userscloud.com/gvngzhtvb04s
104.21.69.102301 Moved Permanently 0 B URL HTTP/1.1 userscloud.com/gvngzhtvb04s
IP 104.21.69.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gvngzhtvb04s HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 06 Oct 2022 22:52:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 06 Oct 2022 23:52:30 GMT
Location: https://userscloud.com/gvngzhtvb04s
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzQNheSmVJ%2F8yyWB2Z7gzg1hXpvbnJFo6h1enCUqgVYaLKtBvxPpI8pPF9nIWhJkLTZbxRVYgJmpYt%2FpX7QsHyKNLFixMynyZPcgCOXYc2aJzT4zD%2BlF%2BGXhsof0lgaqXw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7561f7c4daa9b51e-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10056
Expires: Fri, 07 Oct 2022 01:40:07 GMT
Date: Thu, 06 Oct 2022 22:52:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
54.230.111.7200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kv7MQlylTULM-M_fMyV0svxzawe4DKdmrZhB8qHOIgJ661iBwGMvzg==
Age: 111913
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4ab7d8709d334de0e46dcb86aabfbff1
f221138a8ad9d0bfa3c054370dcdb363a67dc310
b91d37f606eaf448b9c7dfc05566a11de004ce44503409e1a776288ee2622805
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B91D37F606EAF448B9C7DFC05566A11DE004CE44503409E1A776288EE2622805"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5837
Expires: Fri, 07 Oct 2022 00:29:48 GMT
Date: Thu, 06 Oct 2022 22:52:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FQv/Ln2K9QI5VpSPjhOndAgHWCKaM9cCeWlhyDFIA0ly+8p+m2dZbOWCHBeBZo/DQxrtkG75iOs=
x-amz-request-id: 25XY1TEVYA45AMHX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 22:30:57 GMT
age: 1294
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.7200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Thu, 06 Oct 2022 22:29:41 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Thu, 06 Oct 2022 23:08:21 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: G0Gi-NHunyiLHR_-hzCsx1fegN2BMmtLi7nZ1BsDqQTZW5HrLf93oA==
Age: 1370
r3.o.lencr.org/
23.36.77.32200 OK 8.2 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 657364aa9cb91715de92c2c4e6978a83
c88552a607618c226283af2535db90bb0f4496b5
3da7804814f20ca549390161c7afd5aa9f9bb26b39732d8128a1483d0b66eb41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EFF61D8C684A8D72C2B64EA0A26165027ADFD8BD9D6A34678F76F5DC0EA6ABAC"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7387
Expires: Fri, 07 Oct 2022 00:55:38 GMT
Date: Thu, 06 Oct 2022 22:52:31 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8be5570b9a5ca76c580da007a824b029
38840f2ac6476bdd5608121c5653e338c7ad9715
0b94e05080ef85432b1815eb3c6c7594c9613cfde1b51eeabee46d0d9fde64b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3784
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:31 GMT
Last-Modified: Thu, 06 Oct 2022 21:49:27 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
mansernema.com/tR1UH9ydsWnRd22/55991
23.109.82.117200 OK 25 B URL HTTP/1.1 mansernema.com/tR1UH9ydsWnRd22/55991
IP 23.109.82.117:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
Analyzer Verdict Alert quad9 Sinkholed
GET /tR1UH9ydsWnRd22/55991 HTTP/1.1
Host: mansernema.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 22:52:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://userscloud.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Fri, 07-Oct-2022 22:52:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Fri, 07-Oct-2022 22:52:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-70768172-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-70768172-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash ff6cff3cdec1f5ea075b96e6c0cab829
bebef325bbf662b897d5d172193245aec4a34ba9
5254ebdc349e9c417bf7a06534ce1d6844289f14671b6a1b3626e2613f1d871e
GET /gtag/js?id=UA-70768172-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 06 Oct 2022 22:52:31 GMT
expires: Thu, 06 Oct 2022 22:52:31 GMT
cache-control: private, max-age=900
last-modified: Thu, 06 Oct 2022 21:38:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42429
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 3.9 kB IP 142.250.74.3:0
Hash c24d1564b226e29908abfe34c90c0fa3
1664eceee7b07384f35409853c440eb7dfedbf73
a0fa4ea5125caf08bed872a50898dfe9271cc6d87e16bb4f3e612f2494cc563d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48e7bd0b2c01abb67b2cb672548fe89a
6cd06763a593fa26886df0f8e3e2da6e2e121704
2803722d5a574d4afe8ceb930446f688ac562d8dcf63cb4c3973ef15f800a720
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2803722D5A574D4AFE8CEB930446F688AC562D8DCF63CB4C3973EF15F800A720"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8679
Expires: Fri, 07 Oct 2022 01:17:10 GMT
Date: Thu, 06 Oct 2022 22:52:31 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 50df66d2f9aeb5e1ca68d6cfd7c4d0aa
a9dbf220e5a247e324e79c8425a03a4a215b614c
161d51fa7021ff49c7fcd70343b3cfe67ca24c3ca70f55f7e3b8799d5914095b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "161D51FA7021FF49C7FCD70343B3CFE67CA24C3CA70F55F7E3B8799D5914095B"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10125
Expires: Fri, 07 Oct 2022 01:41:16 GMT
Date: Thu, 06 Oct 2022 22:52:31 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 50df66d2f9aeb5e1ca68d6cfd7c4d0aa
a9dbf220e5a247e324e79c8425a03a4a215b614c
161d51fa7021ff49c7fcd70343b3cfe67ca24c3ca70f55f7e3b8799d5914095b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "161D51FA7021FF49C7FCD70343B3CFE67CA24C3CA70F55F7E3B8799D5914095B"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10125
Expires: Fri, 07 Oct 2022 01:41:16 GMT
Date: Thu, 06 Oct 2022 22:52:31 GMT
Connection: keep-alive
domestich.xyz/utx?cb=dIMABIX419Zp&top=userscloud.com&tid=600304
54.230.111.37204 No Content 0 B URL HTTP/2 domestich.xyz/utx?cb=dIMABIX419Zp&top=userscloud.com&tid=600304
