userscloud.com/ghbcz43a0nnu
301 Moved Permanently 0 B URL HTTP/1.1 userscloud.com/ghbcz43a0nnu
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ghbcz43a0nnu HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 26 Sep 2022 23:48:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 27 Sep 2022 00:48:31 GMT
Location: https://userscloud.com/ghbcz43a0nnu
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7w4hdLz%2FjN05%2BcPDvi8et87oKQtdOStfzKSLRRTmDOjzI%2BolodgxMAJ21E2%2Fs0HDzCMu9WGPIQTSr4ySKs%2FvxYo4CPVxsCYuub7pYj2nuPzBph%2Fumif4UwJbCQP09Ha3FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750fe4117f98b521-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 23:15:28 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _flxP4N2zgGMQ9eMkFOIN-YmDlUQDyO1AFpNRuz25yO-IZ2xAe9Y7g==
Age: 1983
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6772
Expires: Tue, 27 Sep 2022 01:41:23 GMT
Date: Mon, 26 Sep 2022 23:48:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1017811d25642601e984edc1676d118d
c177c4f7a897584bf91347fa4990c83d6bfd0321
f35bb3a8c877dd8d3c5920f3c917722f12b157aff398e2ec30fab51fa6caa2ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F35BB3A8C877DD8D3C5920F3C917722F12B157AFF398E2EC30FAB51FA6CAA2EF"
Last-Modified: Mon, 26 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2657
Expires: Tue, 27 Sep 2022 00:32:48 GMT
Date: Mon, 26 Sep 2022 23:48:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Q+1uReQDfsLSidIwNuxKRbIZGHrqqG94jLsEeBvXfQVmx0oCbpDPIh2Gtj6nCn6ikKTz4c5nsmA=
x-amz-request-id: 36SBPJM6GJTWC3FC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 26 Sep 2022 23:46:33 GMT
age: 118
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 23:48:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 26 Sep 2022 23:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Mon, 26 Sep 2022 23:54:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: s496PA4BwAuuVhviIk4E9M-UkGsZQ5lq5qtroZTMwKpvVk4KFWJ_Zg==
Age: 2266
ocsp.digicert.com/
200 OK 471 B IP
Hash 5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4572
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:32 GMT
Last-Modified: Mon, 26 Sep 2022 22:32:20 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: adSWj8segSB+yCcrbrgrnA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HnkZSF0eTXTzB28Yd8Pcb+nudA0=
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-70768172-1
200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-70768172-1
IP
File type ASCII text, with very long lines (2039)
Hash f25895e553ddf7cb4c72b168c454048b
5b534b4478a5be03e1dcd90013a0583713f993b6
d48e701e3d6470d3526c404e9bc59662fa90571031d2421bf047969f35fd0bfc
GET /gtag/js?id=UA-70768172-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 26 Sep 2022 23:48:33 GMT
expires: Mon, 26 Sep 2022 23:48:33 GMT
cache-control: private, max-age=900
last-modified: Mon, 26 Sep 2022 22:12:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42338
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 10 kB IP
Hash 76e31e352151b46810dfe077f2d00a83
6ff95ce8b00163ced442ad14f4ea9288d60fa6eb
587f1d303dd88e2c1304053de9e2e8e73adb5bc825e14f6f2bda220083713040
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d3d61368334713b37fa228bd0c1130e7
757d3132b7c5c5adc9967cb9776a510c753724ae
5b2fb08e99846728464603d39f7d719b21be1415d8251550b0a865fd312b5346
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B2FB08E99846728464603D39F7D719B21BE1415D8251550B0A865FD312B5346"
Last-Modified: Mon, 26 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12939
Expires: Tue, 27 Sep 2022 03:24:12 GMT
Date: Mon, 26 Sep 2022 23:48:33 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash ecf0aac6021511a0d2b4f502146e0e4a
76db4fe852d2c5782b19bec720a788121c517d8f
700bcb75e27b74aca3d07b4ae3bec7fcee8933566b7eb5bdc7db093f2b26fdf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "700BCB75E27B74ACA3D07B4AE3BEC7FCEE8933566B7EB5BDC7DB093F2B26FDF9"
Last-Modified: Sat, 24 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7282
Expires: Tue, 27 Sep 2022 01:49:55 GMT
Date: Mon, 26 Sep 2022 23:48:33 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash c5b57d95a61192eea33c35048fd06ead
e92606965483f9bc85e443bd64430505439114df
2f28701f624a3de304d5bc0a312e6aca987ae1a11547fe6100f39e432867f595
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2F28701F624A3DE304D5BC0A312E6ACA987AE1A11547FE6100F39E432867F595"
Last-Modified: Sun, 25 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2471
Expires: Tue, 27 Sep 2022 00:29:44 GMT
Date: Mon, 26 Sep 2022 23:48:33 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash ecf0aac6021511a0d2b4f502146e0e4a
76db4fe852d2c5782b19bec720a788121c517d8f
700bcb75e27b74aca3d07b4ae3bec7fcee8933566b7eb5bdc7db093f2b26fdf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "700BCB75E27B74ACA3D07B4AE3BEC7FCEE8933566B7EB5BDC7DB093F2B26FDF9"
Last-Modified: Sat, 24 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7282
Expires: Tue, 27 Sep 2022 01:49:55 GMT
Date: Mon, 26 Sep 2022 23:48:33 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash ecf0aac6021511a0d2b4f502146e0e4a
76db4fe852d2c5782b19bec720a788121c517d8f
