgMiEZFTMuIAEQBSwHEmc1JAMgNyMECxkRNCUmCBcjJBQGIgIxFwIxOQ97EgUYOQkbFzQmBhIXAycXcgU5GxgNCgsXGBQ+IwEIKCICMRAsATIPcnMHNykAGz4ZLRQvaismA24hMSIHNxotDxglClE1GxUEWAUXBSI0IBMgGiUyCwIUDSEjCj47OhVyOiIkLg0XRwkxLDwRXgQWKCpSNzUiBlY
IP 54.230.111.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash 9242a79d42e00727443bbccffe9aa641
26d1986c23dbac8951a59933c072dfeeb3f7ca28
ce8166e51b781ecb5f823b47ebd4e6d4597374e0b81ca4f352c1b215ac3b19d6
GET /Y0JDUmECICA/XgJ/IXQUES5+d1MlZ3EUBVIoNCIFUnMsNAkHdyR8Ag8tNjYHES0tJk8NJzd3UyUVITw3DBgEai8kJRoRNCEtIBYnDxgbOTcBFAUmKCs6MB4gMXcKHgsmFAkHMAcHK2orMgd3AycyMgoFJCoGByoSMxUWOS0kNTcIOQglFhYgOREUPiwABAITJzADFjYgMiEZFTMuIAEQBSwHEmc1JAMgNyMECxkRNCUmCBcjJBQGIgIxFwIxOQ97EgUYOQkbFzQmBhIXAycXcgU5GxgNCgsXGBQ+IwEIKCICMRAsATIPcnMHNykAGz4ZLRQvaismA24hMSIHNxotDxglClE1GxUEWAUXBSI0IBMgGiUyCwIUDSEjCj47OhVyOiIkLg0XRwkxLDwRXgQWKCpSNzUiBlY HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1168
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MeVAXwY0nT33IAjcgWvWHVxWtSzpAAUWsVWkLuDryaNbIF9YqaIItA==
X-Firefox-Spdy: h2
esathyaspsu.xyz/Z29Bdm5IUCIFUzIqLkIgIykoFQkQLQMxLEJdAzcvVy0YLl43LhA7SBMGJUtYV19yRlpBHygSU1ZJMgIPExoyS19BBi8QAVpJN0tfSVx1WFxeQXFQG1peZwIeBgh8R0gXGzUaU1ZZd0JaVFd5RlhSWHY
172.67.181.17204 No Content 0 B URL HTTP/2 esathyaspsu.xyz/Z29Bdm5IUCIFUzIqLkIgIykoFQkQLQMxLEJdAzcvVy0YLl43LhA7SBMGJUtYV19yRlpBHygSU1ZJMgIPExoyS19BBi8QAVpJN0tfSVx1WFxeQXFQG1peZwIeBgh8R0gXGzUaU1ZZd0JaVFd5RlhSWHY
IP 172.67.181.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Z29Bdm5IUCIFUzIqLkIgIykoFQkQLQMxLEJdAzcvVy0YLl43LhA7SBMGJUtYV19yRlpBHygSU1ZJMgIPExoyS19BBi8QAVpJN0tfSVx1WFxeQXFQG1peZwIeBgh8R0gXGzUaU1ZZd0JaVFd5RlhSWHY HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b7Jv0sbFJ4rGmpW8wuB1Mhm3O1usbPkTabv4ATXLq7WEtNR3shnpxD8HJgDIx7t43HjGOSOL5EEn815vQUNNJCl%2BauEwGsWyB14HQH%2FH4%2FhfBJ3MUSQhsxlfBfcs9Yuh%2FiI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338be8ffdb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10014
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
andamafraidt.xyz/utx?cb=6HZf2A2Qivpi&top=userscloud.com&tid=708052
54.230.111.39204 No Content 0 B URL HTTP/2 andamafraidt.xyz/utx?cb=6HZf2A2Qivpi&top=userscloud.com&tid=708052
IP 54.230.111.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6HZf2A2Qivpi&top=userscloud.com&tid=708052 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:49 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kZQ2LPmyGdRDOfw3r4HGkxnfhIy4wUHiJmIPZjmhWPM6HqXqs3Xuzg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1a90308f30edbff6584ae7bf93b58a08
c2bf8321e1b5809f2501af0b20ba3189cadd2c75
b9afde96e2623a1f2f75b435027e2e8d686ec7c07cac397755f4695b412e9f82
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9AFDE96E2623A1F2F75B435027E2E8D686EC7C07CAC397755F4695B412E9F82"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13924
Expires: Thu, 29 Sep 2022 11:58:53 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1a90308f30edbff6584ae7bf93b58a08
c2bf8321e1b5809f2501af0b20ba3189cadd2c75
b9afde96e2623a1f2f75b435027e2e8d686ec7c07cac397755f4695b412e9f82
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9AFDE96E2623A1F2F75B435027E2E8D686EC7C07CAC397755F4695B412E9F82"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13924
Expires: Thu, 29 Sep 2022 11:58:53 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
andamafraidt.xyz/QUd3UmUgJRQ/WiB6FXQQMytKd1cHYkUUAXAtACIBcHYYNA0lchB8Bi0oAjYDMygZJksvIgN3VwcqLTg3EyUxEyMWPU8ZBzkNExwzBykhNR0pECAYJBkuPhY1KR49FDYqdzZiLCwBNgg0GC8EBD8UBTYZEikzIToseAMjZicCHxQYNSYSPQsgLj82Pj8yED8LNhMDQxoHEDM5AhIUfzFiKC0FHRgkEBM1ADUQKzgdJAB/NSojKwwaBCwDDyU3PARyOgsjcHYhCj9xHxoTLhkTTwguBAowCzcTKCIVES8QPwQzJSklNzwDFTQ2I3kVLyUvZHUxCi0tAzU/SAQLOQMzJxccPgwIBi06PRYFIBAyByMTBDQECQAHDAB2PndXAwE/BDAiKh8zAy0eJBgjBy9ROBYuKQdvIQQjEiQSORFBBC84cg
54.230.111.39200 OK 1.2 kB URL HTTP/2 andamafraidt.xyz/QUd3UmUgJRQ/WiB6FXQQMytKd1cHYkUUAXAtACIBcHYYNA0lchB8Bi0oAjYDMygZJksvIgN3VwcqLTg3EyUxEyMWPU8ZBzkNExwzBykhNR0pECAYJBkuPhY1KR49FDYqdzZiLCwBNgg0GC8EBD8UBTYZEikzIToseAMjZicCHxQYNSYSPQsgLj82Pj8yED8LNhMDQxoHEDM5AhIUfzFiKC0FHRgkEBM1ADUQKzgdJAB/NSojKwwaBCwDDyU3PARyOgsjcHYhCj9xHxoTLhkTTwguBAowCzcTKCIVES8QPwQzJSklNzwDFTQ2I3kVLyUvZHUxCi0tAzU/SAQLOQMzJxccPgwIBi06PRYFIBAyByMTBDQECQAHDAB2PndXAwE/BDAiKh8zAy0eJBgjBy9ROBYuKQdvIQQjEiQSORFBBC84cg