IP 54.230.111.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=dIMABIX419Zp&top=userscloud.com&tid=600304 HTTP/1.1
Host: domestich.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 06 Oct 2022 22:52:31 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 06 Oct 2022 22:53:31 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Inh3TCjpw0CAsLyrdLdTClFUO0GDmsFRfQHcUdOhn90MqSEZOPuD3w==
X-Firefox-Spdy: h2
ghlyrecome.xyz/aVBLSHVGbyg7SDwXMxwWPwYgEDI/GhElLw8xewYGMAZyOicEEW08HA1tfXhFWmB/bgUANHZ5UxokKjwAGm16bhwHNiR1Ux9temZGXX55cVtZdj51RE8kOykSVGFtOAEdPHZ5Q19le3FDXmV6cExY
104.21.77.231204 No Content 0 B URL HTTP/2 ghlyrecome.xyz/aVBLSHVGbyg7SDwXMxwWPwYgEDI/GhElLw8xewYGMAZyOicEEW08HA1tfXhFWmB/bgUANHZ5UxokKjwAGm16bhwHNiR1Ux9temZGXX55cVtZdj51RE8kOykSVGFtOAEdPHZ5Q19le3FDXmV6cExY
IP 104.21.77.231:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aVBLSHVGbyg7SDwXMxwWPwYgEDI/GhElLw8xewYGMAZyOicEEW08HA1tfXhFWmB/bgUANHZ5UxokKjwAGm16bhwHNiR1Ux9temZGXX55cVtZdj51RE8kOykSVGFtOAEdPHZ5Q19le3FDXmV6cExY HTTP/1.1
Host: ghlyrecome.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 06 Oct 2022 22:52:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdMy9x0edzc00TukojbnRhEOA2H4zIcBPI5TGAd8M2oiNN2AEl20t4opFxnUcLgsQkUElhUXmPDhxziWpWrMuH1isTUhRDoVmQB3ncJ0JnGDw%2FU0Jbwo28kUyAFKsdnnjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7561f7cb8d4db500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.89.20.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.20.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: slaee8YOuPIv1+GofY0WwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: T+3SaaPCtGJSgeTW1rcwNyb7uus=
domestich.xyz/QTJpYkwgUAoPcyAPC0Q5M15UR34HF1skKHNYGVp7IgAMDSg0UwdMLy1dHAYqM10HFmIvVx1HfgdQPTUGDVAtATkFYTwpDwVZJS59BHAPNAZ1aigsPgJ2DiYbFQMPIQoQYg8xIHZ2DiB8ClgBByoWQT4vHSZ5DzcdL3Y/CT0ZAFkoGxIHDwcnMWUiMw5zZSsneQRbOCoPKHciMg4TZCMFHTRxAjQ+B0sZMBsoezArKwNQJScodHkOKCYUX1wHDnNnCAcgcWEPCw40ag4BJAJLPDgYc1o4BzQQYgwYfXhlKyhpc3AgJXkkcBNaGSNeUFAoB2AFOg50XTwqYTJ+PAt4C3gsCQoCAytVFBBWUDd/NVYsDHUSfjg0CgpzOAkKA3hMUAoLeiMDCxkDLDIgBHVPCD8uXBlfD3kKWSl8IwVQKj9zeA
54.230.111.37200 OK 1.2 kB URL HTTP/2 domestich.xyz/QTJpYkwgUAoPcyAPC0Q5M15UR34HF1skKHNYGVp7IgAMDSg0UwdMLy1dHAYqM10HFmIvVx1HfgdQPTUGDVAtATkFYTwpDwVZJS59BHAPNAZ1aigsPgJ2DiYbFQMPIQoQYg8xIHZ2DiB8ClgBByoWQT4vHSZ5DzcdL3Y/CT0ZAFkoGxIHDwcnMWUiMw5zZSsneQRbOCoPKHciMg4TZCMFHTRxAjQ+B0sZMBsoezArKwNQJScodHkOKCYUX1wHDnNnCAcgcWEPCw40ag4BJAJLPDgYc1o4BzQQYgwYfXhlKyhpc3AgJXkkcBNaGSNeUFAoB2AFOg50XTwqYTJ+PAt4C3gsCQoCAytVFBBWUDd/NVYsDHUSfjg0CgpzOAkKA3hMUAoLeiMDCxkDLDIgBHVPCD8uXBlfD3kKWSl8IwVQKj9zeA
IP 54.230.111.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash b026bc6fbdfb862776a551b92c2ade3a
d37beb1268c9fb44a4ffce9199bef1089f788a08
21f695909f4b800f31e48a12b626302e227bb3bcf51ecec39c70d84ecaafde08
GET /QTJpYkwgUAoPcyAPC0Q5M15UR34HF1skKHNYGVp7IgAMDSg0UwdMLy1dHAYqM10HFmIvVx1HfgdQPTUGDVAtATkFYTwpDwVZJS59BHAPNAZ1aigsPgJ2DiYbFQMPIQoQYg8xIHZ2DiB8ClgBByoWQT4vHSZ5DzcdL3Y/CT0ZAFkoGxIHDwcnMWUiMw5zZSsneQRbOCoPKHciMg4TZCMFHTRxAjQ+B0sZMBsoezArKwNQJScodHkOKCYUX1wHDnNnCAcgcWEPCw40ag4BJAJLPDgYc1o4BzQQYgwYfXhlKyhpc3AgJXkkcBNaGSNeUFAoB2AFOg50XTwqYTJ+PAt4C3gsCQoCAytVFBBWUDd/NVYsDHUSfjg0CgpzOAkKA3hMUAoLeiMDCxkDLDIgBHVPCD8uXBlfD3kKWSl8IwVQKj9zeA HTTP/1.1
Host: domestich.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1175
date: Thu, 06 Oct 2022 22:52:32 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: saCj0V6HqkD_LD06LBBYEGVAq6BJsuV639okG1IMYO00yk8Oq1TEOg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 50df66d2f9aeb5e1ca68d6cfd7c4d0aa
a9dbf220e5a247e324e79c8425a03a4a215b614c
161d51fa7021ff49c7fcd70343b3cfe67ca24c3ca70f55f7e3b8799d5914095b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "161D51FA7021FF49C7FCD70343B3CFE67CA24C3CA70F55F7E3B8799D5914095B"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10124
Expires: Fri, 07 Oct 2022 01:41:16 GMT
Date: Thu, 06 Oct 2022 22:52:32 GMT
Connection: keep-alive
domestich.xyz/utx?cb=K51b5pdca2uU&top=userscloud.com&tid=708052
54.230.111.37204 No Content 0 B URL HTTP/2 domestich.xyz/utx?cb=K51b5pdca2uU&top=userscloud.com&tid=708052
IP 54.230.111.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=K51b5pdca2uU&top=userscloud.com&tid=708052 HTTP/1.1
Host: domestich.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 06 Oct 2022 22:52:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 06 Oct 2022 22:53:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j9brXkbZHUgfrT2AmM-YVPtaaN_8luDz4se3Bt0EDOI4N1ADZv-Chg==
X-Firefox-Spdy: h2
domestich.xyz/MW9rN1BQDQhab1BSCRElQwNWEmJ3SllxNAMFGw9nUl0OWDREDgUZM10AHlM2QwAFQ35fCh8SYndeJWA0Ag4vZQdyLQB4EwEqJHJhZCspYWl5NzpuBHU+On8HWjkKeDgEIDl0N0ggPW00YD4mZAVwBzNiAWM5PEASejsHcTJzKhttFV0+L3EGZC4uTx15LVoPGXIXU1EEdwwmcgEAPDkHFXIsOlsJci5bdQd3BCxiPEEWKnI8eTs6bhZlGFJtEmMtPnkFASgpZiNULQBxHmAEPW4EcF45fBYFLi5xAQA7Om4Wdz4teRICPQ5mBWgqI3IadzgteQFzLUZAGHQ+CF8CZwgtdQZVKDx2BWA5PlQfaToIdBVgCyZyFmQXPmYZUzlacjRyPjoROkIABUdtfBkRRh90Pglf
54.230.111.37200 OK 1.2 kB URL HTTP/2 domestich.xyz/MW9rN1BQDQhab1BSCRElQwNWEmJ3SllxNAMFGw9nUl0OWDREDgUZM10AHlM2QwAFQ35fCh8SYndeJWA0Ag4vZQdyLQB4EwEqJHJhZCspYWl5NzpuBHU+On8HWjkKeDgEIDl0N0ggPW00YD4mZAVwBzNiAWM5PEASejsHcTJzKhttFV0+L3EGZC4uTx15LVoPGXIXU1EEdwwmcgEAPDkHFXIsOlsJci5bdQd3BCxiPEEWKnI8eTs6bhZlGFJtEmMtPnkFASgpZiNULQBxHmAEPW4EcF45fBYFLi5xAQA7Om4Wdz4teRICPQ5mBWgqI3IadzgteQFzLUZAGHQ+CF8CZwgtdQZVKDx2BWA5PlQfaToIdBVgCyZyFmQXPmYZUzlacjRyPjoROkIABUdtfBkRRh90Pglf
IP 54.230.111.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3011), with no line terminators
Hash 65543cca8d178427023a2fc02b878367
f2fd7f7d862bfa1adf452b475e72b9541a2f4386
e6fd344f3e49216a040bd5f336255bd06dafd35547c9c111e2e9475deeca2274
GET /MW9rN1BQDQhab1BSCRElQwNWEmJ3SllxNAMFGw9nUl0OWDREDgUZM10AHlM2QwAFQ35fCh8SYndeJWA0Ag4vZQdyLQB4EwEqJHJhZCspYWl5NzpuBHU+On8HWjkKeDgEIDl0N0ggPW00YD4mZAVwBzNiAWM5PEASejsHcTJzKhttFV0+L3EGZC4uTx15LVoPGXIXU1EEdwwmcgEAPDkHFXIsOlsJci5bdQd3BCxiPEEWKnI8eTs6bhZlGFJtEmMtPnkFASgpZiNULQBxHmAEPW4EcF45fBYFLi5xAQA7Om4Wdz4teRICPQ5mBWgqI3IadzgteQFzLUZAGHQ+CF8CZwgtdQZVKDx2BWA5PlQfaToIdBVgCyZyFmQXPmYZUzlacjRyPjoROkIABUdtfBkRRh90Pglf HTTP/1.1