700bcb75e27b74aca3d07b4ae3bec7fcee8933566b7eb5bdc7db093f2b26fdf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "700BCB75E27B74ACA3D07B4AE3BEC7FCEE8933566B7EB5BDC7DB093F2B26FDF9"
Last-Modified: Sat, 24 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7282
Expires: Tue, 27 Sep 2022 01:49:55 GMT
Date: Mon, 26 Sep 2022 23:48:33 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash c5b57d95a61192eea33c35048fd06ead
e92606965483f9bc85e443bd64430505439114df
2f28701f624a3de304d5bc0a312e6aca987ae1a11547fe6100f39e432867f595
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2F28701F624A3DE304D5BC0A312E6ACA987AE1A11547FE6100F39E432867F595"
Last-Modified: Sun, 25 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2471
Expires: Tue, 27 Sep 2022 00:29:44 GMT
Date: Mon, 26 Sep 2022 23:48:33 GMT
Connection: keep-alive
quettefors.xyz/utx?cb=ERAAq0YH9Pir&top=userscloud.com&tid=816973
204 No Content 0 B URL HTTP/2 quettefors.xyz/utx?cb=ERAAq0YH9Pir&top=userscloud.com&tid=816973
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=ERAAq0YH9Pir&top=userscloud.com&tid=816973 HTTP/1.1
Host: quettefors.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 23:48:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 26 Sep 2022 23:49:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a8de383ae0e22ed372880220fd20b198.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 3dZLRsfTMLnrV3TdFOoXEbEKF38_HZhWay4PSNsjx09GObjDnxHpxw==
X-Firefox-Spdy: h2
quettefors.xyz/utx?cb=CPDpuGo8qApV&top=userscloud.com&tid=600304
204 No Content 0 B URL HTTP/2 quettefors.xyz/utx?cb=CPDpuGo8qApV&top=userscloud.com&tid=600304
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=CPDpuGo8qApV&top=userscloud.com&tid=600304 HTTP/1.1
Host: quettefors.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 23:48:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 26 Sep 2022 23:49:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a8de383ae0e22ed372880220fd20b198.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: fZh7-aETxJ6ag2NtCtspGqrZHXM88Ws9o42sOBdqKcReH3UWB54eXA==
X-Firefox-Spdy: h2
quettefors.xyz/ZXVMOGgEFy9VVwRILh4dFxlxHVojUH5+DFYHLgEfBAY8ChFdEjsWCwkaOVwOFxoiTEYLEDgdWiMcL1M+NCR/eTouH3hUPBIsP3YgUD0dVlkCESdyPSkMAUsgAj94ciAwHhx6OQc+H20EIxIraj4CLGkKLis9eXk+Jh40dDoBJRVCPREwfAFYARwFbS0tHSdiOTQ2B1IcQEcOeQAGTQJsMSczJXkEKDMVcCIiRTlwHwIGHHtQNyN/Wz8BGXl7MSI/Nm8pFUUVbzIhOAt6AQYNO1ojHCB7bj0nRAdwHCI5FHYDPx4BTzEiPzZ5DzcSFU8iLycLTA8EGRp5DDFYL1UtHR49XDAgRx1wPg0WfHosASIKVTkOPCZ3PCAjCnsHCi8ncVgDMhZMOSMkO1owLFMmSwcLBXFMXjE7HXMCMCIfYDo
200 OK 1.2 kB URL HTTP/2 quettefors.xyz/ZXVMOGgEFy9VVwRILh4dFxlxHVojUH5+DFYHLgEfBAY8ChFdEjsWCwkaOVwOFxoiTEYLEDgdWiMcL1M+NCR/eTouH3hUPBIsP3YgUD0dVlkCESdyPSkMAUsgAj94ciAwHhx6OQc+H20EIxIraj4CLGkKLis9eXk+Jh40dDoBJRVCPREwfAFYARwFbS0tHSdiOTQ2B1IcQEcOeQAGTQJsMSczJXkEKDMVcCIiRTlwHwIGHHtQNyN/Wz8BGXl7MSI/Nm8pFUUVbzIhOAt6AQYNO1ojHCB7bj0nRAdwHCI5FHYDPx4BTzEiPzZ5DzcSFU8iLycLTA8EGRp5DDFYL1UtHR49XDAgRx1wPg0WfHosASIKVTkOPCZ3PCAjCnsHCi8ncVgDMhZMOSMkO1owLFMmSwcLBXFMXjE7HXMCMCIfYDo
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Hash cd44d88251d455203f79db9999a6ba0c
4040d0b1a7ea1ba42515e69d85a68c7aa601f8e9
c9a0adac74236742c7b6e64c5497926ebc32863caa404dd512e443a9c7e99008
GET /ZXVMOGgEFy9VVwRILh4dFxlxHVojUH5+DFYHLgEfBAY8ChFdEjsWCwkaOVwOFxoiTEYLEDgdWiMcL1M+NCR/eTouH3hUPBIsP3YgUD0dVlkCESdyPSkMAUsgAj94ciAwHhx6OQc+H20EIxIraj4CLGkKLis9eXk+Jh40dDoBJRVCPREwfAFYARwFbS0tHSdiOTQ2B1IcQEcOeQAGTQJsMSczJXkEKDMVcCIiRTlwHwIGHHtQNyN/Wz8BGXl7MSI/Nm8pFUUVbzIhOAt6AQYNO1ojHCB7bj0nRAdwHCI5FHYDPx4BTzEiPzZ5DzcSFU8iLycLTA8EGRp5DDFYL1UtHR49XDAgRx1wPg0WfHosASIKVTkOPCZ3PCAjCnsHCi8ncVgDMhZMOSMkO1owLFMmSwcLBXFMXjE7HXMCMCIfYDo HTTP/1.1
Host: quettefors.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1174
date: Mon, 26 Sep 2022 23:48:33 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a8de383ae0e22ed372880220fd20b198.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 0SeDYTT4VtC4LCTRrjcXkm_m-lR2D4z7Dsp66htDTqL7YjLteMNLbQ==
X-Firefox-Spdy: h2
quettefors.xyz/utx?cb=kF10x0Fwhgwz&top=userscloud.com&tid=708052
204 No Content 0 B URL HTTP/2 quettefors.xyz/utx?cb=kF10x0Fwhgwz&top=userscloud.com&tid=708052
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=kF10x0Fwhgwz&top=userscloud.com&tid=708052 HTTP/1.1
Host: quettefors.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 23:48:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 26 Sep 2022 23:49:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a8de383ae0e22ed372880220fd20b198.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: VF7ZoeUaPNT8n1O1Py5uACwhdmPzrU-Hgw4qOqLwRm5vZ9KeGwqbcQ==
X-Firefox-Spdy: h2
quettefors.xyz/OFRyNzRZNhFaC1lpEBFBSjhPEgZ+cUBxUAsmEA5DWScCBU0AMwUZV1Q7B1NSSjscQxpWMQYSBn5iJlxMbg4YckBxLgF2cFI7HnpiSx4UBERLASN9W3I9K31sQmEKeXV2NjVeR2kcNA9+aAM7UlJ5IAN+ZkACEQRMQhcedlNzZhp2YnsVBFZyWww+TlMLAwVhW3cXJ31jVhlXBXZ1Fktie0JkCnYEaW0TXnVwEDF6XnQjS1N9UWUFYXxcYytaYnwVQQJfdAIRdlULbCpmQ3ZxQHV9fCM7ZXBiJCgGbnIwHFh/bRUkRVJAMDZ2BwxxQHV9CBkxcwduPiF2clY1JRpQbwIbREJoMxliUnkkHGFTenFAdVJ/BiV2c0xxQHVuaRYrZ3dTLjFiWEoyGnlSemYwD1dAGT9RQx4+AVhaSGkTUl5sMzdNWn8lRU95fQ