IP 54.230.111.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash 809a7e67ab9c56d5277de4759ca2b85e
f525a1c8753bcbea6ccfb0dca4415822c93a05d8
b3290d4ea054b555dd15ed546faf432ada4bbbfeaae8edc8e6da4d6f925e4435
GET /QUd3UmUgJRQ/WiB6FXQQMytKd1cHYkUUAXAtACIBcHYYNA0lchB8Bi0oAjYDMygZJksvIgN3VwcqLTg3EyUxEyMWPU8ZBzkNExwzBykhNR0pECAYJBkuPhY1KR49FDYqdzZiLCwBNgg0GC8EBD8UBTYZEikzIToseAMjZicCHxQYNSYSPQsgLj82Pj8yED8LNhMDQxoHEDM5AhIUfzFiKC0FHRgkEBM1ADUQKzgdJAB/NSojKwwaBCwDDyU3PARyOgsjcHYhCj9xHxoTLhkTTwguBAowCzcTKCIVES8QPwQzJSklNzwDFTQ2I3kVLyUvZHUxCi0tAzU/SAQLOQMzJxccPgwIBi06PRYFIBAyByMTBDQECQAHDAB2PndXAwE/BDAiKh8zAy0eJBgjBy9ROBYuKQdvIQQjEiQSORFBBC84cg HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pjePB1Vh4uEtqePvbefpqFz-IuyenGE593NW8Jwvdso3wJQCsvyS2Q==
X-Firefox-Spdy: h2
esathyaspsu.xyz/VVFBeVF6biIKbAAGFw81Ox8pLGAxExM+BwAHKisQD2APGgAAHGcNODFsdklpZWRzXyE8NXxLaHMiNRglICJ8SHc8PycWbHMnfEh/ZX93SX9ldzREYHMlMRg2aGBnCSUhPXxIZ2NldUppbWF3T2Bt
172.67.181.17204 No Content 0 B URL HTTP/2 esathyaspsu.xyz/VVFBeVF6biIKbAAGFw81Ox8pLGAxExM+BwAHKisQD2APGgAAHGcNODFsdklpZWRzXyE8NXxLaHMiNRglICJ8SHc8PycWbHMnfEh/ZX93SX9ldzREYHMlMRg2aGBnCSUhPXxIZ2NldUppbWF3T2Bt
IP 172.67.181.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VVFBeVF6biIKbAAGFw81Ox8pLGAxExM+BwAHKisQD2APGgAAHGcNODFsdklpZWRzXyE8NXxLaHMiNRglICJ8SHc8PycWbHMnfEh/ZX93SX9ldzREYHMlMRg2aGBnCSUhPXxIZ2NldUppbWF3T2Bt HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0hj8JAxGMntCNqLoeDAZ6ReiqohIYeovXtSnDxmjDja1HvwfVLEY%2F9XOlf5SBaJ8eePX4jZyCxr%2FbaKPJgIE2Wb%2BO02lmOAOnHaIMGNjRmQSy8I1QWQjcGsMoLOcAaT%2BOBY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338beb82cb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
andamafraidt.xyz/UGpZVHMxCDo5TDFXO3IGIgZkcUEWT2sSF2EALiQXYVs2Mhs0Xz56EDwFLDAVIgU3IF0+Dy1xQRYLDgA1Cjw1P0UIADojKTlbAAQkJAI4FRc3Mw4kVmIsDi0cZSQgPz4VAC5jPBUNbRAEOwAbECICKQ03NR4EGCA6YTwyDh1oWwwQECgwEW0mHhAPPxISCW0ZGSQBGwxLOSENDhIKLiozPWENaB4KZB4OLgcnJh0zPh4uMj4+FlpoGkAoGD1mC2QLASM3MTJtPBIRKGEOISRSGGYYZicdMDYZMhcmEgUGMQ0yChwbDAs8LWojNzE5CCIVESMANkFpWRgMXhIQOGYfBzodAQoeAgsmNhceKRU0PAc4ExgRDB4GAwBbPiY+KlJrBysoARFmMhgOaw5WYiwVFQs/TDMnHD4aZB8ZMgsgNSoAEGw5NAAEbTs
54.230.111.39200 OK 1.2 kB URL HTTP/2 andamafraidt.xyz/UGpZVHMxCDo5TDFXO3IGIgZkcUEWT2sSF2EALiQXYVs2Mhs0Xz56EDwFLDAVIgU3IF0+Dy1xQRYLDgA1Cjw1P0UIADojKTlbAAQkJAI4FRc3Mw4kVmIsDi0cZSQgPz4VAC5jPBUNbRAEOwAbECICKQ03NR4EGCA6YTwyDh1oWwwQECgwEW0mHhAPPxISCW0ZGSQBGwxLOSENDhIKLiozPWENaB4KZB4OLgcnJh0zPh4uMj4+FlpoGkAoGD1mC2QLASM3MTJtPBIRKGEOISRSGGYYZicdMDYZMhcmEgUGMQ0yChwbDAs8LWojNzE5CCIVESMANkFpWRgMXhIQOGYfBzodAQoeAgsmNhceKRU0PAc4ExgRDB4GAwBbPiY+KlJrBysoARFmMhgOaw5WYiwVFQs/TDMnHD4aZB8ZMgsgNSoAEGw5NAAEbTs
IP 54.230.111.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3027), with no line terminators
Hash 5c9ffa6c38bbb4c7837f3ac87ed82209
af2b56fb7a4c400828ac7cdfb4d113820440cd01
5e6e9caaa7490a35b68ccca484499011516875a29781f0b65926b68e8acd92bd
GET /UGpZVHMxCDo5TDFXO3IGIgZkcUEWT2sSF2EALiQXYVs2Mhs0Xz56EDwFLDAVIgU3IF0+Dy1xQRYLDgA1Cjw1P0UIADojKTlbAAQkJAI4FRc3Mw4kVmIsDi0cZSQgPz4VAC5jPBUNbRAEOwAbECICKQ03NR4EGCA6YTwyDh1oWwwQECgwEW0mHhAPPxISCW0ZGSQBGwxLOSENDhIKLiozPWENaB4KZB4OLgcnJh0zPh4uMj4+FlpoGkAoGD1mC2QLASM3MTJtPBIRKGEOISRSGGYYZicdMDYZMhcmEgUGMQ0yChwbDAs8LWojNzE5CCIVESMANkFpWRgMXhIQOGYfBzodAQoeAgsmNhceKRU0PAc4ExgRDB4GAwBbPiY+KlJrBysoARFmMhgOaw5WYiwVFQs/TDMnHD4aZB8ZMgsgNSoAEGw5NAAEbTs HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1181
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xjk3Z7HvcFlwiPhcAm75wBSci2-7DxZ4nzqSn_GMUMG_gSUE23Z1Rw==
X-Firefox-Spdy: h2
esathyaspsu.xyz/cGlXUkVfVjQheCVZIwUmJhklNyg+LzYVBwoLZxQ3KjEZPhcdWXEmLBRUb2NzSV5kdDUZDWpgfFYaIzMxBRpqY2MZBzE9eFYfamNrQEdhYmtATyJvdFYdJzMiTVhxIjEEBWpjc0ZdY2F9SFlhZHZG
172.67.181.17204 No Content 0 B URL HTTP/2 esathyaspsu.xyz/cGlXUkVfVjQheCVZIwUmJhklNyg+LzYVBwoLZxQ3KjEZPhcdWXEmLBRUb2NzSV5kdDUZDWpgfFYaIzMxBRpqY2MZBzE9eFYfamNrQEdhYmtATyJvdFYdJzMiTVhxIjEEBWpjc0ZdY2F9SFlhZHZG
IP 172.67.181.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cGlXUkVfVjQheCVZIwUmJhklNyg+LzYVBwoLZxQ3KjEZPhcdWXEmLBRUb2NzSV5kdDUZDWpgfFYaIzMxBRpqY2MZBzE9eFYfamNrQEdhYmtATyJvdFYdJzMiTVhxIjEEBWpjc0ZdY2F9SFlhZHZG HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Da1QNkHfgCCCMIotfcWjYZw5vZUSCK15GIVFrsEXzoU3iZ0Emkt4lMFiltygjCbcNj%2FFV%2BunkghlOCLV%2FKKj8eCcLbYLIJB5n9ZQK5R%2F3oC5GxwgaJT4glt68kusZ6t1ZnU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338bec84bb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waisheph.com/tag.min.js