Host: domestich.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1164
date: Thu, 06 Oct 2022 22:52:32 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YbVGdHc_oC9fq7T8lyvtKEfRD1P4a7GLHlNp80cgpVt3jB_-oRQvhw==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.106.19200 OK 103 kB IP 172.64.106.19:0
Size 103 kB (102903 bytes)
Hash fab079eaebc41ef9eabe97a44dd664a0
79e8e090ee12200f1b58a236064ab5c0fae0d01f
71d49ccd95c0c470acb37c19a628336d3e3313596b1066b98d2f8304d6fab353
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 22:52:31 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2517
last-modified: Thu, 06 Oct 2022 22:10:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNbcOZKOVK5PlhXMXzJ6qfNrRh78piu%2FvcdJ7jiNjeNb1sI0%2BZVwXXVISvO%2FLYbkHIUpuUa%2Fey2Dj9ImA%2B3q5ybDwtIo%2BI9l%2BKjDur4HHDZJVwq%2Fqsmz7Oiiti%2FJ1rMP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7561f7cbdb8b7447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ghlyrecome.xyz/b2RsNjlAWw9FBAsKAwVcKjYjZXgpKAhzbyAmKUYBPjEHdWoBNUpCUAtZWwYBX1FeEEkGAFEEAEkXGFdNGhdRBx8GCgpZBEkSUQcXX0paBhdfQhkLCEkQHFdeUlVKRk0bCFEHD1lRXA8PWFFdDwpY
104.21.77.231204 No Content 0 B URL HTTP/2 ghlyrecome.xyz/b2RsNjlAWw9FBAsKAwVcKjYjZXgpKAhzbyAmKUYBPjEHdWoBNUpCUAtZWwYBX1FeEEkGAFEEAEkXGFdNGhdRBx8GCgpZBEkSUQcXX0paBhdfQhkLCEkQHFdeUlVKRk0bCFEHD1lRXA8PWFFdDwpY
IP 104.21.77.231:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b2RsNjlAWw9FBAsKAwVcKjYjZXgpKAhzbyAmKUYBPjEHdWoBNUpCUAtZWwYBX1FeEEkGAFEEAEkXGFdNGhdRBx8GCgpZBEkSUQcXX0paBhdfQhkLCEkQHFdeUlVKRk0bCFEHD1lRXA8PWFFdDwpY HTTP/1.1
Host: ghlyrecome.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 06 Oct 2022 22:52:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rBLqNJ%2BoqiREtsAbgeU%2F891qCWUNmEgm%2B169J38KuOfqX8CsfmUr7PmBAoawQwm1agGKEgLsiI6Qtx8Ki8ZmruUU1YX4TWCRBR5ie5ZD8xVRZrKCodETyKVti2dHtRd7nA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7561f7cbcd73b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
domestich.xyz/aTVEUEMIVyc9fAgIJnY2G1l5dXEvEHYWJ1tfNGh0CgchPyccVCp+IAVaMTQlG1oqJG0HUDB1cS9tJmIgEXspCQ4qc30BFDtGCwYSHVAcPAYgdBIGCS1gDgoAKwwlBhYgfA88DV1sBz8pOVgRAQYBYAAUAjN0BScZD2ASJAkoWX0GFFgABgUFIHARPA4xZCwJAi10PDEHAVIiBXJZdAc3BS1wBh0MPlk8CgsobAgIFQ1xHAMGLHICCgg/ZAE1CwUAExYCPF4XPBYrYiNoASxeLwQVLw0iExIoABMGDjx3FwIIP2QCFQYsRREzAlBkFQYgMHB1AiUoc2kCFS1kBhMCWncRCHIwdwY8Jw9jLAEGP1IvHxJYeAURAVFgBhMBPmAWaAQ4dzQxAigTLiMsB0V5NDcHcHAZFSV5HQQ
54.230.111.37200 OK 1.2 kB URL HTTP/2 domestich.xyz/aTVEUEMIVyc9fAgIJnY2G1l5dXEvEHYWJ1tfNGh0CgchPyccVCp+IAVaMTQlG1oqJG0HUDB1cS9tJmIgEXspCQ4qc30BFDtGCwYSHVAcPAYgdBIGCS1gDgoAKwwlBhYgfA88DV1sBz8pOVgRAQYBYAAUAjN0BScZD2ASJAkoWX0GFFgABgUFIHARPA4xZCwJAi10PDEHAVIiBXJZdAc3BS1wBh0MPlk8CgsobAgIFQ1xHAMGLHICCgg/ZAE1CwUAExYCPF4XPBYrYiNoASxeLwQVLw0iExIoABMGDjx3FwIIP2QCFQYsRREzAlBkFQYgMHB1AiUoc2kCFS1kBhMCWncRCHIwdwY8Jw9jLAEGP1IvHxJYeAURAVFgBhMBPmAWaAQ4dzQxAigTLiMsB0V5NDcHcHAZFSV5HQQ
IP 54.230.111.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash 7950aefb790113a46d9d69d896a2a11e
4a9424adf584344cc7f7d0c596ea6d5da5e8d451
b91d491740507a63ac24f43bf65ee84d07c7a362d3d2c2888705074ffbc6dacb
GET /aTVEUEMIVyc9fAgIJnY2G1l5dXEvEHYWJ1tfNGh0CgchPyccVCp+IAVaMTQlG1oqJG0HUDB1cS9tJmIgEXspCQ4qc30BFDtGCwYSHVAcPAYgdBIGCS1gDgoAKwwlBhYgfA88DV1sBz8pOVgRAQYBYAAUAjN0BScZD2ASJAkoWX0GFFgABgUFIHARPA4xZCwJAi10PDEHAVIiBXJZdAc3BS1wBh0MPlk8CgsobAgIFQ1xHAMGLHICCgg/ZAE1CwUAExYCPF4XPBYrYiNoASxeLwQVLw0iExIoABMGDjx3FwIIP2QCFQYsRREzAlBkFQYgMHB1AiUoc2kCFS1kBhMCWncRCHIwdwY8Jw9jLAEGP1IvHxJYeAURAVFgBhMBPmAWaAQ4dzQxAigTLiMsB0V5NDcHcHAZFSV5HQQ HTTP/1.1
Host: domestich.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1171
date: Thu, 06 Oct 2022 22:52:32 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bz0dmG1-vVJiF9VINCH2gVg5j3dUfxxjefHaA_hiYQ0rivRYasXQOg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e63be15b4d7b0cd6bf9f62c5af94ff13
4727cd4856f730e03f8e5ad31029fc46bd47aebd
469e878df1553757a6f36a03143b32afd218da9919e0674aa6a50eaa68fe069c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469E878DF1553757A6F36A03143B32AFD218DA9919E0674AA6A50EAA68FE069C"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12817
Expires: Fri, 07 Oct 2022 02:26:09 GMT
Date: Thu, 06 Oct 2022 22:52:32 GMT
Connection: keep-alive
ghlyrecome.xyz/UDdzT2x/CBA8UQpZGzoPKnUlHAAgdTEjKhJvNhYmBXIxFT4RdlU7BTQKS35aaQBAaRw5U059VXZEBy4YJUROfko5WRUgUXZBTn5CYBlFf0JgEQZyXXZDAy4LbQZVPxgkW05+WmYCQ3ZaZwJCdllj
104.21.77.231204 No Content 0 B URL HTTP/2 ghlyrecome.xyz/UDdzT2x/CBA8UQpZGzoPKnUlHAAgdTEjKhJvNhYmBXIxFT4RdlU7BTQKS35aaQBAaRw5U059VXZEBy4YJUROfko5WRUgUXZBTn5CYBlFf0JgEQZyXXZDAy4LbQZVPxgkW05+WmYCQ3ZaZwJCdllj
IP 104.21.77.231:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UDdzT2x/CBA8UQpZGzoPKnUlHAAgdTEjKhJvNhYmBXIxFT4RdlU7BTQKS35aaQBAaRw5U059VXZEBy4YJUROfko5WRUgUXZBTn5CYBlFf0JgEQZyXXZDAy4LbQZVPxgkW05+WmYCQ3ZaZwJCdllj HTTP/1.1
Host: ghlyrecome.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 06 Oct 2022 22:52:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAg%2Ft%2F%2Bl90WQkrvSYU2OfuuqnPDtKMjtVFBMWmuAS%2FXl6u1sY%2Fp92PGqnve%2BLC8FciQZ7ra%2BerIcqcGykMHkxfb1rsIqSnhn9982GSbmGnUgQzTB4rl6buLQ3dafJE3UEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7561f7cbdd80b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waisheph.com/tag.min.js
139.45.197.245200 OK 43 kB IP 139.45.197.245:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 871f40432a64abda2dfef1dfb7529bce
819c02d7cb4bb841aac7c8efa79ab9c347be0bb6
3d48430b2ce2360d402f85d0c0a64b38203db4b52269e5890b3de63dd97d21e1
GET /tag.min.js HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:32 GMT
content-type: text/javascript; charset=utf-8
content-length: 22987
content-encoding: br
x-trace-id: b38f7884a7ec8e29f4747b97c6254f14