200 OK 1.2 kB URL HTTP/2 quettefors.xyz/OFRyNzRZNhFaC1lpEBFBSjhPEgZ+cUBxUAsmEA5DWScCBU0AMwUZV1Q7B1NSSjscQxpWMQYSBn5iJlxMbg4YckBxLgF2cFI7HnpiSx4UBERLASN9W3I9K31sQmEKeXV2NjVeR2kcNA9+aAM7UlJ5IAN+ZkACEQRMQhcedlNzZhp2YnsVBFZyWww+TlMLAwVhW3cXJ31jVhlXBXZ1Fktie0JkCnYEaW0TXnVwEDF6XnQjS1N9UWUFYXxcYytaYnwVQQJfdAIRdlULbCpmQ3ZxQHV9fCM7ZXBiJCgGbnIwHFh/bRUkRVJAMDZ2BwxxQHV9CBkxcwduPiF2clY1JRpQbwIbREJoMxliUnkkHGFTenFAdVJ/BiV2c0xxQHVuaRYrZ3dTLjFiWEoyGnlSemYwD1dAGT9RQx4+AVhaSGkTUl5sMzdNWn8lRU95fQ
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash 9055248e7698d594e3fb6caf84b29dbd
b891312ee89886620532d6cbede4f7c36cfbfa4d
de26ceea1601425f0d10c5af0a51162ad905f3cabd01ee54b14ca07e7766ecdf
GET /OFRyNzRZNhFaC1lpEBFBSjhPEgZ+cUBxUAsmEA5DWScCBU0AMwUZV1Q7B1NSSjscQxpWMQYSBn5iJlxMbg4YckBxLgF2cFI7HnpiSx4UBERLASN9W3I9K31sQmEKeXV2NjVeR2kcNA9+aAM7UlJ5IAN+ZkACEQRMQhcedlNzZhp2YnsVBFZyWww+TlMLAwVhW3cXJ31jVhlXBXZ1Fktie0JkCnYEaW0TXnVwEDF6XnQjS1N9UWUFYXxcYytaYnwVQQJfdAIRdlULbCpmQ3ZxQHV9fCM7ZXBiJCgGbnIwHFh/bRUkRVJAMDZ2BwxxQHV9CBkxcwduPiF2clY1JRpQbwIbREJoMxliUnkkHGFTenFAdVJ/BiV2c0xxQHVuaRYrZ3dTLjFiWEoyGnlSemYwD1dAGT9RQx4+AVhaSGkTUl5sMzdNWn8lRU95fQ HTTP/1.1
Host: quettefors.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Mon, 26 Sep 2022 23:48:33 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a8de383ae0e22ed372880220fd20b198.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: fgzLcXGFsusu1aqRB-w8qk4vHQ_VlcijWdW8rFvMkAs-9ZGuN8X0fg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash ecf0aac6021511a0d2b4f502146e0e4a
76db4fe852d2c5782b19bec720a788121c517d8f
700bcb75e27b74aca3d07b4ae3bec7fcee8933566b7eb5bdc7db093f2b26fdf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "700BCB75E27B74ACA3D07B4AE3BEC7FCEE8933566B7EB5BDC7DB093F2B26FDF9"
Last-Modified: Sat, 24 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7282
Expires: Tue, 27 Sep 2022 01:49:55 GMT
Date: Mon, 26 Sep 2022 23:48:33 GMT
Connection: keep-alive
reswsentativ.xyz/RWxYbXRqUzseSSRfAgwtEhw8Pxk9NA87RQQODgUnEAcKAiMDWH4ZHSFRYFxCfFtrSwQsCGVfTWMfLAwAMB9lXFIsAj4CSWMaZVxadUJtVFp0Si1QRWMYKAwTeF1+HQAxAGVcQnNYal5CdF1pW0B3
204 No Content 20 kB URL HTTP/2 reswsentativ.xyz/RWxYbXRqUzseSSRfAgwtEhw8Pxk9NA87RQQODgUnEAcKAiMDWH4ZHSFRYFxCfFtrSwQsCGVfTWMfLAwAMB9lXFIsAj4CSWMaZVxadUJtVFp0Si1QRWMYKAwTeF1+HQAxAGVcQnNYal5CdF1pW0B3
IP
Hash 64f6da06d45f74e9794b5c9d6e1657c1
53ab119d023636073503b202756293c90b894d6d
58f4cd84eb6c44feec33d98607e46c487132ce0cc9cdc21329a15e020863e282
GET /RWxYbXRqUzseSSRfAgwtEhw8Pxk9NA87RQQODgUnEAcKAiMDWH4ZHSFRYFxCfFtrSwQsCGVfTWMfLAwAMB9lXFIsAj4CSWMaZVxadUJtVFp0Si1QRWMYKAwTeF1+HQAxAGVcQnNYal5CdF1pW0B3 HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 23:48:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m4%2Ffu9TPdyoxBLCwy5tpOoGwtzepn2Sk5CL5cGIlMzloV7RGkdDPtV6h0w4VcZdMRJgTzRbOtGCm7Y%2Ba3gT6YqVJypeN8QXpQhpFwWoTx6nDtJM%2FlbqspfIz0R%2FM7wKoFc4k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750fe41efe01b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reswsentativ.xyz/dkFSVVFZfjEmbCM7EGAGGAc/FxQ0NQESBDESBRsYLDY2GTMdKnQhOBJ8ZGVhRXFmcyEfJW9kdwU1MyEkBXxjczgYJz1odwB8Y3tiQm9gbX9HZydoYFA1IjQ2S3B0JSUCLW9kZ0B1YGZnR3BjYGhB
204 No Content 0 B URL HTTP/2 reswsentativ.xyz/dkFSVVFZfjEmbCM7EGAGGAc/FxQ0NQESBDESBRsYLDY2GTMdKnQhOBJ8ZGVhRXFmcyEfJW9kdwU1MyEkBXxjczgYJz1odwB8Y3tiQm9gbX9HZydoYFA1IjQ2S3B0JSUCLW9kZ0B1YGZnR3BjYGhB
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dkFSVVFZfjEmbCM7EGAGGAc/FxQ0NQESBDESBRsYLDY2GTMdKnQhOBJ8ZGVhRXFmcyEfJW9kdwU1MyEkBXxjczgYJz1odwB8Y3tiQm9gbX9HZydoYFA1IjQ2S3B0JSUCLW9kZ0B1YGZnR3BjYGhB HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 23:48:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iTSjYHDGgsaKEiGeWz9DpVB4oL818KhKjO4ljJd3tHAW9uNF2AiBCMLCvwq94gxq2kydOwIzK%2FTfUwoifgEXNqJl%2F9HoK10lH%2B0xsRhnkvXRXxlfmVT8gGjDwcpl2%2FxckQgv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750fe41efdfcb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reswsentativ.xyz/NlVnZTEZagQWDGESHytSYSERM3lgHzIId2AxIitoVzlWUWMHYUERWFJoUFUJBmBVQ0FfMVpXCBAmEwRFQyZaVBdfOwEKDBAjWlQfBntSXB8HcxJYABAhFwRWC2RBFUVCOVpUBwBhVVYHB2RWUwMD
204 No Content 0 B URL HTTP/2 reswsentativ.xyz/NlVnZTEZagQWDGESHytSYSERM3lgHzIId2AxIitoVzlWUWMHYUERWFJoUFUJBmBVQ0FfMVpXCBAmEwRFQyZaVBdfOwEKDBAjWlQfBntSXB8HcxJYABAhFwRWC2RBFUVCOVpUBwBhVVYHB2RWUwMD
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NlVnZTEZagQWDGESHytSYSERM3lgHzIId2AxIitoVzlWUWMHYUERWFJoUFUJBmBVQ0FfMVpXCBAmEwRFQyZaVBdfOwEKDBAjWlQfBntSXB8HcxJYABAhFwRWC2RBFUVCOVpUBwBhVVYHB2RWUwMD HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 23:48:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8yHK6OGFuKrp1OfZVK3wYlgpecT07M9wqCdFtl1%2BQSuOSdFZjTPGtrzbYx5OAy37qV%2FPwfmGFj9KZTCPrwoHsTsElM%2F7t3LS%2FT0k%2FlMYntThwT3G%2F5JVtiwRghsjb2KjpFl3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750fe41efdfdb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash c5b57d95a61192eea33c35048fd06ead
e92606965483f9bc85e443bd64430505439114df
2f28701f624a3de304d5bc0a312e6aca987ae1a11547fe6100f39e432867f595
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2F28701F624A3DE304D5BC0A312E6ACA987AE1A11547FE6100F39E432867F595"
Last-Modified: Sun, 25 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2471
Expires: Tue, 27 Sep 2022 00:29:44 GMT