139.45.197.245200 OK 23 kB IP 139.45.197.245:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 55bfb65a45375a59df27572861a64783
2838cf8e3623bfbccf2618dac1495f992dae2b6c
9c86b08b70bf998cacd69539dbd479bfe6cc5f973cd514cd8c3f29c21092b5c1
GET /tag.min.js HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 22987
content-encoding: br
x-trace-id: c252d2723f6842b11f7c4152e85edcaa
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 28 Sep 2022 07:56:13 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2835
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
andamafraidt.xyz/utx?cb=wS6ujBeG7KIZ&top=userscloud.com&tid=816973
54.230.111.39204 No Content 0 B URL HTTP/2 andamafraidt.xyz/utx?cb=wS6ujBeG7KIZ&top=userscloud.com&tid=816973
IP 54.230.111.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=wS6ujBeG7KIZ&top=userscloud.com&tid=816973 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:49 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hhIUtmW5-FfKLg3-uWtpGsPzJLzEn-ZZDBZNeIJ78uEsOtIMTdGKUg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2835
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2835
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
tzegilo.com/stattag.js
104.21.84.149200 OK 20 kB IP 104.21.84.149:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Hash e506495f752652700386d76f00e71901
81bb93e65c682c3022c1e116ac203bface2426fc
97ac6d705ae33fb2f6b7124bb670c43fcff9c1cfd54e505cd855a75d0265421a
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 968
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xsDVPfo3Hh7LF7XhaFrUPEn3endDz9w3Z%2B%2BexA1uiuRht%2F%2FXIEgKxS1ue7Zl6U8g9w5PxvRdDGEtoZc1tjNR%2B6LGBUuTQTrl4%2FDHER3GeJ9FtJz6lujGXbnFzVVaeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bf8a26b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4505f57697072468da82e0b536d0d5b
e1067a2dfbc22e7eb196046d57bd1e17604dba75
b5e79054f165f38b99f93a8128284f82076523988aeb102b85dd8ff1a2870d00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10023
x-amzn-requestid: 0cb6b9a1-0707-4094-b197-5a0add2df717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK4dHJLIAMFWmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be9c-2d8bbb17157900f126c5bb3c;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wZ2hBqHAdwimAVV3p-CJFrb9zQ-CTN5ar9CB-cu0mZoENYUFTKKPWQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 22:04:58 GMT
age: 36111
etag: "e1067a2dfbc22e7eb196046d57bd1e17604dba75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg
34.120.237.76200 OK 3.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ac86079d2901fb11bfaff81d91bb2d2
4fc0699c763f67a2602b4b3f46b8b4013d2049c6
8c25b9129fc01f6ffad911994e91436ab0026ed0b54568757a20ab7f92584467
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3332
x-amzn-requestid: fb6cb616-5b4d-4aaf-a891-50b4de8b6f95
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJ_6AGNYIAMFSHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333e03f-377fe02d1cc7ad2b3a15ca1a;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 05:48:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nJJZxZlapt4k5988yU-V94pBBH2SmfSZ0Zb_oJXA07mppg0lF04wLg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 17:18:10 GMT
age: 53319
etag: "4fc0699c763f67a2602b4b3f46b8b4013d2049c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11594ce7500d8776bfd5162b17f87d72
72603efba82d649ce5a7a0ca45dc830c0d9ef012
511f5aa33750cd4a02cf3968bf165ffa521e77cb4fb7135b516d7ad14e8b9d01
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14073
x-amzn-requestid: 4ff72590-e28d-4d4b-af1a-4d62e75e3d66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKnpEsJoAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be30-38b014a25551aa0a2ab04ccf;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dyDhatfeYzzSQpRY7JpOIu3VhjlI8IOWcKCLCBWYaxJ1CYgCxqdQjA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:49:42 GMT
age: 37027
etag: "72603efba82d649ce5a7a0ca45dc830c0d9ef012"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36ae9444071dd70dcf86802c370ffda9
44cc19b21912d07f82a88af5b2fa6d3e370459bf
99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9654
