Report - userscloud.com/5fmg7tw3hyc6

Report Overview

Visited public
2023-12-13 02:43:03
Tags
URL
userscloud.com/5fmg7tw3hyc6
Finishing URL
userscloud.com/5fmg7tw3hyc6
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Userscloud

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2023-12-12 12:05:06	3.8 kB	23 kB	142.250.150.84
pogothere.xyz	unknown	2022-08-22	2022-09-04 21:11:25	2023-12-11 19:30:40	1.8 kB	311 kB	172.64.166.32
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24 16:34:56	2023-12-12 09:25:29	506 B	20 kB	104.16.56.101
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-12 07:57:07	433 B	94 kB	142.250.74.104
d12nvv2jqzsaax.cloudfront.net	unknown	unknown	No data	No data	678 B	1.1 kB	143.204.42.118
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2023-12-12 19:33:33	537 B	482 B	139.45.195.254
rebelfarewe.org	unknown	2023-11-08	2023-12-12 20:07:14	2023-12-12 20:14:12	5.3 kB	10 kB	65.9.55.37
goomaphy.com	unknown	2022-07-21	2022-07-22 21:39:03	2023-12-07 00:32:36	2.5 kB	91 kB	139.45.197.239
offerimage.com	304078	2019-06-10	2019-06-10 13:11:53	2023-12-11 05:51:27	469 B	12 kB	172.67.22.216
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-12 10:47:14	1.1 kB	33 kB	216.58.207.227
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2023-12-11 19:06:52	409 B	20 kB	172.67.193.52
nditingdecord.org	unknown	2023-11-08	2023-12-12 20:14:13	2023-12-12 20:26:22	2.2 kB	2.8 kB	188.114.97.1
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-12-12 18:34:51	433 B	743 B	139.45.195.8
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-12 10:52:54	431 B	11 kB	142.250.74.106
userscloud.com	236337	2013-11-11	2014-10-17 15:44:15	2023-12-07 04:24:33	6.8 kB	864 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-12	medium	fleraprt.com	Sinkholed
2023-12-13	medium	goomaphy.com	Sinkholed
2023-12-13	medium	goomaphy.com	Sinkholed
2023-12-13	medium	goomaphy.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	userscloud.com/assets/library/jquery/jquery.min.js?v=v2.0.0-rc8&sv=v0.0.1.2	ScriptElement	93 kB	2023-03-07	2025-06-12
Pretty URL userscloud.com/assets/library/jquery/jquery.min.js?v=v2.0.0-rc8&sv=v0.0.1.2 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27 Last Seen2025-06-12 05:30 Times Seen915 Hash bdce12c949e78d570c8d44e9c2b23508 9afdc4fec954646bd6270caf82f107fdef605bc5 c73b004ebf31b395cf237c3d2b13c1e576f385e04660ceb5f7be163ff3c201dc Loading...

	unknown	ScriptElement	176 B	2023-03-07	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27 Last Seen2024-08-21 06:42 Times Seen16 Hash b15edaefda6a35986fe6ac91236991e8 ba92dc94c927758d41137d414a5bfdaf1340e23c bde47c349904f0573639857e3e1822c8848836650d18e136cf786a08d4e6eda0 Loading...

	unknown	ScriptElement	153 B	2023-09-16	2024-10-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 17:44 Last Seen2024-10-27 20:54 Times Seen57 Hash bc2a0911e6cb85624463e276fda6c4d0 522c217038746d70bcd4aedca8ff57f5c39ca280 6f9ba7bd85727234308714176680b31682dbd13d86412c0633c39006bb710900 Loading...

	www.googletagmanager.com/gtag/js?id=G-M73M877RTL	ScriptElement	282 kB	2023-12-13	2023-12-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-M73M877RTL IP 142.250.74.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-13 03:43 Last Seen2023-12-13 03:43 Times Seen1 Hash e47bb4a33430d471113c6579eaa4ee08 fe124dfa9619add25d25dd607de4361ec225632d 2f191d7b5a089fc31f4885c42dea305ead035589e848fecc6302111f6e27df9d Loading...

	unknown	ScriptElement	541 B	2023-03-07	2024-10-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27 Last Seen2024-10-27 20:54 Times Seen57 Hash d18cd1132ea52f64d163bbbb09b2f1db 68f545891967bb12bc0b073ac634706a604b8b2c 76b8697da6e013d1dbfe20a152045f4a8cc34adb37751b13a35a800778a7a4c5 Loading...