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 05 Oct 2022 15:40:22 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
domestich.xyz/utx?cb=AJLQyctNAMwf&top=userscloud.com&tid=816973
54.230.111.37204 No Content 0 B URL HTTP/2 domestich.xyz/utx?cb=AJLQyctNAMwf&top=userscloud.com&tid=816973
IP 54.230.111.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=AJLQyctNAMwf&top=userscloud.com&tid=816973 HTTP/1.1
Host: domestich.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 06 Oct 2022 22:52:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 06 Oct 2022 22:53:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: so-_-od2jevxb0c55iCLg7T1H9i__oPd8rV-IgOpbTMtyuRGow10Og==
X-Firefox-Spdy: h2
d2jp87c2eoduan.cloudfront.net/1NWd3aDRWCBkOC0EOE1UDBV9HXQYTDQQHWkVaOh5ORCgyOVZdQQMSUAhXUQRVWwBKTlFbBEpZElQDFVUAExMHB18ICx8fTFcMEQ1SR0ECCQlYCA0BWFkGUlpyAElHTQYFTw9ZBRBUNU0GBQseBkFNQkVYTA1RKF4AEFQ1TQYFFQFNB3ReQUYEHEJFWFNQBB-wHEQchRVgFBVdGWAUQVUcOXUcCEQdMEFUxUQIbV1EdCQQ
54.230.245.135200 OK 438 B URL HTTP/2 d2jp87c2eoduan.cloudfront.net/1NWd3aDRWCBkOC0EOE1UDBV9HXQYTDQQHWkVaOh5ORCgyOVZdQQMSUAhXUQRVWwBKTlFbBEpZElQDFVUAExMHB18ICx8fTFcMEQ1SR0ECCQlYCA0BWFkGUlpyAElHTQYFTw9ZBRBUNU0GBQseBkFNQkVYTA1RKF4AEFQ1TQYFFQFNB3ReQUYEHEJFWFNQBB-wHEQchRVgFBVdGWAUQVUcOXUcCEQdMEFUxUQIbV1EdCQQ
IP 54.230.245.135:0
File type ASCII text, with very long lines (577), with no line terminators
Hash 15034ee72517a9f2c50a5c4cc0fc96dc
3a620a0394ddf7a57245528c21ba0856f4b94719
f9dd66b91c825ca3c3afb5cbe5083949145eb4998a987472fe0322e17d87be1d
GET /1NWd3aDRWCBkOC0EOE1UDBV9HXQYTDQQHWkVaOh5ORCgyOVZdQQMSUAhXUQRVWwBKTlFbBEpZElQDFVUAExMHB18ICx8fTFcMEQ1SR0ECCQlYCA0BWFkGUlpyAElHTQYFTw9ZBRBUNU0GBQseBkFNQkVYTA1RKF4AEFQ1TQYFFQFNB3ReQUYEHEJFWFNQBB-wHEQchRVgFBVdGWAUQVUcOXUcCEQdMEFUxUQIbV1EdCQQ HTTP/1.1
Host: d2jp87c2eoduan.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://domestich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 438
date: Thu, 06 Oct 2022 22:52:32 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XCGVQh10iFR3uK-m54ybYL9LIormdShruHm-RcHpMdiskdw_699W3w==
X-Firefox-Spdy: h2
d2jp87c2eoduan.cloudfront.net/Xb2cxNmYMCF9QWRsOVQteXlEIAVVJDUJZCB9aVUIIKlN4YCojPmUQEhUDDAZAAwZfUVtJAl9VW15BUFIEUlMXQhYADAxaDhgfU10ACgFDEBMOWlxZHAYLXVdDXSEEGFZKVQEeHl5WFAUkSlUBWg8BEkkTVF8fCQA5WVMUBSRKVQFEEEpUcA9QQVcYE1RfAF-RVDQBCA3BUX1YBBldfVhQEVgkOQ1MAAB8UBCBWUR8GQBpaAA
54.230.245.135200 OK 434 B URL HTTP/2 d2jp87c2eoduan.cloudfront.net/Xb2cxNmYMCF9QWRsOVQteXlEIAVVJDUJZCB9aVUIIKlN4YCojPmUQEhUDDAZAAwZfUVtJAl9VW15BUFIEUlMXQhYADAxaDhgfU10ACgFDEBMOWlxZHAYLXVdDXSEEGFZKVQEeHl5WFAUkSlUBWg8BEkkTVF8fCQA5WVMUBSRKVQFEEEpUcA9QQVcYE1RfAF-RVDQBCA3BUX1YBBldfVhQEVgkOQ1MAAB8UBCBWUR8GQBpaAA
IP 54.230.245.135:0
File type ASCII text, with very long lines (563), with no line terminators
Hash 57cd1dc22b214694cfb074f811485de8
ede7f867db1ff3674f77b23dd31ecfa41280e855
7cffead702aa7938235d37441dfdbb7864c29d06f2666a0d01b199341d4b0a20
GET /Xb2cxNmYMCF9QWRsOVQteXlEIAVVJDUJZCB9aVUIIKlN4YCojPmUQEhUDDAZAAwZfUVtJAl9VW15BUFIEUlMXQhYADAxaDhgfU10ACgFDEBMOWlxZHAYLXVdDXSEEGFZKVQEeHl5WFAUkSlUBWg8BEkkTVF8fCQA5WVMUBSRKVQFEEEpUcA9QQVcYE1RfAF-RVDQBCA3BUX1YBBldfVhQEVgkOQ1MAAB8UBCBWUR8GQBpaAA HTTP/1.1
Host: d2jp87c2eoduan.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://domestich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 434
date: Thu, 06 Oct 2022 22:52:32 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Vadmy05VFeHqPL-19AZLnQWLWsMg5Z02fKPMyLEz31ploqvG_zbnlQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3ba4559bf5aeec3e613adc2f515238b5
dbe370e4722496695582835cc417d3cde20bcc72
056f5709d2b63ae99de4997e1d53d8b7754f22227b8813e229271e13f3f7466f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "056F5709D2B63AE99DE4997E1D53D8B7754F22227B8813E229271E13F3F7466F"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12382
Expires: Fri, 07 Oct 2022 02:18:54 GMT
Date: Thu, 06 Oct 2022 22:52:32 GMT
Connection: keep-alive
d2jp87c2eoduan.cloudfront.net/bTWJLbDcuDSUKCDkLL1EBfVJ4XANrCDgDWT1fCFQPfSl7DgB0KjhefWsWMQgKfUQnDVkqX20JWS5fekpWKQB2WBE5EiQHCiEKPBRVJgQuCkVrFypRWiIYIgBbLEd5KgJjUm5eB2Uael0SfiBuXgchCyUZT2hQexQPez19WBJ+IG5eBz8Ubl92dFRlXB5oUH-sLUi4JJEkFC1B7XQd9U3tdEn9SLQVFKAQkFBJ/JHJaGX1EPlEG
54.230.245.135200 OK 764 B URL HTTP/2 d2jp87c2eoduan.cloudfront.net/bTWJLbDcuDSUKCDkLL1EBfVJ4XANrCDgDWT1fCFQPfSl7DgB0KjhefWsWMQgKfUQnDVkqX20JWS5fekpWKQB2WBE5EiQHCiEKPBRVJgQuCkVrFypRWiIYIgBbLEd5KgJjUm5eB2Uael0SfiBuXgchCyUZT2hQexQPez19WBJ+IG5eBz8Ubl92dFRlXB5oUH-sLUi4JJEkFC1B7XQd9U3tdEn9SLQVFKAQkFBJ/JHJaGX1EPlEG
IP 54.230.245.135:0
File type ASCII text, with very long lines (1081), with no line terminators
Hash 3c960415b2dbd3f9e62f419dbcae9ae5
713cba9795354f6a5a7c4bffbde5a25833617b40
3e9598f5553ca5c590060bdc840aa69896f6fd10ab1ce63058a0c230be9e9701
GET /bTWJLbDcuDSUKCDkLL1EBfVJ4XANrCDgDWT1fCFQPfSl7DgB0KjhefWsWMQgKfUQnDVkqX20JWS5fekpWKQB2WBE5EiQHCiEKPBRVJgQuCkVrFypRWiIYIgBbLEd5KgJjUm5eB2Uael0SfiBuXgchCyUZT2hQexQPez19WBJ+IG5eBz8Ubl92dFRlXB5oUH-sLUi4JJEkFC1B7XQd9U3tdEn9SLQVFKAQkFBJ/JHJaGX1EPlEG HTTP/1.1
Host: d2jp87c2eoduan.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://domestich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 764
date: Thu, 06 Oct 2022 22:52:32 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6QDc0_y7k1eTOqhlR80iAEziAAi4ap3B2lW_vE4sepazQgwhKACLsQ==
X-Firefox-Spdy: h2
domestich.xyz/multi?cs=b2dLNzhXVX0ECFxTeAUAWFR%2BBQg&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1760353164575068&agec=1665096752&fs=1&mbkb=662.2516556291391&ref=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_i1MG=1665096752403&crc=1
54.230.111.37200 OK 1.5 kB URL HTTP/2 domestich.xyz/multi?cs=b2dLNzhXVX0ECFxTeAUAWFR%2BBQg&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1760353164575068&agec=1665096752&fs=1&mbkb=662.2516556291391&ref=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_i1MG=1665096752403&crc=1