Date: Mon, 26 Sep 2022 23:48:33 GMT
Connection: keep-alive
quettefors.xyz/eXNjRVEYEQAobhhOAWMkCx9eYGM/VlEDNUoBAXwmGAATdyhBFBRrMhUcFiE3CxwNMX8XFhdgYz9GMCsXCj0IMiExFCkUMgNHOgYQDUUGLhcfMQ0tIj4LWh8YEwMuCWBNJSw/OjchOy4BODc5ExYeQjsCFA4cB3UXMiQKdTo/HyYUGioiMBAAHQIoPQQ2MFAtIjshGx8bShAnBgRBAzMyEDAmGS5kLwsPHTIqEAYDPUEUKS0TMzEiNXRLNTt0Ji0VDTULPzIHfDNJOhYAYkxFKxQHIDw3DwQhFDp1MhIQGQQZEQUyLGUtFQ0qFT4bLWBjPzBTLTA+OxsvBz9eVwIaAEswB2AVAwYBNRwxDXRnKCVTAjcuSicdFzgfLAcAMiQ3FycoCgwVNBQhIRY6NwsGMncTAAwrIUQwCxwgMRIQcBQIKQATFg
200 OK 8.9 kB URL HTTP/2 quettefors.xyz/eXNjRVEYEQAobhhOAWMkCx9eYGM/VlEDNUoBAXwmGAATdyhBFBRrMhUcFiE3CxwNMX8XFhdgYz9GMCsXCj0IMiExFCkUMgNHOgYQDUUGLhcfMQ0tIj4LWh8YEwMuCWBNJSw/OjchOy4BODc5ExYeQjsCFA4cB3UXMiQKdTo/HyYUGioiMBAAHQIoPQQ2MFAtIjshGx8bShAnBgRBAzMyEDAmGS5kLwsPHTIqEAYDPUEUKS0TMzEiNXRLNTt0Ji0VDTULPzIHfDNJOhYAYkxFKxQHIDw3DwQhFDp1MhIQGQQZEQUyLGUtFQ0qFT4bLWBjPzBTLTA+OxsvBz9eVwIaAEswB2AVAwYBNRwxDXRnKCVTAjcuSicdFzgfLAcAMiQ3FycoCgwVNBQhIRY6NwsGMncTAAwrIUQwCxwgMRIQcBQIKQATFg
IP
Hash a3dc8d6881238a33347e850e25168661
89b7868e6693aa6f29b8a2e61bf52bf36f2ae5cf
e567264dba5fb8e5b79efe43a9da6ad8e784a881e0517669db96e723d0e5ad46
GET /eXNjRVEYEQAobhhOAWMkCx9eYGM/VlEDNUoBAXwmGAATdyhBFBRrMhUcFiE3CxwNMX8XFhdgYz9GMCsXCj0IMiExFCkUMgNHOgYQDUUGLhcfMQ0tIj4LWh8YEwMuCWBNJSw/OjchOy4BODc5ExYeQjsCFA4cB3UXMiQKdTo/HyYUGioiMBAAHQIoPQQ2MFAtIjshGx8bShAnBgRBAzMyEDAmGS5kLwsPHTIqEAYDPUEUKS0TMzEiNXRLNTt0Ji0VDTULPzIHfDNJOhYAYkxFKxQHIDw3DwQhFDp1MhIQGQQZEQUyLGUtFQ0qFT4bLWBjPzBTLTA+OxsvBz9eVwIaAEswB2AVAwYBNRwxDXRnKCVTAjcuSicdFzgfLAcAMiQ3FycoCgwVNBQhIRY6NwsGMncTAAwrIUQwCxwgMRIQcBQIKQATFg HTTP/1.1
Host: quettefors.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1182
date: Mon, 26 Sep 2022 23:48:33 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a8de383ae0e22ed372880220fd20b198.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: fysViAKria2SRA0_4Kl0U7in73lEfJIx8DAceFQhs1NxDcni1kbA1Q==
X-Firefox-Spdy: h2
d3rb9wasp2y8gw.cloudfront.net/6TkxVZjEtIzsADjolMVsJf3psUQJoJiYJXz5xNANbGisQHF8JPWIefAtqIRxVc3xzClAgK2hAVCAvaFcXLyg3WwVoOCUJWnM+MB9UOz0xA0Q9aiAHDCMjLw9dIi1wVHd7YmVDA35kLVcAa38XQwN+IDwIRDZpZ1ZJdnoKUAVrfxdDA34+I0MCD3VjSAFnaW-dWVisvPgkUfApnVgB+fGRWAGt+ZQBYPCkzCUlrfhNfB2B8cxMMfw
200 OK 433 B URL HTTP/2 d3rb9wasp2y8gw.cloudfront.net/6TkxVZjEtIzsADjolMVsJf3psUQJoJiYJXz5xNANbGisQHF8JPWIefAtqIRxVc3xzClAgK2hAVCAvaFcXLyg3WwVoOCUJWnM+MB9UOz0xA0Q9aiAHDCMjLw9dIi1wVHd7YmVDA35kLVcAa38XQwN+IDwIRDZpZ1ZJdnoKUAVrfxdDA34+I0MCD3VjSAFnaW-dWVisvPgkUfApnVgB+fGRWAGt+ZQBYPCkzCUlrfhNfB2B8cxMMfw
IP
File type ASCII text, with very long lines (570), with no line terminators
Hash 4913322b61ef7581c7dabc2770830ecf
12ca6c91c8a0546f8fcad4a427417bf3c9109ffe
2b4ec413f7ca8b963915dc75333ee50c63ac54106c19d015932383e67537439b
GET /6TkxVZjEtIzsADjolMVsJf3psUQJoJiYJXz5xNANbGisQHF8JPWIefAtqIRxVc3xzClAgK2hAVCAvaFcXLyg3WwVoOCUJWnM+MB9UOz0xA0Q9aiAHDCMjLw9dIi1wVHd7YmVDA35kLVcAa38XQwN+IDwIRDZpZ1ZJdnoKUAVrfxdDA34+I0MCD3VjSAFnaW-dWVisvPgkUfApnVgB+fGRWAGt+ZQBYPCkzCUlrfhNfB2B8cxMMfw HTTP/1.1
Host: d3rb9wasp2y8gw.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quettefors.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 433
date: Mon, 26 Sep 2022 23:48:34 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cgVztk_VFC21sU8Sk8casplMKDRjK5CCmRLvruoofe3iXS9nPQNTNQ==
X-Firefox-Spdy: h2
d3rb9wasp2y8gw.cloudfront.net/ickVQQ3ARKj4lTwYsNH5HQn1gdkJULyMsHgJ4JHUkPBQbKSUlFggRVgY/NH5AVCkxLRdPYzUtE090diIUEHhkZQQCKjt+Ahc8NTYBFiAlMFYHJG0uHwgsPC8RV3cWdl5CYGJzWAp0YWZDMGBicxwbKyU7VUB1KHtGLXNkZkMwYGJzAgRgYwJJRGtgalVAdT-cmExkqdXE2QHVhc0BDdWFmQkIjOTEVFCooZkI0fGZtQFQwbXI
200 OK 445 B URL HTTP/2 d3rb9wasp2y8gw.cloudfront.net/ickVQQ3ARKj4lTwYsNH5HQn1gdkJULyMsHgJ4JHUkPBQbKSUlFggRVgY/NH5AVCkxLRdPYzUtE090diIUEHhkZQQCKjt+Ahc8NTYBFiAlMFYHJG0uHwgsPC8RV3cWdl5CYGJzWAp0YWZDMGBicxwbKyU7VUB1KHtGLXNkZkMwYGJzAgRgYwJJRGtgalVAdT-cmExkqdXE2QHVhc0BDdWFmQkIjOTEVFCooZkI0fGZtQFQwbXI
IP
File type ASCII text, with very long lines (584), with no line terminators
Hash 7880d2536bb5dda9296789cff109c35a
2e659918a0027f98a947e422ae890aef9f1c39a1
dfa94019cba858482d7f8cfeaa189a4aed7bbdd57fece8e61e4c74b98501e4aa
GET /ickVQQ3ARKj4lTwYsNH5HQn1gdkJULyMsHgJ4JHUkPBQbKSUlFggRVgY/NH5AVCkxLRdPYzUtE090diIUEHhkZQQCKjt+Ahc8NTYBFiAlMFYHJG0uHwgsPC8RV3cWdl5CYGJzWAp0YWZDMGBicxwbKyU7VUB1KHtGLXNkZkMwYGJzAgRgYwJJRGtgalVAdT-cmExkqdXE2QHVhc0BDdWFmQkIjOTEVFCooZkI0fGZtQFQwbXI HTTP/1.1
Host: d3rb9wasp2y8gw.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quettefors.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 445
date: Mon, 26 Sep 2022 23:48:34 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 15gUinA_9aO9Komzvi-VYJ5RUnJ3I-KTjwjHAC0pakcnfsLUCeQocA==
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 532 B IP
File type ASCII text, with no line terminators
Hash cb5f22e8e3edcc36a2371e04442a2779
84d10ee647c4a4d36db5e431617cfea02257faf0
bdd24250ae4c498c838bd21dc534350ebd88058f21a8b95e23344721acbdc96b
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 23:48:33 GMT
content-type: text/plain
set-cookie: csu=706590661148387@1@1664236113; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DccLZwKAqfJ8uoTb9M8kHkkltiHAdmaz7rgEgtr4hHhbToNxITrwMqksBRE%2BNVwl%2BP%2B1qTpf06SZo9Wn9jEpOmPHNU3MssXeeRT82T5UsTerBE2ZswqKp6GSq1JPX5Bo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750fe41eddd7731e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9233