	userscloud.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	ScriptElement	12 kB	2023-03-07	2025-06-13
Pretty URL userscloud.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-13 03:18 Times Seen33544 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	unknown	ScriptElement	463 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 15:58 Last Seen2024-08-20 15:58 Times Seen1 Hash 217e68c4fa340e6fe8456989b6f3708b 2ecb30a4f944b9e82f0427fd27bc268be88acf4a 28ae7e5331020c957fd673eef53e438d859458c62d6b01037dbba51bddae8b30 Loading...

	unknown	ScriptElement	82 B	2023-03-07	2025-03-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27 Last Seen2025-03-19 17:28 Times Seen81 Hash 9e775e8a1bb87b2856daa36a22341440 ebf714c77099aa49203093ad0d0343df9734ad71 365b750d4dae44d93e4da4d75c801f89714c91980a9e05b8afac0c998f3f063a Loading...

	userscloud.com/assets/vendor/core/bootstrap.js	ScriptElement	46 kB	2023-03-09	2024-10-27
Pretty URL userscloud.com/assets/vendor/core/bootstrap.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 13:04 Last Seen2024-10-27 20:54 Times Seen60 Hash 4c9e4799bf2544b007be51273ebcf261 b7cf2d7bfc287dbc71293bb6b590c7557e8d7334 567795e373535ee36eaa0805687b1ba40b46c192cba6c56d83767f320bf14c2c Loading...

	static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317	ScriptElement	20 kB	2023-10-13	2025-06-03
Pretty URL static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 IP 104.16.56.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:51 Last Seen2025-06-03 03:46 Times Seen17154 Hash dd1d068fdb5fe90b6c05a5b3940e088c 0d96f9df8772633a9df4c81cf323a4ef8998ba59 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101 Loading...

	userscloud.com/assets/vendor/core/jquery.nicescroll.js	ScriptElement	73 kB	2023-09-16	2024-10-27
Pretty URL userscloud.com/assets/vendor/core/jquery.nicescroll.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 17:44 Last Seen2024-10-27 20:54 Times Seen55 Hash 04ce40702fe23a251ac39b5a3d16912c 399bc3cc5c1e0971b6ca98f47f93dde61e33d5fb dcc9042d6e57da51821acd007645a5269b176f61c9d35146966f971edba08396 Loading...

	goomaphy.com/401/4859604	ScriptElement	89 kB	2023-12-13	2023-12-13
Pretty URL goomaphy.com/401/4859604 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-13 03:43 Last Seen2023-12-13 03:43 Times Seen1 Hash 2c5d6227b0ecb47f05f019c115bca443 95d328e7fae686493dd08f74965f4464003b78d2 f61ee45c18c5c7f57164c2ce6e54822d2a1314032cf7165680f71d209b5b2ccb Loading...

	tzegilo.com/stattag.js	ScriptElement	19 kB	2023-09-07	2024-08-21
Pretty URL tzegilo.com/stattag.js IP 172.67.193.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 20:07 Last Seen2024-08-21 07:20 Times Seen2395 Hash 89e89aea544ea2785d49cc4cd9cf26f6 7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b 86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9 Loading...

		Size	First Seen	Last Seen
	#1 Write - eaa5c02c935aa4bdc9340941ef9abec1	4.4 kB	2024-08-20 15:58	2024-08-20 15:58
Pretty Observations First Seen2024-08-20 15:58 Last Seen2024-08-20 15:58 Times Seen1 Hash eaa5c02c935aa4bdc9340941ef9abec1 a3ba8e184963f6c1b6686ac9470137a386a01ca6 b6dafecf102a3cb4c2cc93a7330c28de6f707f2bb3091b9741e9051ec3927867 Loading...