IP 54.230.111.37:0
Hash 29645e100e545d7bb12235eb63c0e283
8711742727192850eabeae051ddf7d97744da059
092ddd143fcc92bd412e176c1c8b250acc6f227bc92b7c6938068f68c5e54468
GET /multi?cs=b2dLNzhXVX0ECFxTeAUAWFR%2BBQg&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1760353164575068&agec=1665096752&fs=1&mbkb=662.2516556291391&ref=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_i1MG=1665096752403&crc=1 HTTP/1.1
Host: domestich.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1488
date: Thu, 06 Oct 2022 22:52:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=02dd3b23-3435-42c9-8a57-7d74eb2174a9
csu=1760353164575068
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4o6TUn6dQ-K317jkbtPMhwiWjg6qMe7aUIzzMZFr9F5bI8qMbpQXiw==
X-Firefox-Spdy: h2
tovanillitechan.com/42/38?z=2892518
139.45.197.239200 OK 28 B URL HTTP/2 tovanillitechan.com/42/38?z=2892518
IP 139.45.197.239:0
Hash a288c098c5eb37fbf57df9d734a8f96c
475959564792a01ed70f556d5b54c0710d19e6a1
7c8aba710dba41249852359650cc37acfac11b79076276e9952913a2cf68926e
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=2892518 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=d2d0e819c0bf450fb2c658453521ea82; oaidts=1665096752
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:32 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: df43495a7a3526208f74c3386bfb6916
access-control-expose-headers: X-Sc
set-cookie: OAID=d2d0e819c0bf450fb2c658453521ea82; expires=Fri, 06 Oct 2023 22:52:32 GMT; secure; SameSite=None
oaidts=1665096752; expires=Fri, 06 Oct 2023 22:52:32 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 8f914c75d78aabd8f442473c89339139
65f9275088f83adaabf31e48c76de615ceaf238d
e609b19f355624c89679e3029f5f54f6c1b0398d8b13aae97c6d11b2598dee66
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 22:52:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 12:52:20 GMT
Expires: Thu, 13 Oct 2022 12:52:19 GMT
Etag: "65f9275088f83adaabf31e48c76de615ceaf238d"
Cache-Control: max-age=568186,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7561f7ce28dab512-OSL
my.rtmark.net/gid.js?userId=cdc00cfa089f4c4b8a3d58c8dc9cbee0
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=cdc00cfa089f4c4b8a3d58c8dc9cbee0
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash ae271ef9473cadca0a65028317807784
5bb58075a86bcad409954134d9749fb1377877d1
2b083cd5a83cd4e633ffb2a9159efdbbca04ace05973a3dda87eaa13f5c1f89e
GET /gid.js?userId=cdc00cfa089f4c4b8a3d58c8dc9cbee0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:32 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=cdc00cfa089f4c4b8a3d58c8dc9cbee0; expires=Fri, 06 Oct 2023 22:52:32 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://userscloud.com
Content-Length: 1523
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 06 Oct 2022 22:52:55 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://userscloud.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=cdc00cfa089f4c4b8a3d58c8dc9cbee0
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=cdc00cfa089f4c4b8a3d58c8dc9cbee0
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=cdc00cfa089f4c4b8a3d58c8dc9cbee0 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 06 Oct 2022 22:52:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=2582807
139.45.197.239200 OK 126 kB URL HTTP/2 tovanillitechan.com/1?z=2582807
IP 139.45.197.239:0
File type ASCII text, with very long lines (56797)
Size 126 kB (126454 bytes)
Hash 71d23ef624e792a628f479c62eb260e2
19953e27e3aa19241fbca6e3b2677e0ec3991b10
15e5d3f700b57c90fa2eb96592ce116482772550f73400327ce23b53776b23e5
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=2582807 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:32 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 7b25edad8f1147360d5aa42b2ee27355
access-control-expose-headers: X-Sc
x-sc: bgvfC0LPpBHZ8JFSHPbrLDp5LYQH5aeigjUp0wIEM1YZkDSbm2MB0222FyuNRQbFchnEelNnDGcvfTvXVb0kBRClBTs=
set-cookie: scm=1; expires=Fri, 06 Oct 2023 22:52:32 GMT; secure; SameSite=None
OAID=d2d0e819c0bf450fb2c658453521ea82; expires=Fri, 06 Oct 2023 22:52:32 GMT; secure; SameSite=None
oaidts=1665096752; expires=Fri, 06 Oct 2023 22:52:32 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=cdc00cfa089f4c4b8a3d58c8dc9cbee0
139.45.197.239200 OK 7 B URL HTTP/2 tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=cdc00cfa089f4c4b8a3d58c8dc9cbee0
IP 139.45.197.239:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=cdc00cfa089f4c4b8a3d58c8dc9cbee0 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 191
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=d2d0e819c0bf450fb2c658453521ea82; oaidts=1665096752
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:32 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 92049df61e92d30bd5b3fed0515d9bc0
access-control-expose-headers: X-Sc
set-cookie: OAID=cdc00cfa089f4c4b8a3d58c8dc9cbee0; expires=Fri, 06 Oct 2023 22:52:32 GMT; secure; SameSite=None
oaidts=1665096752; expires=Fri, 06 Oct 2023 22:52:32 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
104.22.32.172200 OK 11 kB URL HTTP/2 offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
IP 104.22.32.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 96d73cf80f752e9319997c6e575c3b82
3dcf9d3b3e94698a842b1a98de17a02a8c3b4457
44dc0e0d92f12e669842f12722ca1a1848fb4be50deabd86c7d9deb64946db86
GET /www/images/96d73cf80f752e9319997c6e575c3b82.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 22:52:32 GMT
content-type: image/jpeg
content-length: 11449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "627e5574-2cb9"
expires: Fri, 07 Oct 2022 04:56:42 GMT
last-modified: Fri, 13 May 2022 12:56:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 64550
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7561f7d11a2d98fd-ARN