x-amzn-requestid: 7961f184-9476-43de-bf35-8ccb50ee1760
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYsHA6oAMFvRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-05f567f7606462ac44f89987;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XaB4TwXv4xy0Sy3dncNYZWEPEnHY5BkEHR7fZDK59APYkzH9DPdT7A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:40 GMT
age: 13569
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c80d7ce8a9d3fba54855e05731db759c
d76293673a7aa2861b069ced614cdcdb84fed6d3
eabd1bfef29cad4045d688a909b9a8c88818d80bb432ce642d055583cf66d77d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9002
x-amzn-requestid: 0623931b-a4d6-49de-ba32-d071c08eddbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKoiGKRIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be36-1573e2e91c85617424db019f;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:50 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mmSMfKcxGrh9meSHTynf1wRZLrzc4wejFbKSO6qaJ3hn8h4-QwAAcQ==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:50:26 GMT
age: 36983
etag: "d76293673a7aa2861b069ced614cdcdb84fed6d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2f5989d4743444fc557dab6bf17a3a62
342d1dccc65999045ef7d3ac1933d4393431cf78
dda1c7a6542a0b3c0c9dafe943fb8fbd85e508e57150175b89222a45b650cd89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DDA1C7A6542A0B3C0C9DAFE943FB8FBD85E508E57150175B89222A45B650CD89"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4623
Expires: Thu, 29 Sep 2022 09:23:52 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive
d1jwpd11ofhd5g.cloudfront.net/aWTFZVlk6XjcwZi1YPWthaAdgYWp/Wyo5NykMEjw7OEg4DwkjBDQRCTcFNnAtI1VkZn81UDcxZH9UNzVkaBc4MjtkBX8iKTZaZDsgN1g1Jy4tWztwLDgMNDkjMF01N3xrd2x4aXwDaX4haAB8ZRt8A2k6MDdEIXNraUlhYAZvBXxlG3wDaSQvfAIYb293AX-Bza2lWPDUyNhRrEGtpAGlmaGkAfGRpP1grMz82SXxkH2AHd2Z/LAxo
143.204.42.138200 OK 458 B URL HTTP/2 d1jwpd11ofhd5g.cloudfront.net/aWTFZVlk6XjcwZi1YPWthaAdgYWp/Wyo5NykMEjw7OEg4DwkjBDQRCTcFNnAtI1VkZn81UDcxZH9UNzVkaBc4MjtkBX8iKTZaZDsgN1g1Jy4tWztwLDgMNDkjMF01N3xrd2x4aXwDaX4haAB8ZRt8A2k6MDdEIXNraUlhYAZvBXxlG3wDaSQvfAIYb293AX-Bza2lWPDUyNhRrEGtpAGlmaGkAfGRpP1grMz82SXxkH2AHd2Z/LAxo
IP 143.204.42.138:0
File type ASCII text, with very long lines (576), with no line terminators
Hash 7c2713c2ef08b4ed7f76b7501c81146d
cddf018400f3aaa95c6b38e3b1ac9003fd7b08a3
a8b19fccdd2e7a6e835ab18768f991d6b8f540f9d6f7b14d4bf82e3fbe409bfa
GET /aWTFZVlk6XjcwZi1YPWthaAdgYWp/Wyo5NykMEjw7OEg4DwkjBDQRCTcFNnAtI1VkZn81UDcxZH9UNzVkaBc4MjtkBX8iKTZaZDsgN1g1Jy4tWztwLDgMNDkjMF01N3xrd2x4aXwDaX4haAB8ZRt8A2k6MDdEIXNraUlhYAZvBXxlG3wDaSQvfAIYb293AX-Bza2lWPDUyNhRrEGtpAGlmaGkAfGRpP1grMz82SXxkH2AHd2Z/LAxo HTTP/1.1
Host: d1jwpd11ofhd5g.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 438
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RO1gx4FGWbaNSJCSNs7bMArj-gBTpy6XqwfyZcjK520s2iv5jQaR3g==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 103 kB IP 172.64.199.35:0
Size 103 kB (103166 bytes)
Hash 3c32cd478bd525ce21049658288b6ba2
1f119937ecfea63ec65bdaf42597de6228e69c95
90664a9ed648aa6da40a2b3bd855a308cbb8e20579c9a21ca053dc0e75dda4b6
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3379
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OT%2BhN2taBe1yQrkJlSjoY7qDEt9fOl3M7lVgpc765U8EHLah9EkR7%2BVHZkXEgqQOnNe55RpH4g%2B31afMI404CD0knnJKm%2B9ZtCc8xN2Ki4abp%2BlOus61Y1BRVsEHTyWm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bedb917705-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d1jwpd11ofhd5g.cloudfront.net/mZjRRbFAFWz8KbxJdNVFnVgxhWWJAXiIDPhYJFSk0A0ImFAZQYhsVZUBAKwhtVhI9DT4BCXcJPgUJYEoxAlZsWHYSRD4HbQtNPwU8F0MlBjJAQTBRPQlOOAA8BxFjKmVIBHReYE5MYF11VXZ0XmAKXT8ZKEMGYRRoUGtnWHVVdnReYBRCdF8RXwJ/XHlDBm-ELNQVfPkliIAZhXWBWBWFddVQENwUiA1I+FHVUcmhaflYSJFFh
143.204.42.138200 OK 446 B URL HTTP/2 d1jwpd11ofhd5g.cloudfront.net/mZjRRbFAFWz8KbxJdNVFnVgxhWWJAXiIDPhYJFSk0A0ImFAZQYhsVZUBAKwhtVhI9DT4BCXcJPgUJYEoxAlZsWHYSRD4HbQtNPwU8F0MlBjJAQTBRPQlOOAA8BxFjKmVIBHReYE5MYF11VXZ0XmAKXT8ZKEMGYRRoUGtnWHVVdnReYBRCdF8RXwJ/XHlDBm-ELNQVfPkliIAZhXWBWBWFddVQENwUiA1I+FHVUcmhaflYSJFFh
IP 143.204.42.138:0
File type ASCII text, with very long lines (589), with no line terminators
Hash ced9c0e7670e9891489093d2cd4ec48a
57a04a00465ee546599d6dcadbf01871afc91d0c
ab246e220a2d7e186e3297c87d237d63f001b33fdd11e23526c49e357bac35e1