HTTP Transactions (48)

URL IP Response Size

userscloud.com/images/logo_s.jpg

188.114.97.1

200 OK

1.6 kB

URL GET HTTP/3
userscloud.com/images/logo_s.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGB, non-interlaced - data
Size
1.6 kB (1624 bytes)
Hash
c9ddbb8afb25dff972cd546c4bbe1348
cc49e1c636094bec0b1947104207bf1699a2448c
c7f77b27d01bed91582ccad581bebc96f6bdd450cc0feeca559bcc4c640d6137

HTTP Headers

GET /images/logo_s.jpg HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: image/jpeg
content-length: 1624
last-modified: Thu, 17 Dec 2020 16:14:49 GMT
vary: Accept-Encoding
etag: "5fdb83f9-658"
expires: Sat, 23 Dec 2023 03:00:11 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: HIT
age: 1726946
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUIRraaiNLttfqgnhg1CnfrhsSsXbhR4Qb4BjdelAjonxAXgteY1%2BoozNun4dDTynemcySC9oJPvMReZEy%2BfH%2BAXgCV61lK%2FV8XtuDHI6Bhd76tCqgT1mTrsi2dDr%2BLfAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adad8def80b45-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-M73M877RTL

142.250.74.104

200 OK

94 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-M73M877RTL
IP
142.250.74.104:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintC1:58:7C:BF:5A:61:79:08:CB:C2:00:63:60:07:86:BD:EA:0A:45:8A
ValidityMon, 20 Nov 2023 08:02:50 GMT - Mon, 12 Feb 2024 08:02:49 GMT

File type
ASCII text, with very long lines (5955)
Size
94 kB (93802 bytes)
Hash
e47bb4a33430d471113c6579eaa4ee08
fe124dfa9619add25d25dd607de4361ec225632d
2f191d7b5a089fc31f4885c42dea305ead035589e848fecc6302111f6e27df9d

HTTP Headers

GET /gtag/js?id=G-M73M877RTL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 13 Dec 2023 02:42:37 GMT
expires: Wed, 13 Dec 2023 02:42:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93802
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

userscloud.com/cdn-cgi/rum?

188.114.97.1

204 No Content

0 B

URL POST HTTP/3
userscloud.com/cdn-cgi/rum?
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1044
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 13 Dec 2023 02:42:38 GMT
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 834adadbcfaa0b45-OSL
x-frame-options: DENY
x-content-type-options: nosniff

rebelfarewe.org/S2p0a0YqCBcGeSpXFk0zOQZJTnQNT0YtInpYGh0weQAFETUqCwxFJScFAQ8gOQUaH2glDwBOdA1SOSx3GTsZPRIKAEwAESA7MSUecj41LXciCRguEQkTPR8FeyglIDwSIzY4AxgpICERAQQXWQ56OCUyERogIToLeQxEJRAKED5OdA08NjILBTk2MgQOGRgmITsIIS8HfywxBBAbOQM6EDNfRyUxGiQ1L3J/LjIcBAYtEDMiJwJRWQAoATUoHhMBRS8AfyAkARMcLCJSLgcoMT0eeSwOPRR+DhAjAyUsIlIuBTsMDhF5PBo9KAEjLVgPLygYB3YoORc9HnlHMRwDMzwRLg4FPDY+CCMLRCoFEz4tBQQnGTcPDgoANQd3LAkYPgQTPTYFEDwrOCQCCisiDA87MEUPdBMtMlgVPCg4IQ5yP1IBNSQEBFY8PwdBJwUAPRIg

65.9.55.37

200 OK

1.2 kB

URL GET HTTP/2
rebelfarewe.org/S2p0a0YqCBcGeSpXFk0zOQZJTnQNT0YtInpYGh0weQAFETUqCwxFJScFAQ8gOQUaH2glDwBOdA1SOSx3GTsZPRIKAEwAESA7MSUecj41LXciCRguEQkTPR8FeyglIDwSIzY4AxgpICERAQQXWQ56OCUyERogIToLeQxEJRAKED5OdA08NjILBTk2MgQOGRgmITsIIS8HfywxBBAbOQM6EDNfRyUxGiQ1L3J/LjIcBAYtEDMiJwJRWQAoATUoHhMBRS8AfyAkARMcLCJSLgcoMT0eeSwOPRR+DhAjAyUsIlIuBTsMDhF5PBo9KAEjLVgPLygYB3YoORc9HnlHMRwDMzwRLg4FPDY+CCMLRCoFEz4tBQQnGTcPDgoANQd3LAkYPgQTPTYFEDwrOCQCCisiDA87MEUPdBMtMlgVPCg4IQ5yP1IBNSQEBFY8PwdBJwUAPRIg
IP
65.9.55.37:443
ASN
#16509 AMAZON-02