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.106.19200 OK 499 B IP 172.64.106.19:0
File type ASCII text, with no line terminators
Hash 3cff586a824559ebaf966a8742c81dde
3d4d837b859dfbce9e8f0918bf1fcef4933deef7
852155d1e64f069d9eeb31fdb917e53cca9d3bd6d0ca80a51b41bb3cfdcfca61
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 22:52:32 GMT
content-type: text/plain
set-cookie: csu=1684591565568316@1@1665096752; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NPoB7B5FSyc7l%2FNlgWGm00Cvg9TXhbw4FFBCLiCX9jlFvKRtC%2B%2BfTKiMdDp%2FKIPq0EM7amEb1e0jtl8ar8PailbhFoaK45zqmZ%2BARVxusT%2FGV%2BX3ZwZiLHQCwVHP7yeD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7561f7cbdb8f7447-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.84.149200 OK 32 kB IP 104.21.84.149:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Hash 0201722b2838ca0b9a740e432afa066d
661cb995e98d4cad3461ce92cc89b3da2dcd64ba
10f3b51cf092b518f68545b566b291ef2d03ad1a7b85f5b632d2646e4f4c8776
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 22:52:32 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3171
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ph2cUunpv6O5EZSiSHz2iOk7%2BkWqbNZFNEj%2BLj8cxtEDbqtF6f9OPgLXmbGDaVu2FT%2FX1YTKaByKDZrVT%2BByuUDJzOOsrvthWAFwxfKRD%2F92gAPv5Abf7SeRmnSxnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7561f7cccb30b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8d355c0bad2c6f0e3c6dd2c03ad1b17a
cee03c9b9bd98a31b7e730d616fbf364d438581e
ee3a23894f404a7839f3aaa3ff7efa84da626b07a47282bd07b9c90474fbac53
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8d355c0bad2c6f0e3c6dd2c03ad1b17a
cee03c9b9bd98a31b7e730d616fbf364d438581e
ee3a23894f404a7839f3aaa3ff7efa84da626b07a47282bd07b9c90474fbac53
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 45dc0c4d72c177c532599f32da16f346
eb22e66b3920ccfaef68f69cf4a3750fee038559
1587e3d09068de6b92ff74e6507e0674b798dfa72404635f260628493f3bb35f
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 06 Oct 2022 22:52:33 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1912135756%3A1665096753021992&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWprkNPdW99IS0rtm4MXxx9Q2Cu1VvC011a8H_Qsux0RRK8NYeYixeeXaxKB6AUkPftB8oyg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-2St3_PBmpvivHI-RQ9pBqQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:HVZbKG_ezPNlTHnHDtnFDnpcYUUikg:f8As71ksOKv9epgU;Path=/;Expires=Sat, 05-Oct-2024 22:52:33 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (382)
Hash 2086201746c006421e6db17b52ab46ca
2db6ea69b45b0b06b94f28a0a709731f5dff1e08
05cc500fe947e6eda22cee9aae70e9fa5a4243766a5c9d9ce285804dd5ca19d6
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 06 Oct 2022 22:52:33 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-938902644%3A1665096753068838&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoYpJ4jfR9rsWAdw3xMz-aR21WGNM_KpMb4wqmPvPmCXY-1uyA_UU26tTKkmLlhU1lDCskU
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce--CJgSF_Aig3PK5ism7e-1Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:1eBa1IscdJGZ7pKczeAsaYCy_HjxZw:PT0iChaRP-gJcabH;Path=/;Expires=Sat, 05-Oct-2024 22:52:33 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ecc594c8ad8a58175abca6f74592cad0
bc3eb5409877f214ca5d45c39d39754fd80997ae
4376e30946f541ed958cbbff449d18b6acb24608aa48fa078440cb99291dc7d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3783
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:33 GMT
Last-Modified: Thu, 06 Oct 2022 21:49:30 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10038
Expires: Fri, 07 Oct 2022 01:39:51 GMT
Date: Thu, 06 Oct 2022 22:52:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10038
Expires: Fri, 07 Oct 2022 01:39:51 GMT
Date: Thu, 06 Oct 2022 22:52:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4572451a09430ca7a9203f14ddc035ba
46e17c44fba23988d7a9d9832c411ba2810136c3
fa54e73c4b32d8e109504ebcd46e4316de8143f44b7eae20a44ba63d14a6f24b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8445
x-amzn-requestid: 7d295b3b-29d6-4b2e-8314-c9055d1def80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmju5FxwoAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4cc5-3f58c18b1159ad512c60422b;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:46:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: DC1ECXhkAhfdrU8ZyMhhDdwydsq4PQfzzGOPd-REjCkCsDbXQLnLiA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:08:57 GMT
etag: "46e17c44fba23988d7a9d9832c411ba2810136c3"
content-type: image/jpeg
age: 2616
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e30ca5022768294665070cafc9d489c
c6ebf53c21206cfcf8e70279d3ae43f0170ade3a
6b834cdae692318a114c0d82ebff4fa8f4e65526983758e08ffb130d4d86020f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9046
x-amzn-requestid: d560c8ba-6e81-46f7-a451-30c40fbfce6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_F7qIAMFkQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-012e65d675558ec8544a1f30;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Vy9jQu1a8BGypY4C4u_9gao5wPEkVHgArhG2zMNdH8KfBS0lfmyHBA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57bd3a2d9e0e4cbf89d9eb3d7dfb916e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 4133
etag: "c6ebf53c21206cfcf8e70279d3ae43f0170ade3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ee0abd8-4ecf-437c-9675-8f3d0154f2b9.jpeg
34.120.237.76200 OK 18 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ee0abd8-4ecf-437c-9675-8f3d0154f2b9.jpeg
IP 34.120.237.76:0
Hash a06da0bff13271bd5c09f7eafcff4bf2
70070ed0c24dfa78ffa0d9bbc6414a42189517c7
d7e2222bd25a07d541eedd8fb4c887e49b3b9ef533f576df7515fd102659cdb0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ee0abd8-4ecf-437c-9675-8f3d0154f2b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6518
x-amzn-requestid: 2d3dc175-26a9-40a2-b629-0c8b533d5037