Expires: Tue, 27 Sep 2022 02:22:27 GMT
Date: Mon, 26 Sep 2022 23:48:34 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9233
Expires: Tue, 27 Sep 2022 02:22:27 GMT
Date: Mon, 26 Sep 2022 23:48:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2267eb0a20554688393db616344441ee
49546314082f2e4f4c4c2686cc0ca281ae6bae47
4e37955fb99beb25ceb9deb7c4398914af4192c2e3614e5d68cdafa8c85b256e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7146
x-amzn-requestid: 0470759c-7b3e-4e73-a4fa-15f9f3919834
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZASNOGKzIAMFfaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ffd87-7856f7180fa1045a6092b335;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 07:04:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Kxa2h6hEjuAgCj3z9G2K1FzuWUMA3c5-9LM8KpjqmdP9Zm8RPoSxGg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 07:31:34 GMT
age: 58620
etag: "49546314082f2e4f4c4c2686cc0ca281ae6bae47"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe39ddaa9-a775-40b9-af3a-870507ff4d52.jpeg
200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe39ddaa9-a775-40b9-af3a-870507ff4d52.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e56f576ce4c320252cd028a38a1e4bde
8fbe2856a3e05ae7c45f4e35944d2835d47e4284
dc5783e5d50e89d2b9c72dea55751a64157dbc9ec9be85383a6df10b5ec1a602
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe39ddaa9-a775-40b9-af3a-870507ff4d52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5142
x-amzn-requestid: 5b86b092-ff60-476c-855a-d32d5f10f115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yvz1CGInoAMF0Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296686-79e9a4cb75289e1b0785d4fc;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:06:46 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7k1682yCSjI5mtQhFZ8S1eSMo2qYEd7HF2T58X3cbCV2112QE46zXQ==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:49:33 GMT
age: 7141
etag: "8fbe2856a3e05ae7c45f4e35944d2835d47e4284"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a2c481a-abce-43aa-89a3-95cd7559102c.jpeg
200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a2c481a-abce-43aa-89a3-95cd7559102c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1f571f5fdf5233ffa70132a4504d4fe
1b5f002272083d5e19b5bd18d503f49635b771e5
4563ffe63e1d043c159648a72d9f4c59a3b0fe40379254848a52c11a4f1a6511
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a2c481a-abce-43aa-89a3-95cd7559102c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6518
x-amzn-requestid: 6dfcf2e6-a528-47aa-8ae8-7857f08dac7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y13ElHLzIAMFetw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bd21d-1317b6f73d15a209545f80d6;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 03:10:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Eh_pKXNcEmAVXN5vl2i9chmz6U-PtBHTLfS04OSmkuYa7-e2vVl7nw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 18:10:41 GMT
age: 20273
etag: "1b5f002272083d5e19b5bd18d503f49635b771e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: fe9ec409-2757-4910-8443-5b4d3be7efd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlATEp8oAMFd9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b9b-3230e97a4fe34413285eb578;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kRSg9NTTAgeAJgIZ_C9_rRodCX4bzGduJEvNPNHUya0Moa2vsmWSoQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:38:57 GMT
age: 7777
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35b718e0-3d37-4447-a38f-12fa37aeae57.jpeg
200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35b718e0-3d37-4447-a38f-12fa37aeae57.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e88b78ede0e4583585d6bb805fb39470
edff303440c5972381295b4b2602bd3f77f6702a
ce55a1ff5c71ec43884b74a08cd32ef75cb0632a91f3fe8b150f5ead499375a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35b718e0-3d37-4447-a38f-12fa37aeae57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6487
x-amzn-requestid: f292e8c1-3e79-4f59-a3aa-6863330835d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VioHHQIAMFlmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfaa-65955b7d7998a0dc6eded103;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Wx3JPGA6ZeR_7v1MXPDgc2T3RQ2mm48Q9Cb9kydTN9O1OUHlXO4NxQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 23:03:14 GMT
age: 2720
etag: "edff303440c5972381295b4b2602bd3f77f6702a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 56c3768b851e6a5206cbfbe3f5a97cae
2a2fabd9f9792daf9c058fc754d5616267b703f1
668dba22a0c81c4580637806c293521b176512b18ebcc2fe951be2f27f43134d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10864
x-amzn-requestid: a6be937a-3e8f-4dad-bbca-f28554f5ff21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YioQqFHsoAMFxXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632420d0-78fecb9e2f76416044839a35;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:08:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: l-svEjPVAfeYvCQAHsARjTk9PNdkVGUJA_2415312kWF2x6MDI7o7A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 07:52:33 GMT