GET /mZjRRbFAFWz8KbxJdNVFnVgxhWWJAXiIDPhYJFSk0A0ImFAZQYhsVZUBAKwhtVhI9DT4BCXcJPgUJYEoxAlZsWHYSRD4HbQtNPwU8F0MlBjJAQTBRPQlOOAA8BxFjKmVIBHReYE5MYF11VXZ0XmAKXT8ZKEMGYRRoUGtnWHVVdnReYBRCdF8RXwJ/XHlDBm-ELNQVfPkliIAZhXWBWBWFddVQENwUiA1I+FHVUcmhaflYSJFFh HTTP/1.1
Host: d1jwpd11ofhd5g.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 446
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8hS-xm0MabkA2UBpTwSbOOsBTpY4p0ZO5CZUE4H595i6RJPiFn9MAg==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:06:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=338908,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 752338c0daceb51d-OSL
my.rtmark.net/gid.js?userId=0da5edeb978a4f09b303b3df40a11ea1
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=0da5edeb978a4f09b303b3df40a11ea1
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash d6c541c8866a93186f041a8c29e8247c
61e3543262c564c7e62fd610c122965973614021
13d04d8e0c6d1dea75b0e43faac13cff10ae2042aae106f06faea07a5c456d43
GET /gid.js?userId=0da5edeb978a4f09b303b3df40a11ea1 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0da5edeb978a4f09b303b3df40a11ea1; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 008bb0f15929580c49beb48408615d01
a28e34ab71eea646efaf0a505a3bd07671bd6012
f612ef9519f2b8baad9918a77a873fb28c691518df1504fb32a47af79b8f7e18
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:06:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 00:52:20 GMT
Expires: Mon, 03 Oct 2022 00:52:19 GMT
Etag: "a28e34ab71eea646efaf0a505a3bd07671bd6012"
Cache-Control: max-age=318929,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 752338c0dbb9b515-OSL
tovanillitechan.com/42/38?z=2892518
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=2892518
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=2892518 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=b4ebca288d5049d1b0ad0853237822eb; oaidts=1664438809
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: fc7757ed8b7847d4b7d06aaa6e8139f5
access-control-expose-headers: X-Sc
set-cookie: OAID=b4ebca288d5049d1b0ad0853237822eb; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
oaidts=1664438809; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://userscloud.com
Content-Length: 1784
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 29 Sep 2022 08:07:09 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://userscloud.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
goomaphy.com/500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 goomaphy.com/500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
172.67.22.216200 OK 11 kB URL HTTP/2 offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
IP 172.67.22.216:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 96d73cf80f752e9319997c6e575c3b82
3dcf9d3b3e94698a842b1a98de17a02a8c3b4457
44dc0e0d92f12e669842f12722ca1a1848fb4be50deabd86c7d9deb64946db86
GET /www/images/96d73cf80f752e9319997c6e575c3b82.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:50 GMT
content-type: image/jpeg
content-length: 11449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "627e5574-2cb9"
expires: Thu, 29 Sep 2022 11:32:37 GMT
last-modified: Fri, 13 May 2022 12:56:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 74053
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338c308a4b4f3-OSL
X-Firefox-Spdy: h2
goomaphy.com/500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 1.0 kB URL HTTP/2 goomaphy.com/500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1258), with no line terminators
Hash 3d5168441dcc2b0571e9bf4a5c7f401e
5d6a2f2f60fab6b08f2aaad426d8b6d3295c1aa2
6a78e6696ed7833417e6c173d338061bce3bde718d022dec20b5b3a86275c22b
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=b28ac85450484965a1b2ef1a4745bef2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/javascript
x-trace-id: 07d2f52837fbf753294137984a8b314f
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://userscloud.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=0da5edeb978a4f09b303b3df40a11ea1; expires=Fri, 29 Sep 2023 08:06:49 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=0da5edeb978a4f09b303b3df40a11ea1
139.45.197.239200 OK 7 B URL HTTP/2 tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=0da5edeb978a4f09b303b3df40a11ea1