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerAmazon
Subjectrebelfarewe.org
FingerprintC5:5B:3C:AB:24:BE:35:FA:54:AC:75:0B:A2:01:C7:8C:30:1A:93:6F
ValiditySat, 09 Dec 2023 00:00:00 GMT - Mon, 06 Jan 2025 23:59:59 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Size
1.2 kB (1188 bytes)
Hash
bd9f10e292894ceb421c4770c2a0c961
c279124ce55181db8797096870e1219b06155c14
fb984b249da35a15c101c3c5c164b18242ffd1797c0de4f041eacef49a7a1667

HTTP Headers

GET /S2p0a0YqCBcGeSpXFk0zOQZJTnQNT0YtInpYGh0weQAFETUqCwxFJScFAQ8gOQUaH2glDwBOdA1SOSx3GTsZPRIKAEwAESA7MSUecj41LXciCRguEQkTPR8FeyglIDwSIzY4AxgpICERAQQXWQ56OCUyERogIToLeQxEJRAKED5OdA08NjILBTk2MgQOGRgmITsIIS8HfywxBBAbOQM6EDNfRyUxGiQ1L3J/LjIcBAYtEDMiJwJRWQAoATUoHhMBRS8AfyAkARMcLCJSLgcoMT0eeSwOPRR+DhAjAyUsIlIuBTsMDhF5PBo9KAEjLVgPLygYB3YoORc9HnlHMRwDMzwRLg4FPDY+CCMLRCoFEz4tBQQnGTcPDgoANQd3LAkYPgQTPTYFEDwrOCQCCisiDA87MEUPdBMtMlgVPCg4IQ5yP1IBNSQEBFY8PwdBJwUAPRIg HTTP/1.1
Host: rebelfarewe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Wed, 13 Dec 2023 02:42:38 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: FfqDHGSozJACT-M6H-wMWHQRNYECtuLby7XjTEL_Xc7wBn1yZ7eSmg==
X-Firefox-Spdy: h2

rebelfarewe.org/utx?cb=4a0foDEGvW7R&top=userscloud.com&tid=600304

65.9.55.37

204 No Content

0 B

URL GET HTTP/2
rebelfarewe.org/utx?cb=4a0foDEGvW7R&top=userscloud.com&tid=600304
IP
65.9.55.37:443
ASN
#16509 AMAZON-02

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerAmazon
Subjectrebelfarewe.org
FingerprintC5:5B:3C:AB:24:BE:35:FA:54:AC:75:0B:A2:01:C7:8C:30:1A:93:6F
ValiditySat, 09 Dec 2023 00:00:00 GMT - Mon, 06 Jan 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=4a0foDEGvW7R&top=userscloud.com&tid=600304 HTTP/1.1
Host: rebelfarewe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 13 Dec 2023 02:42:38 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 13 Dec 2023 02:43:38 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: ZXachlrCmgjicMCJ8dgZvmiLFVsYdkJsjeVRHT23Lb3tlTiVccCqvA==
X-Firefox-Spdy: h2

nditingdecord.org/T2dyRVlgWBE2ZBZXKB0MGyUhI2sdDTMTD349Hy4eGlQwIgM4LlQxMCtaSnRvdlBBYykmA093YGkUBiQtOhRPdH8mCRQqZGkRT3R3f0lEdXd8QQd4aGkTAiQ+clZUNS07C090bn9VRnZsfFJKdmx4

188.114.97.1

204 No Content

0 B

URL GET HTTP/2
nditingdecord.org/T2dyRVlgWBE2ZBZXKB0MGyUhI2sdDTMTD349Hy4eGlQwIgM4LlQxMCtaSnRvdlBBYykmA093YGkUBiQtOhRPdH8mCRQqZGkRT3R3f0lEdXd8QQd4aGkTAiQ+clZUNS07C090bn9VRnZsfFJKdmx4
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectnditingdecord.org
Fingerprint1E:D5:8B:FE:9C:EB:63:D9:8F:D0:91:22:B4:FE:0A:FB:7F:9D:AF:9E
ValidityFri, 08 Dec 2023 05:23:30 GMT - Thu, 07 Mar 2024 05:23:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /T2dyRVlgWBE2ZBZXKB0MGyUhI2sdDTMTD349Hy4eGlQwIgM4LlQxMCtaSnRvdlBBYykmA093YGkUBiQtOhRPdH8mCRQqZGkRT3R3f0lEdXd8QQd4aGkTAiQ+clZUNS07C090bn9VRnZsfFJKdmx4 HTTP/1.1
Host: nditingdecord.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Wed, 13 Dec 2023 02:42:38 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjGwoAc8%2Fg7qJzw9PuGmk0Xn6Jt1E63W1QoQ4GegnsEvg8gtZJSAlvmvbwIAweLfPgS4f%2FDC%2Ftgz%2FLt5ds0lfi8slGbEvQ2hxn94JDzkU5Pl%2BmQfUpYsSWd67ctOJYnCOwqezg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adadbcf7156ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nditingdecord.org/eXd2aVNWSBUabh0jNDMHIR8yKhQJQiU8CjgVPhkaKDYwBjY8HFAdOh1KQFljSkdCTyMQE0tYdQoDFx0mCkpHTzoXERlUdQ9KR0dgTVlFXX1JUQNUYl8DBgg0REZQGScNG0tYZElFQlpmSkJOWmJA