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmhktGcloAMF0SA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4951-23e7e2852fe1f11c009d4c26;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:32:01 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: XZZtr9fG5zlx9W9TIX5zVjqvyZ5NEeSEPqtNUhwArlhBEIdcT5unpQ==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 f62c9ca47e35df5c65764381977823a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:02:02 GMT
age: 3031
etag: "715224d106cc3342482c53905322d6418421f6d2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03835263-33ef-46f3-bb24-467731afac81.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03835263-33ef-46f3-bb24-467731afac81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 174bf241d8cb920a398e42d1c21b99d3
bdf4ef11beb8aa206ec122a38477bb594fa62a5f
261d039dbb733396b2519edb880fd1f1643339ea4654924c6bd665632bd6bc94
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03835263-33ef-46f3-bb24-467731afac81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10979
x-amzn-requestid: 004d2b8c-5aef-423f-8d8b-ea3a5e075026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZXXPFGM7IAMFTNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633938c6-153d167d541238fb11ef6bb9;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 07:07:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: E6waSuH7TevwktN5sNQSoaEKouYLia4MQODErZQ1YyyKU68seK9-dw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 11:37:37 GMT
age: 40496
etag: "bdf4ef11beb8aa206ec122a38477bb594fa62a5f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-938902644%3A1665096753068838&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoYpJ4jfR9rsWAdw3xMz-aR21WGNM_KpMb4wqmPvPmCXY-1uyA_UU26tTKkmLlhU1lDCskU
216.58.207.237403 Forbidden 10 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-938902644%3A1665096753068838&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoYpJ4jfR9rsWAdw3xMz-aR21WGNM_KpMb4wqmPvPmCXY-1uyA_UU26tTKkmLlhU1lDCskU
IP 216.58.207.237:0
Hash 15d0db7ab0ee7e5ef606999af05c0cf9
6289c6331c0a9fa3c1f73e44905d633064842b59
e6e7a6c67a7f4be07a07b642a114936b5d220e090cec39906745f8f42d2941cc
GET /v3/signin/identifier?dsh=S-938902644%3A1665096753068838&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoYpJ4jfR9rsWAdw3xMz-aR21WGNM_KpMb4wqmPvPmCXY-1uyA_UU26tTKkmLlhU1lDCskU HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 06 Oct 2022 22:52:33 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-4dJOXKkSU1A1xlieaDSkgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=nbzgFuKQ8i8REh5SkUV7cfS2dtJzovmzPB3TYNnzXyU6XLL501M7IOY35175hZ3oUNblI_rPrx9EmcJ96hQR8i-Sw5YKnWyJ8ETF3b_vRccMBN3VH2aWt5bXeLPvyYry45ggaBRVGdQvj2bY_sAt0U-bBBcKDaVoKvp3f-zDfKg; expires=Fri, 07-Apr-2023 22:52:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F773e2560-6c32-4224-8404-2794a40799cd.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F773e2560-6c32-4224-8404-2794a40799cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39cf77bd6009d3c538455b3846680278
ad0ed304e5173bdb8f08254c2e4a5032e8fcafa5
792997f1f9a485ca57d274c7899e4f526476bf15ed564a8b74d248c4458b188f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F773e2560-6c32-4224-8404-2794a40799cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9564
x-amzn-requestid: 38d87e57-3600-4e0e-bd24-a8f857800bc6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmhkGHtZIAMFz0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f494d-21b041d97b406dea36b9f35b;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: rqw7Z-JNaRJZf8828i9HPcP-J3mn3ROnnXRJwD6dCiRvFSZAKp3WDw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 57bd3a2d9e0e4cbf89d9eb3d7dfb916e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 4133
etag: "ad0ed304e5173bdb8f08254c2e4a5032e8fcafa5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
goomaphy.com/impression/aYWnV3j34r0wsUZvAjxWti0YIOh48BAc7qq5_nj10UcMC39Iaj62HjNNWmeYR97JvgHB6JsGiUXENoCCIvtcQyx_UjXZ9EU8Dd85kp1-uE9kimGx4fw_1b9S8DFsZbHe2HMjRdD1bz0-_I5ziJBEPTDr8u4jJy-2-YkGxdtwbYkpTsurqvptLchbJ19dmPdK2fZCaQoBFgMKHZDdiwgoLs60T27KJx8j8AhTmNos25mWA3WPFChKTlwrNk-XE-H9O4aZusN2Y7Rklr1srUchaGQyVZY8L3LisxPMWLXfA9ezU_lalAJ8ffSyVmQo_FOshoQOmwmsi9GiU6Nb5VHAJl1tDBiHc2IQyhvoftjXEXQ1JGFepDwznc2U5s6lwryDgIb5zSFjw-BITbvW5hAN8yEm-C4J_majfHmMzwXkgBuyDcwrUpxeBDD_vaR0TWWisdQUlltdh5NCKAwFYDPVb29j87uDNgsfz6QNbNHU77qnWI60lV3vgm7QW7tVj7S7KNlcjgybqj9IKhxFzHtm6KXqmrjB1LyrwUtpcakrlhfhpBEgyXftDusONiPkJBp1gknOXdE2adug-FHtZ9qFSGQGr_eIaDXx?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 goomaphy.com/impression/aYWnV3j34r0wsUZvAjxWti0YIOh48BAc7qq5_nj10UcMC39Iaj62HjNNWmeYR97JvgHB6JsGiUXENoCCIvtcQyx_UjXZ9EU8Dd85kp1-uE9kimGx4fw_1b9S8DFsZbHe2HMjRdD1bz0-_I5ziJBEPTDr8u4jJy-2-YkGxdtwbYkpTsurqvptLchbJ19dmPdK2fZCaQoBFgMKHZDdiwgoLs60T27KJx8j8AhTmNos25mWA3WPFChKTlwrNk-XE-H9O4aZusN2Y7Rklr1srUchaGQyVZY8L3LisxPMWLXfA9ezU_lalAJ8ffSyVmQo_FOshoQOmwmsi9GiU6Nb5VHAJl1tDBiHc2IQyhvoftjXEXQ1JGFepDwznc2U5s6lwryDgIb5zSFjw-BITbvW5hAN8yEm-C4J_majfHmMzwXkgBuyDcwrUpxeBDD_vaR0TWWisdQUlltdh5NCKAwFYDPVb29j87uDNgsfz6QNbNHU77qnWI60lV3vgm7QW7tVj7S7KNlcjgybqj9IKhxFzHtm6KXqmrjB1LyrwUtpcakrlhfhpBEgyXftDusONiPkJBp1gknOXdE2adug-FHtZ9qFSGQGr_eIaDXx?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/aYWnV3j34r0wsUZvAjxWti0YIOh48BAc7qq5_nj10UcMC39Iaj62HjNNWmeYR97JvgHB6JsGiUXENoCCIvtcQyx_UjXZ9EU8Dd85kp1-uE9kimGx4fw_1b9S8DFsZbHe2HMjRdD1bz0-_I5ziJBEPTDr8u4jJy-2-YkGxdtwbYkpTsurqvptLchbJ19dmPdK2fZCaQoBFgMKHZDdiwgoLs60T27KJx8j8AhTmNos25mWA3WPFChKTlwrNk-XE-H9O4aZusN2Y7Rklr1srUchaGQyVZY8L3LisxPMWLXfA9ezU_lalAJ8ffSyVmQo_FOshoQOmwmsi9GiU6Nb5VHAJl1tDBiHc2IQyhvoftjXEXQ1JGFepDwznc2U5s6lwryDgIb5zSFjw-BITbvW5hAN8yEm-C4J_majfHmMzwXkgBuyDcwrUpxeBDD_vaR0TWWisdQUlltdh5NCKAwFYDPVb29j87uDNgsfz6QNbNHU77qnWI60lV3vgm7QW7tVj7S7KNlcjgybqj9IKhxFzHtm6KXqmrjB1LyrwUtpcakrlhfhpBEgyXftDusONiPkJBp1gknOXdE2adug-FHtZ9qFSGQGr_eIaDXx?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=cdc00cfa089f4c4b8a3d58c8dc9cbee0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:37 GMT