IP 139.45.197.239:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=0da5edeb978a4f09b303b3df40a11ea1 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 191
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=b4ebca288d5049d1b0ad0853237822eb; oaidts=1664438809
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:50 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2afe93281b0105eeec2b4ce9baa32d0b
access-control-expose-headers: X-Sc
set-cookie: OAID=0da5edeb978a4f09b303b3df40a11ea1; expires=Fri, 29 Sep 2023 08:06:50 GMT; secure; SameSite=None
oaidts=1664438809; expires=Fri, 29 Sep 2023 08:06:50 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
andamafraidt.xyz/multi?cs=ZWh2Q3hVXk50T1FZT3FLU15FdEg&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1233689347733832&agec=1664438809&fs=1&mbkb=512.8205128205128&ref=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_YMpk=1664438807168&crc=1
54.230.111.39200 OK 1.5 kB URL HTTP/2 andamafraidt.xyz/multi?cs=ZWh2Q3hVXk50T1FZT3FLU15FdEg&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1233689347733832&agec=1664438809&fs=1&mbkb=512.8205128205128&ref=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_YMpk=1664438807168&crc=1
IP 54.230.111.39:0
File type ASCII text, with very long lines (3183), with no line terminators
Hash 705f7326941448eecb7f9bb9b320faaf
551d4632f4071595e9e40d60d599550cd246b8fd
49bb30c70fb0785b796cff8c17e000580f3f9ec749a6efd03544b7c6aa2ebe05
GET /multi?cs=ZWh2Q3hVXk50T1FZT3FLU15FdEg&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1233689347733832&agec=1664438809&fs=1&mbkb=512.8205128205128&ref=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_YMpk=1664438807168&crc=1 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1495
date: Thu, 29 Sep 2022 08:06:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=57bf900e-71a7-4446-bc79-16c78a30ca0d
csu=1233689347733832
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZotcXT0CdpDN5odLfgY_l4Pd9w2fpM6dASpmQsTzMCnyMvexmSox0w==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 366fbb58b56c6469840359066ae0ef4b
519ec2d019a3df15e1555ee7e9f784207f3ee604
4c03f3b3b06d0359ff6c3e72e91c39cb8f6e6406ed7b8ba9e09708da8e2d38f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3190
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Last-Modified: Thu, 29 Sep 2022 07:13:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c3da91f34812391491a0b02df83a7670
c1bb27bae663584e2b1af0632e291cb1b16475ec
604e15400aa4b851d27581040b17fc890d74bc9f7b6533c699dc682266fdc939
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 29 Sep 2022 06:41:09 GMT
expires: Thu, 29 Sep 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 5141
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c3da91f34812391491a0b02df83a7670
c1bb27bae663584e2b1af0632e291cb1b16475ec
604e15400aa4b851d27581040b17fc890d74bc9f7b6533c699dc682266fdc939
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j97&a=2098521973&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=864507650&gjid=1958930111&cid=1539716867.1664438808&tid=UA-70768172-1&_gid=1367059933.1664438808&_r=1>m=2ou9q0&z=1668110875
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j97&a=2098521973&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=864507650&gjid=1958930111&cid=1539716867.1664438808&tid=UA-70768172-1&_gid=1367059933.1664438808&_r=1>m=2ou9q0&z=1668110875
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j97&a=2098521973&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=864507650&gjid=1958930111&cid=1539716867.1664438808&tid=UA-70768172-1&_gid=1367059933.1664438808&_r=1>m=2ou9q0&z=1668110875 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://userscloud.com
date: Thu, 29 Sep 2022 08:06:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 785d39ff61f01b674e557ff59d90e627
7e0e348027965bea4cd7e2e252b43b1f247bddbd
eb8d62f274de947a55650f13d1429fb5fd59a452dce3011b539db3a3b24a16b0
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:50 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1862679599%3A1664438810322600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqOFZblBmxEs8IMpSc91m21-vkEcoZn47DmX-8V2tkw_9nVl5_ldyqgvD8FrF2A_DeVfcVLNA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-nhKb5AoGLefgg5Y2_keCig' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:_JE1tOs25IXPqDbUPvhE-7x_2ablRw:Ju7Ev3762ln754PG;Path=/;Expires=Sat, 28-Sep-2024 08:06:50 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7f6c1bbbde940ad17ceda150b7b1664d