age: 57361
etag: "2a2fabd9f9792daf9c058fc754d5616267b703f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
d3rb9wasp2y8gw.cloudfront.net/5SnFsNkwpHgJQcz4YCAt6ekFfBnhsGx9ZIjpML14VOzkNRXkPADZVGg1XGEwod0FKWi0kFlEQKSQSUQdqKxUOC3hsBRxZJ3cDCU8pPwAIUzk5VxlXcSceFl8gJhBJBAp/X1wTfnpZFAd9b0IuE356HQVYOTJUXgY0ckczAHhvQi4TfnoDGhN/C0haGHxjVF-4GKy8SB1lpeDdeBn16QV0GfW9DXFAlOBQKWTRvQyoPemRBSkNxew
200 OK 774 B URL HTTP/2 d3rb9wasp2y8gw.cloudfront.net/5SnFsNkwpHgJQcz4YCAt6ekFfBnhsGx9ZIjpML14VOzkNRXkPADZVGg1XGEwod0FKWi0kFlEQKSQSUQdqKxUOC3hsBRxZJ3cDCU8pPwAIUzk5VxlXcSceFl8gJhBJBAp/X1wTfnpZFAd9b0IuE356HQVYOTJUXgY0ckczAHhvQi4TfnoDGhN/C0haGHxjVF-4GKy8SB1lpeDdeBn16QV0GfW9DXFAlOBQKWTRvQyoPemRBSkNxew
IP
File type ASCII text, with very long lines (1090), with no line terminators
Hash 3ca8f8354450794bf3f27df7c41c0934
385776956bd0d2dd1bca66501767ac8865a620b7
b58be317f3d527157a216b6ee46ef6b6def65e56bfc2bd14de1047ef26eb9492
GET /5SnFsNkwpHgJQcz4YCAt6ekFfBnhsGx9ZIjpML14VOzkNRXkPADZVGg1XGEwod0FKWi0kFlEQKSQSUQdqKxUOC3hsBRxZJ3cDCU8pPwAIUzk5VxlXcSceFl8gJhBJBAp/X1wTfnpZFAd9b0IuE356HQVYOTJUXgY0ckczAHhvQi4TfnoDGhN/C0haGHxjVF-4GKy8SB1lpeDdeBn16QV0GfW9DXFAlOBQKWTRvQyoPemRBSkNxew HTTP/1.1
Host: d3rb9wasp2y8gw.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quettefors.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 774
date: Mon, 26 Sep 2022 23:48:34 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: O7-ICcmzyS7WalMhb02ARCliAFqQuj3IfbbguSJAKAU1xT_MolUUIw==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 008bb0f15929580c49beb48408615d01
a28e34ab71eea646efaf0a505a3bd07671bd6012
f612ef9519f2b8baad9918a77a873fb28c691518df1504fb32a47af79b8f7e18
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 23:48:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 00:52:20 GMT
Expires: Mon, 03 Oct 2022 00:52:19 GMT
Etag: "a28e34ab71eea646efaf0a505a3bd07671bd6012"
Cache-Control: max-age=521624,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 750fe420f831b4f9-OSL
ocsp.sectigo.com/
200 OK 471 B IP
Hash 0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 23:48:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=541603,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 750fe4212ace0b39-OSL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://userscloud.com
Content-Length: 1523
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 26 Sep 2022 23:48:52 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://userscloud.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
quettefors.xyz/multi?cs=YWNyTm5WW0p2V1haS3xdU1JHeFs&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.59.1&sts=0&prn=0&emb=0&tid=708052&u=699831729745870&agec=1664236113&fs=1&mbkb=393.7007874015748&ref=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_DqYD=1664236112141&crc=1
200 OK 1.4 kB URL HTTP/2 quettefors.xyz/multi?cs=YWNyTm5WW0p2V1haS3xdU1JHeFs&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.59.1&sts=0&prn=0&emb=0&tid=708052&u=699831729745870&agec=1664236113&fs=1&mbkb=393.7007874015748&ref=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_DqYD=1664236112141&crc=1
IP
File type ASCII text, with very long lines (2983), with no line terminators
Hash f752471b0f2701e16cdc84245a67aacf
885c21002e6f0fe8eb72902d74760ffa685b242a
e9b3b3cf220fa024b9ab536834382e220bcf6d004327db44c67f474829505ea5
GET /multi?cs=YWNyTm5WW0p2V1haS3xdU1JHeFs&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.59.1&sts=0&prn=0&emb=0&tid=708052&u=699831729745870&agec=1664236113&fs=1&mbkb=393.7007874015748&ref=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_DqYD=1664236112141&crc=1 HTTP/1.1
Host: quettefors.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1367
date: Mon, 26 Sep 2022 23:48:34 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=c661243f-b1a0-4b30-965d-5b77cadc3dcd
csu=699831729745870
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a8de383ae0e22ed372880220fd20b198.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: SYGttBP4xx80HnLUPh351hQUGscTkI36LlY3m6jqP2wJ1xLeTFc1pQ==
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
200 OK 65 B IP
File type JSON data\012- , ASCII text
Hash 5cd32ae36a42f1e612b8614b00cd42d0
fadd34e4485556c49d530ec15660db295e0908c9
c528c2a82cc479708a8593b307bbf854db516a665ef059b8c0430968b4cff882
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 23:48:34 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=8b0bdaf1056941b098e33b70f07caa7e; expires=Tue, 26 Sep 2023 23:48:34 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash cf99681f6f1d6e00e0abca7033eb6219
73261f7daa90ce6fd7a81b10ed7bd762200c3f28
3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4242
Cache-Control: max-age=133877
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:34 GMT
Etag: "633191b5-1d7"
Expires: Wed, 28 Sep 2022 12:59:51 GMT
Last-Modified: Mon, 26 Sep 2022 11:49:09 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 17b745b5d3e387127df4aba170081743
e59dc2fcbab312428ac919358c3f8afe301e723b
94b6219f1fdabe19021204226c005ab3f82f148cbfabd240a999f18267895bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Mon, 26 Sep 2022 22:41:09 GMT