188.114.97.1

204 No Content

0 B

URL GET HTTP/2
nditingdecord.org/eXd2aVNWSBUabh0jNDMHIR8yKhQJQiU8CjgVPhkaKDYwBjY8HFAdOh1KQFljSkdCTyMQE0tYdQoDFx0mCkpHTzoXERlUdQ9KR0dgTVlFXX1JUQNUYl8DBgg0REZQGScNG0tYZElFQlpmSkJOWmJA
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectnditingdecord.org
Fingerprint1E:D5:8B:FE:9C:EB:63:D9:8F:D0:91:22:B4:FE:0A:FB:7F:9D:AF:9E
ValidityFri, 08 Dec 2023 05:23:30 GMT - Thu, 07 Mar 2024 05:23:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /eXd2aVNWSBUabh0jNDMHIR8yKhQJQiU8CjgVPhkaKDYwBjY8HFAdOh1KQFljSkdCTyMQE0tYdQoDFx0mCkpHTzoXERlUdQ9KR0dgTVlFXX1JUQNUYl8DBgg0REZQGScNG0tYZElFQlpmSkJOWmJA HTTP/1.1
Host: nditingdecord.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 13 Dec 2023 02:42:38 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjOjINmYHe%2BeeoXWjajJ4WlChfdMsZn7DUuDeu4BwpPT5lYyHq4duElvlNkX2ZWAxFnn137fC0jTGd7e%2FNJkm2tNsO6v6KzwoUy1MbmrXWgdhxqK3HQPsBGk8I%2FUR51gTE9PYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adadbbf6a56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rebelfarewe.org/VDJtejM1UA4XDDUPD1xGJl5QXwESF188V2UAAwxFZlgcAEA1UxVUUDhdGB5VJl0DDh06VxlfARIHDjxbOmQqGWcaRQYDZBVjFTsBOFQ8LQYxa1woZBlaPE1wBXABN2QZYS8oRBh6BT9yBAIoHXsGYAEsAB1+KC5qFVM4P2UaVT8KZThrWDtJDlM/MgcAeCwdUQ5jNA91M10KOUk7YSsDRxZ7PCB9GmMKD3c8RV04XRJkIxcCHmgoMHA1d1UQdzwGVTlwGWc7LUMMfQU0ZTVeCRZlZQcCK143XjstQwx7Gk5WNl4jAmUQeFQsZAVUPxdLF2gULGU1XkAZXhFkOwh5OWQ1KGsOagsveRdTLDtLFnAeSWI5awUrXjxlNzxXFlMrIEsCZyxfARZ2BCNwElgOHFACZ18bZTBaPi9xcQAvP144ZUsQQDtcHUdlY0cYPl8eRB0d

65.9.55.37

200 OK

1.2 kB

URL GET HTTP/2
rebelfarewe.org/VDJtejM1UA4XDDUPD1xGJl5QXwESF188V2UAAwxFZlgcAEA1UxVUUDhdGB5VJl0DDh06VxlfARIHDjxbOmQqGWcaRQYDZBVjFTsBOFQ8LQYxa1woZBlaPE1wBXABN2QZYS8oRBh6BT9yBAIoHXsGYAEsAB1+KC5qFVM4P2UaVT8KZThrWDtJDlM/MgcAeCwdUQ5jNA91M10KOUk7YSsDRxZ7PCB9GmMKD3c8RV04XRJkIxcCHmgoMHA1d1UQdzwGVTlwGWc7LUMMfQU0ZTVeCRZlZQcCK143XjstQwx7Gk5WNl4jAmUQeFQsZAVUPxdLF2gULGU1XkAZXhFkOwh5OWQ1KGsOagsveRdTLDtLFnAeSWI5awUrXjxlNzxXFlMrIEsCZyxfARZ2BCNwElgOHFACZ18bZTBaPi9xcQAvP144ZUsQQDtcHUdlY0cYPl8eRB0d
IP
65.9.55.37:443
ASN
#16509 AMAZON-02