7273da22f182d9540784068537cc678ec27800d3
4d8a6cd94e298a71543331248750230237a56a67cef251c7a204291612dbb569
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 4b2f001528ab7c04d0cdf33496782138
cb81822f2f923dc6f6096d41cdae7b4d091f3df7
686b000a54791aa4806e4fcb4d0b245b85286fa2697cdbff864e51afd5d90c04
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:50 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1259090705%3A1664438810376052&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoJxEo6zb1xYCP5it057DPeaGGoWr-3JUAMGJivz8kcemiHwpGxkJPwj0foVe70LZLfhz5CmQ
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Zy2u32vz95V4kfUtGWUenA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:oWo55EDFwjzk5zoc_a32Q6mYkX6MjQ:Imi0zHsy1Cn95jqx;Path=/;Expires=Sat, 28-Sep-2024 08:06:50 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 366fbb58b56c6469840359066ae0ef4b
519ec2d019a3df15e1555ee7e9f784207f3ee604
4c03f3b3b06d0359ff6c3e72e91c39cb8f6e6406ed7b8ba9e09708da8e2d38f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3190
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Last-Modified: Thu, 29 Sep 2022 07:13:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
goomaphy.com/impression/6BtAXb_aMxdQ-s4OsdxHK8qIs-KFMv88m1cAqxyHdh9ou14SpO6YqtiYg3tj0aIDz0F2LMTUa2cYIEv4bz72xEq31i6NJvJfou8iJvBnVOVJ2_YFq6yiKNJBvyPODSKga3ELqovJuUm-hjLhbaclTxTzip3qzm6UScvlgEDa5ug88GQeFNmlJA8oALZ5psOpo7jRRlIq1GrKoYlOpuZS2hdHBKOy4vZcaElo8pRy7aS8M1KPqGMzfnzEVIZ1NwiZvIKqXdGD8mt-oJGuyIzDNuIJygjDVJpMmRtNle1kYKPc1-W3cAc0rjkrAqwopaxp--lVP1UHQCYcuKaiZNoqfsh22oVCW69ETtPbOg2-L7UaJT0cErGdlBPXmKyyp7KwulCkrcXMfrlL2crVmAefZlBBqvFnl2m9pcRO2l2qSnvSAaPhRXnGP1jjbqUAlmkHRlAhi4lPbjPiqoPglYFzkDfHze0Oqtf8IM_6eBYvb9rrL7iIKS6NbetPcvDBu_yNIIAkvizluzyYKA3Za-PL4ZZdNbqDo6hpBKHZHkhta_PziDLhD_gyBj7ltDDYg8Wo_bFovvn8CYGyHU2AfVMs-x9hsFHi-wFM?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 goomaphy.com/impression/6BtAXb_aMxdQ-s4OsdxHK8qIs-KFMv88m1cAqxyHdh9ou14SpO6YqtiYg3tj0aIDz0F2LMTUa2cYIEv4bz72xEq31i6NJvJfou8iJvBnVOVJ2_YFq6yiKNJBvyPODSKga3ELqovJuUm-hjLhbaclTxTzip3qzm6UScvlgEDa5ug88GQeFNmlJA8oALZ5psOpo7jRRlIq1GrKoYlOpuZS2hdHBKOy4vZcaElo8pRy7aS8M1KPqGMzfnzEVIZ1NwiZvIKqXdGD8mt-oJGuyIzDNuIJygjDVJpMmRtNle1kYKPc1-W3cAc0rjkrAqwopaxp--lVP1UHQCYcuKaiZNoqfsh22oVCW69ETtPbOg2-L7UaJT0cErGdlBPXmKyyp7KwulCkrcXMfrlL2crVmAefZlBBqvFnl2m9pcRO2l2qSnvSAaPhRXnGP1jjbqUAlmkHRlAhi4lPbjPiqoPglYFzkDfHze0Oqtf8IM_6eBYvb9rrL7iIKS6NbetPcvDBu_yNIIAkvizluzyYKA3Za-PL4ZZdNbqDo6hpBKHZHkhta_PziDLhD_gyBj7ltDDYg8Wo_bFovvn8CYGyHU2AfVMs-x9hsFHi-wFM?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/6BtAXb_aMxdQ-s4OsdxHK8qIs-KFMv88m1cAqxyHdh9ou14SpO6YqtiYg3tj0aIDz0F2LMTUa2cYIEv4bz72xEq31i6NJvJfou8iJvBnVOVJ2_YFq6yiKNJBvyPODSKga3ELqovJuUm-hjLhbaclTxTzip3qzm6UScvlgEDa5ug88GQeFNmlJA8oALZ5psOpo7jRRlIq1GrKoYlOpuZS2hdHBKOy4vZcaElo8pRy7aS8M1KPqGMzfnzEVIZ1NwiZvIKqXdGD8mt-oJGuyIzDNuIJygjDVJpMmRtNle1kYKPc1-W3cAc0rjkrAqwopaxp--lVP1UHQCYcuKaiZNoqfsh22oVCW69ETtPbOg2-L7UaJT0cErGdlBPXmKyyp7KwulCkrcXMfrlL2crVmAefZlBBqvFnl2m9pcRO2l2qSnvSAaPhRXnGP1jjbqUAlmkHRlAhi4lPbjPiqoPglYFzkDfHze0Oqtf8IM_6eBYvb9rrL7iIKS6NbetPcvDBu_yNIIAkvizluzyYKA3Za-PL4ZZdNbqDo6hpBKHZHkhta_PziDLhD_gyBj7ltDDYg8Wo_bFovvn8CYGyHU2AfVMs-x9hsFHi-wFM?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=0da5edeb978a4f09b303b3df40a11ea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:54 GMT
content-type: image/gif
content-length: 43
x-trace-id: 16ce0b57249aa641b7c279f89bd345f8
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3e9d3eab1fba386c4fdf3af9a757cfa9
b50127a1072c95ed71110b07dd58eab72747e6f8
869e09d135cff97a1073e32fa1808d0068195421369d138ad6bba86cfef18091
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3e9d3eab1fba386c4fdf3af9a757cfa9
b50127a1072c95ed71110b07dd58eab72747e6f8
869e09d135cff97a1073e32fa1808d0068195421369d138ad6bba86cfef18091
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
216.58.211.10200 OK 17 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP 216.58.211.10:0
Hash 49dcb3f23a58f998f11d8c2ca1b90a68
0aee92fad52d2f03484a134901a90260af43e913