expires: Tue, 27 Sep 2022 00:41:09 GMT
cache-control: public, max-age=7200
age: 4045
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 17b745b5d3e387127df4aba170081743
e59dc2fcbab312428ac919358c3f8afe301e723b
94b6219f1fdabe19021204226c005ab3f82f148cbfabd240a999f18267895bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 0aad8cf26b7dbc9de1a6b4e7607cb597
9b669bf973c7b647595432a32c1caf09e857222f
162df502670d4aed89304f4702ab46add42fa00ca724baedfadf435beb51ddd1
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 26 Sep 2022 23:48:34 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1912965805%3A1664236114454103&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpqKycgZinWbdy5oJURdTwDTojkdFEZEGltmuPWl5fsf7_qQRIXBCwz3ByhvFZt9Y4ECWDh8w
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-JgufJ24Jt3qmtr5WxaW4Fw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:2TewF_GUry3DnFxJjHMUW9BtrCjoYA:FORJRPcV9hloMOqA;Path=/;Expires=Wed, 25-Sep-2024 23:48:34 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 603f1e8483f70e464c5e773f2fd9db9b
03127d310d7a3694c81f7627c6c09885f24aeb1e
60ff6aa9b3f6d0e8f4c8c72203c76a2f769781cd414d83cc8e44b0d9bab0e9fd
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 26 Sep 2022 23:48:34 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-939180518%3A1664236114504983&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqvZNIWrcfpokogSNg4px-pMfKiNyQIrZdyAx4hWvqllmmXuKUT0vqo7RhUnYOgf--nq1mwrw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-xKCq6cJ_LV-syA0Jj7IYHw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:zc4tkiSNEZAkpyXRj9CkdiZsSch1jQ:jUVZ3lM__oeMh9fR;Path=/;Expires=Wed, 25-Sep-2024 23:48:34 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
goomaphy.com/500/4859604?excludes=&oaid=8b0bdaf1056941b098e33b70f07caa7e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 0 B URL HTTP/2 goomaphy.com/500/4859604?excludes=&oaid=8b0bdaf1056941b098e33b70f07caa7e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4859604?excludes=&oaid=8b0bdaf1056941b098e33b70f07caa7e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 23:48:34 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash cf99681f6f1d6e00e0abca7033eb6219
73261f7daa90ce6fd7a81b10ed7bd762200c3f28
3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4242
Cache-Control: max-age=133877
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:34 GMT
Etag: "633191b5-1d7"
Expires: Wed, 28 Sep 2022 12:59:51 GMT
Last-Modified: Mon, 26 Sep 2022 11:49:09 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
200 OK 13 kB URL HTTP/2 offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 375d4eace3e9692bfe2fc21648f4c59a
57ef9b8278b63d567eab92b8607b68cee29071b8
46005b3961515220591e6df79d2713774deb57a082dda8162c3d182bcad3aa1b
GET /www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 23:48:34 GMT
content-type: image/jpeg
content-length: 13449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6231b480-3489"
expires: Tue, 27 Sep 2022 13:38:20 GMT
last-modified: Wed, 16 Mar 2022 09:57:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 36614
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 750fe424591a991a-ARN
X-Firefox-Spdy: h2
goomaphy.com/impression/X2lwfMI82ZuKCDH0_YPCqj-BxpBujfbKExN-aRJPqtlRwBEeOx9T_dH7Yao3ZKgrMf8bcOynbqAjuBUWXJBp8FKcn7xCgAU8pPGVXGEa3eEmh4brcm-WKkqqmcRbzWjYqCyziJcbYD5tc5nnyiCEoxxJrqaLC_t6Ld8wVF_4SVn6VdRebnIUT32DmmtS30Cn8W87uaQqnHF89y6E89FfCPFwV1v_JUSbV_27OQEqqPlpW52ye4G1lhXrRstTSaZuYNQaFwXbxrZs-Av-Epl0Y-AkZ7NudbB0xoAnvxcq6FAtof4rP6kJApznHUrGpbMjIpYGL7lTTYxW4rRgyJkTk5-uvkICzVA6tQJYZOQmcfnU8ObWRx_p08RV8C6J2ctVTGizLeMkDyeYMWkOeXuRAJ49KdPAi7Y7tJ3o2yKrR1mVvmf2ZW8vXp6Gh2IhUL2jLt7A5Wi70cQX-uYZFAJKYxzF0k0VlZqTyspNzgdAEZF98Al9X5M3XN7YEqtB3LItMqICbp9bhRlsQXsQjkbxukSzdisjh7YM3d5XC2detuRjB0QdNAb17_YHMfJtuY5m36x-HDsHxLxsrP1J-HDuDv3GAGCeEAw4?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 853 B URL HTTP/2 goomaphy.com/impression/X2lwfMI82ZuKCDH0_YPCqj-BxpBujfbKExN-aRJPqtlRwBEeOx9T_dH7Yao3ZKgrMf8bcOynbqAjuBUWXJBp8FKcn7xCgAU8pPGVXGEa3eEmh4brcm-WKkqqmcRbzWjYqCyziJcbYD5tc5nnyiCEoxxJrqaLC_t6Ld8wVF_4SVn6VdRebnIUT32DmmtS30Cn8W87uaQqnHF89y6E89FfCPFwV1v_JUSbV_27OQEqqPlpW52ye4G1lhXrRstTSaZuYNQaFwXbxrZs-Av-Epl0Y-AkZ7NudbB0xoAnvxcq6FAtof4rP6kJApznHUrGpbMjIpYGL7lTTYxW4rRgyJkTk5-uvkICzVA6tQJYZOQmcfnU8ObWRx_p08RV8C6J2ctVTGizLeMkDyeYMWkOeXuRAJ49KdPAi7Y7tJ3o2yKrR1mVvmf2ZW8vXp6Gh2IhUL2jLt7A5Wi70cQX-uYZFAJKYxzF0k0VlZqTyspNzgdAEZF98Al9X5M3XN7YEqtB3LItMqICbp9bhRlsQXsQjkbxukSzdisjh7YM3d5XC2detuRjB0QdNAb17_YHMfJtuY5m36x-HDsHxLxsrP1J-HDuDv3GAGCeEAw4?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
File type gzip compressed data, max compression\012- data
Hash c6b5d7b517172cb05c3baa88fa221ccd
326e89d26d126eb043eac9f3ec8b165302cda18e
b1eb14fac3f21067a50b8f838200f1b4c2339cbf3d3e83b9f99b96208d6d3cb3