content-type: image/gif
content-length: 43
x-trace-id: 8f851bcdb6c3b617356dc7b5443a8722
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
142.250.74.10200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP 142.250.74.10:0
Hash cb3ebe41db186ed68e368c19ead8885f
59ccb82f1faad3b8ee0f2a56c7ccd35eee37dfe5
35d5250d4cd95dc2723f850d7c8e62b1237cffa994cea69ca996ab8197d4d626
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 06 Oct 2022 22:52:37 GMT
date: Thu, 06 Oct 2022 22:52:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 98309
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 98309
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 22:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
userscloud.com/gvngzhtvb04s
104.21.69.102200 OK 0 B URL HTTP/2 userscloud.com/gvngzhtvb04s
IP 104.21.69.102:0
GET /gvngzhtvb04s HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 06 Oct 2022 22:52:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Wed, 05 Oct 2022 22:52:31 GMT
set-cookie: lang=english; domain=.userscloud.com; path=/
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SaZRCFCEmGiluxnlQdBfCEM8wRdBCfE3p3vTVhGF0%2BAn0%2ByOgBjozTu8LDRIm0bcfFSvM992EpXk494kqScgGNaFPcF18Ari1kGglyMMknP588idyDD3NjdbUKcbcWo45Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7561f7c68e41b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
104.18.47.230200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 104.18.47.230:0
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 22:52:31 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7561f7c9dfa9b529-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
waisheph.com/5/535061/?oo=1&aab=1
139.45.197.245200 OK 0 B URL HTTP/2 waisheph.com/5/535061/?oo=1&aab=1
IP 139.45.197.245:0
GET /5/535061/?oo=1&aab=1 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:32 GMT
content-type: application/json
x-trace-id: 7655682172d319c75170b0c957aa54d0
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=cdc00cfa089f4c4b8a3d58c8dc9cbee0; expires=Fri, 06 Oct 2023 22:52:32 GMT; path=/; secure; SameSite=None
oaidts=1665096752; expires=Fri, 06 Oct 2023 22:52:32 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.106.19200 OK 0 B IP 172.64.106.19:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 06 Oct 2022 22:52:31 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2517
last-modified: Thu, 06 Oct 2022 22:10:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhhc0%2FHIQ8pmrZQOp696euWCDgtg0X2PODoAbKhZaJuPUSX4jQERu10ssboMNl4x7eCPaPlgyY4OVlyYKNI5%2F%2FPs3jokJHmZHcAsjxzrMQ3CYqDPM9J2T6VKjvt9MsFd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7561f7cbdb877447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.106.19200 OK 0 B IP 172.64.106.19:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 22:52:31 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2517
last-modified: Thu, 06 Oct 2022 22:10:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fOU81nEMF23iF2Cy9DHoPA%2B4gt3E1JMa%2BXyJ4CoO099tT8%2FiV9qLbdFIt%2BYimTZ%2BNRD1I3%2FY1z9jqAWnAf9qL2agkFt%2BHo2O2vFx%2F%2FaCdqrN%2B6OLqvQJV0Lo8JdqicQO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7561f7cbdb887447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
goomaphy.com/401/4859604
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4859604 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:31 GMT
content-type: application/javascript
x-trace-id: 923ad8fcd6d56e03a7e33befe2613e55
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=e80e3a141fda4663affaa58f8b192528; expires=Fri, 06 Oct 2023 22:52:31 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
goomaphy.com/500/4859604?excludes=&oaid=cdc00cfa089f4c4b8a3d58c8dc9cbee0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 goomaphy.com/500/4859604?excludes=&oaid=cdc00cfa089f4c4b8a3d58c8dc9cbee0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4859604?excludes=&oaid=cdc00cfa089f4c4b8a3d58c8dc9cbee0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fgvngzhtvb04s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=e80e3a141fda4663affaa58f8b192528
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 22:52:32 GMT
content-type: application/javascript
x-trace-id: e266a5c719147d9be7e1f31a7737f469
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://userscloud.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=cdc00cfa089f4c4b8a3d58c8dc9cbee0; expires=Fri, 06 Oct 2023 22:52:32 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: G0/uirWuxm+LKF6Xs6+yQYfTupTzGLY9+5kQwJaGw8+6zFBPygH+4PJlhdEhu32FJNvGTVjQeGwIcAm5Ge7DzA==
date: Thu, 06 Oct 2022 22:52:33 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1912135756%3A1665096753021992&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWprkNPdW99IS0rtm4MXxx9Q2Cu1VvC011a8H_Qsux0RRK8NYeYixeeXaxKB6AUkPftB8oyg
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1912135756%3A1665096753021992&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWprkNPdW99IS0rtm4MXxx9Q2Cu1VvC011a8H_Qsux0RRK8NYeYixeeXaxKB6AUkPftB8oyg
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-1912135756%3A1665096753021992&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWprkNPdW99IS0rtm4MXxx9Q2Cu1VvC011a8H_Qsux0RRK8NYeYixeeXaxKB6AUkPftB8oyg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 06 Oct 2022 22:52:33 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-F3nwy4VTSGh-xKx19Q6LDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=R4riLdZYg1521ar0bFML4fy6tXVcfCLmUhF7J_fpxN27CvYkKiD1-RHb_udBb7847vgVRnmCMg4uEPtwhKYkzZds0jVBgd07D-xK1c-zP-f0zSWgqKQpgg9J0Vpm47sqrsJNQW2cFrXYpmr4tKzNINwGIcPFESdaG1-eRdoe4o4; expires=Fri, 07-Apr-2023 22:52:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2