92223ea8fd1122967d4b3adaec6c401be4ab899e973ed13fb3fb90520cdefcfa
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 08:06:54 GMT
date: Thu, 29 Sep 2022 08:06:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 45166
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/plain
set-cookie: csu=57201089513118@1@1664438809; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1cK85jZsSe4qxESwM%2FOHXGpYp7HmaYNxAsB4iCZz8SLd5KH020H%2Bc%2BXBsFwYTwzpdYNFlHBpCoJKmUzkY6CPEwoQcI%2FAz%2Fo1Xo9H9AoVVxPXcb%2FovclWkp1g00afPu5g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338becb8d7705-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waisheph.com/5/535061/?oo=1&aab=1
139.45.197.245200 OK 0 B URL HTTP/2 waisheph.com/5/535061/?oo=1&aab=1
IP 139.45.197.245:0
GET /5/535061/?oo=1&aab=1 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/json
x-trace-id: fd131dd79cbbf1160619943eb6ae0e04
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0da5edeb978a4f09b303b3df40a11ea1; expires=Fri, 29 Sep 2023 08:06:49 GMT; path=/; secure; SameSite=None
oaidts=1664438809; expires=Fri, 29 Sep 2023 08:06:49 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/plain
set-cookie: csu=1224850462523581@1@1664438809; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aSGReU1YApNUSVNVNYBHRZS7LLAlhb1xFB8MwG0AxmnGngegC7dRqIhWh%2F9L3SX38uYCqTiWiBdbOKmaNgS4GKTGsnd8BpADmN3V%2BdU5d8cR1mVdFtLkoHGdrBDg8coN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338bf7c9c7705-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1862679599%3A1664438810322600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqOFZblBmxEs8IMpSc91m21-vkEcoZn47DmX-8V2tkw_9nVl5_ldyqgvD8FrF2A_DeVfcVLNA
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1862679599%3A1664438810322600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqOFZblBmxEs8IMpSc91m21-vkEcoZn47DmX-8V2tkw_9nVl5_ldyqgvD8FrF2A_DeVfcVLNA
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S1862679599%3A1664438810322600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqOFZblBmxEs8IMpSc91m21-vkEcoZn47DmX-8V2tkw_9nVl5_ldyqgvD8FrF2A_DeVfcVLNA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:50 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-e1PMsxRoygAIXBowz27TBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=awCBUgkWP6EnFVrW4jsKJDKT11EoGSeOwVNiak86pFuimslKiIc-nfuAAQ_lOAJLzd-0sw4bqffbpb20IxeN45ou0xtDWIonmJrMfW6U9DPssq1AciKq_cUgtAVDtOgRgO4L7HNFMe58QuTJHfvWg4WeZNoz0pqroSIH4eGAezs; expires=Fri, 31-Mar-2023 08:06:50 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
goomaphy.com/401/4859604
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4859604 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/javascript
x-trace-id: 22ccb1b8a1a0e81dec8bc021f9f67419
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=b28ac85450484965a1b2ef1a4745bef2; expires=Fri, 29 Sep 2023 08:06:49 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3379
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1gK%2Ba3cZ6OOZWTw1G3ifd06wnHp2AGKWwrly1R%2BEbGd8061pAfpDPVCi9EaaYMu3tcRl%2BH0vWnZC1afXplU1NbCZ4ckmM6vyb5vlpf4S6oM%2B8vD4rPclh2wxQv%2FsKkRw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bedb927705-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3379
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A7ttuY3k67lonS4lxZOa32nPXNdI7PoaYgUr%2FnOULrT3kYykcwLn3idFwXr2d353fRdW30K5Mm5%2FYFwznXeFmwyrlGeo8h76qkd3cRnltYHbgYtQtzyrGrPVlCKlAArq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bedb947705-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=2582807
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/1?z=2582807
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=2582807 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: edee8b1f7c9ce2ace9e2b0545ba967b0
access-control-expose-headers: X-Sc
x-sc: QooVdthbzBxl9QkLIzoJsTMZFlbHT9uXb4199cigQ4XJyDiN4_bWy-ONf3uBnmIHKIVgjrLMt2sMCqC7w-j9Awie0xY=
set-cookie: scm=1; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
OAID=b4ebca288d5049d1b0ad0853237822eb; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
oaidts=1664438809; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: nV4pUfFUgg7Es5sR/OlzZVXnuwO/9mL0npn1SoORE2err6tFUoYb1pe89LFfAa/qI5C7n1QudGgMzdypkJBVYQ==
date: Thu, 29 Sep 2022 08:06:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2