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/X2lwfMI82ZuKCDH0_YPCqj-BxpBujfbKExN-aRJPqtlRwBEeOx9T_dH7Yao3ZKgrMf8bcOynbqAjuBUWXJBp8FKcn7xCgAU8pPGVXGEa3eEmh4brcm-WKkqqmcRbzWjYqCyziJcbYD5tc5nnyiCEoxxJrqaLC_t6Ld8wVF_4SVn6VdRebnIUT32DmmtS30Cn8W87uaQqnHF89y6E89FfCPFwV1v_JUSbV_27OQEqqPlpW52ye4G1lhXrRstTSaZuYNQaFwXbxrZs-Av-Epl0Y-AkZ7NudbB0xoAnvxcq6FAtof4rP6kJApznHUrGpbMjIpYGL7lTTYxW4rRgyJkTk5-uvkICzVA6tQJYZOQmcfnU8ObWRx_p08RV8C6J2ctVTGizLeMkDyeYMWkOeXuRAJ49KdPAi7Y7tJ3o2yKrR1mVvmf2ZW8vXp6Gh2IhUL2jLt7A5Wi70cQX-uYZFAJKYxzF0k0VlZqTyspNzgdAEZF98Al9X5M3XN7YEqtB3LItMqICbp9bhRlsQXsQjkbxukSzdisjh7YM3d5XC2detuRjB0QdNAb17_YHMfJtuY5m36x-HDsHxLxsrP1J-HDuDv3GAGCeEAw4?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=8b0bdaf1056941b098e33b70f07caa7e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 23:48:38 GMT
content-type: image/gif
content-length: 43
x-trace-id: 465f968d89c52d5639fd1a0dda85d8f2
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
Hash 7e14b58777fe1caed90d34a37178d494
6052721aa159002426953fa853d06e3ced0320b6
a501fde4ff80bb29e2eed9a51c801e8e1921aec9911b0a757fe1f319f5c68a5e
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Sep 2022 23:48:39 GMT
date: Mon, 26 Sep 2022 23:48:39 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 447271
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 447271
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 23:48:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
userscloud.com/ghbcz43a0nnu
200 OK 0 B URL HTTP/2 userscloud.com/ghbcz43a0nnu
IP
GET /ghbcz43a0nnu HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 26 Sep 2022 23:48:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=0;includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Sun, 25 Sep 2022 23:48:33 GMT
set-cookie: lang=english; domain=.userscloud.com; path=/
aff=372357; domain=.userscloud.com; path=/; expires=Mon, 10-Oct-2022 23:48:33 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3T7n2H5dU2uXruilnmZrZcb03XIGEaO%2Fttaf6LkuHa9%2Fm4NhMf1quXcWLNEQKI1Bn78igZClPpPpS7MyAdNbPnn9UHIy1rSi5why7HZOo0DtC4O3qgTB%2F1LKCZsjk9nUkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750fe4133e8fb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 26 Sep 2022 23:48:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 318
last-modified: Mon, 26 Sep 2022 23:43:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gHDQGdY8ZRnJPZ5pzTvfnaSgHzSe35%2BjdEI6a3ge8uywSxPAdOy0TBGHvtzawoaX5s1K6czKzUUOc1skuT6rC8EjxcFEbU3Jf6rbFsu4%2FPAs2mlfi%2BjXK6PFYGgC9UYa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750fe41f0e03731e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 26 Sep 2022 23:48:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 318
last-modified: Mon, 26 Sep 2022 23:43:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ggX3IPaRujYP2U7jahmgk7YgPN1L%2FOYwkM44jz7O03kcf7nrZtAHE722yQZtcwvBfgJQoEE32dqh3KOON9lbz9ykclxXDQ%2FXC2A9w0uH%2FXbC0KLG%2FOobTTbSMpMCuCvr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750fe41f1e09731e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
200 OK 0 B IP
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 23:48:33 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 7159
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YAIQyicLYf1g4dyor04WDZ%2BBXSzauXaax7xkSromxuA1VmlDFSE9Y9kP7vsamBr6GHcS8z6K6Nx79NbTk6Kjd2jY75vtHK%2B81pd6SOGHIQsVnM8BA2QkSTeiEfK%2Fiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750fe41f7cf51c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Qj4kerQeiMPdJu55EQ8k9GTvKSwTIpYfqAAKV3bHC5i6ieHZszy31AgfsL8SuchqIGiz4VuCYjYA9CmQ3JShaw==
date: Mon, 26 Sep 2022 23:48:34 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
goomaphy.com/500/4859604?excludes=&oaid=8b0bdaf1056941b098e33b70f07caa7e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 0 B URL HTTP/2 goomaphy.com/500/4859604?excludes=&oaid=8b0bdaf1056941b098e33b70f07caa7e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4859604?excludes=&oaid=8b0bdaf1056941b098e33b70f07caa7e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fuserscloud.com%2Fghbcz43a0nnu&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=30c29827db94408abf424666730225e9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 23:48:34 GMT
content-type: application/javascript
x-trace-id: 48bda40d605243cd5f864fb1102280f8
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://userscloud.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=8b0bdaf1056941b098e33b70f07caa7e; expires=Tue, 26 Sep 2023 23:48:34 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
goomaphy.com/401/4859604
200 OK 0 B IP
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4859604 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 23:48:33 GMT
content-type: application/javascript
x-trace-id: d1cbbcf580ea514b0ea0bb390a059b33
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=30c29827db94408abf424666730225e9; expires=Tue, 26 Sep 2023 23:48:33 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 26 Sep 2022 23:48:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 318
last-modified: Mon, 26 Sep 2022 23:43:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5zfKYsbCFrkyiaoVyfVz05UBf2RQZzYpTyEDJ8qL2aDJgGS9ChKvxwzVCJEqzj5BWVsedZQUVW8D5AKt4obwnxs9vzoqOord0jzSXw3Fxgtnij1MhtQ4a1R1HN0mghGC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750fe41f0e05731e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.207.105
104.21.94.209
139.45.195.8
23.36.77.32
157.240.200.35