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerAmazon
Subjectrebelfarewe.org
FingerprintC5:5B:3C:AB:24:BE:35:FA:54:AC:75:0B:A2:01:C7:8C:30:1A:93:6F
ValiditySat, 09 Dec 2023 00:00:00 GMT - Mon, 06 Jan 2025 23:59:59 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Size
1.2 kB (1189 bytes)
Hash
8c73946b87a959cda0a808f4a872c1b7
7192c06841324e9f5d3a8f0cf8742027f56132de
9c9ca697255a5b7f5635d805e58f109a6e25765f01ba9ef2adf3885ea1c6a187

HTTP Headers

GET /VDJtejM1UA4XDDUPD1xGJl5QXwESF188V2UAAwxFZlgcAEA1UxVUUDhdGB5VJl0DDh06VxlfARIHDjxbOmQqGWcaRQYDZBVjFTsBOFQ8LQYxa1woZBlaPE1wBXABN2QZYS8oRBh6BT9yBAIoHXsGYAEsAB1+KC5qFVM4P2UaVT8KZThrWDtJDlM/MgcAeCwdUQ5jNA91M10KOUk7YSsDRxZ7PCB9GmMKD3c8RV04XRJkIxcCHmgoMHA1d1UQdzwGVTlwGWc7LUMMfQU0ZTVeCRZlZQcCK143XjstQwx7Gk5WNl4jAmUQeFQsZAVUPxdLF2gULGU1XkAZXhFkOwh5OWQ1KGsOagsveRdTLDtLFnAeSWI5awUrXjxlNzxXFlMrIEsCZyxfARZ2BCNwElgOHFACZ18bZTBaPi9xcQAvP144ZUsQQDtcHUdlY0cYPl8eRB0d HTTP/1.1
Host: rebelfarewe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1189
date: Wed, 13 Dec 2023 02:42:38 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: RlCjnijvZMPi0nhrXWstV92WxnixeE1vqDZxH8Hr7JZCAmo-JMhyVA==
X-Firefox-Spdy: h2

nditingdecord.org/SkFodUNlfgsGfi8EHD0NEhs4FnAPDzogBTAiH0QCHnIiDQJ6GE4BKi58X0V7enRaUzMjJVVHemwyHBQ3PzJVRGUjLw4afmw3VURtem9eRW15Zx1Icmw1GBQkd3BOBTc+LVVEdHpzXEZ2eXRQRnd6

188.114.97.1

204 No Content

0 B

URL GET HTTP/2
nditingdecord.org/SkFodUNlfgsGfi8EHD0NEhs4FnAPDzogBTAiH0QCHnIiDQJ6GE4BKi58X0V7enRaUzMjJVVHemwyHBQ3PzJVRGUjLw4afmw3VURtem9eRW15Zx1Icmw1GBQkd3BOBTc+LVVEdHpzXEZ2eXRQRnd6
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectnditingdecord.org
Fingerprint1E:D5:8B:FE:9C:EB:63:D9:8F:D0:91:22:B4:FE:0A:FB:7F:9D:AF:9E
ValidityFri, 08 Dec 2023 05:23:30 GMT - Thu, 07 Mar 2024 05:23:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /SkFodUNlfgsGfi8EHD0NEhs4FnAPDzogBTAiH0QCHnIiDQJ6GE4BKi58X0V7enRaUzMjJVVHemwyHBQ3PzJVRGUjLw4afmw3VURtem9eRW15Zx1Icmw1GBQkd3BOBTc+LVVEdHpzXEZ2eXRQRnd6 HTTP/1.1
Host: nditingdecord.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 13 Dec 2023 02:42:38 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUzEzfQy4BBIB9s1ZnY4UCnxDslJMdaGtLcgoxdlJBpPxooFSNbOIArZXu5s6F4neH6%2BwQXE%2FIRJ8%2Buu4YjfQ0hGITgwdx7YhiYIeDiOWmaVjsY4Ueoy%2F8lJJdZyJgVfJtuCXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adadbdf7856ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rebelfarewe.org/utx?cb=pYVq7VboeUF1&top=userscloud.com&tid=816973

65.9.55.37

204 No Content

0 B

URL GET HTTP/2
rebelfarewe.org/utx?cb=pYVq7VboeUF1&top=userscloud.com&tid=816973
IP
65.9.55.37:443
ASN
#16509 AMAZON-02

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerAmazon
Subjectrebelfarewe.org
FingerprintC5:5B:3C:AB:24:BE:35:FA:54:AC:75:0B:A2:01:C7:8C:30:1A:93:6F
ValiditySat, 09 Dec 2023 00:00:00 GMT - Mon, 06 Jan 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=pYVq7VboeUF1&top=userscloud.com&tid=816973 HTTP/1.1
Host: rebelfarewe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 13 Dec 2023 02:42:38 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 13 Dec 2023 02:43:38 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: x0K4BNMuADOlHM1PIIhZHw2STLyEQ-kMrti4wUsLhyT_tYs_d4REcg==
X-Firefox-Spdy: h2

rebelfarewe.org/UW04dFcwD1sZaDBQWlIiIwEFUWUXSAoyM2BfVgIhYwdJDiQwDEBaND0CTRAxIwJWAHk/CExRZRdabR4NAj5SLS8GOU8HFAI3Xjo5Mi9hE2I4C08mZwkufRgAEiR0Mj9kAXdHZwAmcEARMj9hGQMVBmk+PRM+WgMNYSdUF28EOgEHAisVbhZkIjx1RR4mCU8+ZwAEcRgPBlRgPxMlIHMYOGk9CTE/FC5bBhQrVGI/FB8MaBgzYghwNjkWKnICFRYkXT4EHzR2GDw9Imo6MBMHT1FlEygKNRAIXlctDjkjUDcVHwp6HQI7On8lFDVeVEQzJj9ROTATAH1GehQkfUYWFiR8AwMINVweMjYjADY5JRt6Mx0DI0EYMwE/dhMTED9RNmUbW3pGHhkJCxMQHysAExtgLAEgOTVZWzMaFjcKJRA1KHYCMiZLUgc4Px0FMAMCBHM2NRk6fzA7KwY

65.9.55.37

200 OK

1.2 kB

URL GET HTTP/2
rebelfarewe.org/UW04dFcwD1sZaDBQWlIiIwEFUWUXSAoyM2BfVgIhYwdJDiQwDEBaND0CTRAxIwJWAHk/CExRZRdabR4NAj5SLS8GOU8HFAI3Xjo5Mi9hE2I4C08mZwkufRgAEiR0Mj9kAXdHZwAmcEARMj9hGQMVBmk+PRM+WgMNYSdUF28EOgEHAisVbhZkIjx1RR4mCU8+ZwAEcRgPBlRgPxMlIHMYOGk9CTE/FC5bBhQrVGI/FB8MaBgzYghwNjkWKnICFRYkXT4EHzR2GDw9Imo6MBMHT1FlEygKNRAIXlctDjkjUDcVHwp6HQI7On8lFDVeVEQzJj9ROTATAH1GehQkfUYWFiR8AwMINVweMjYjADY5JRt6Mx0DI0EYMwE/dhMTED9RNmUbW3pGHhkJCxMQHysAExtgLAEgOTVZWzMaFjcKJRA1KHYCMiZLUgc4Px0FMAMCBHM2NRk6fzA7KwY
IP
65.9.55.37:443
ASN
#16509 AMAZON-02

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerAmazon
Subjectrebelfarewe.org
FingerprintC5:5B:3C:AB:24:BE:35:FA:54:AC:75:0B:A2:01:C7:8C:30:1A:93:6F
ValiditySat, 09 Dec 2023 00:00:00 GMT - Mon, 06 Jan 2025 23:59:59 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Size
1.2 kB (1197 bytes)
Hash
2a2691d05c336d44b0526788f7b3ffae
e26924c98f5315dd5d4bc4b269a6ddd66441afec
812455b4ac783e2f0cf041aea503aa26f50b5df87ec6e1ffb1ae774de7f40513

HTTP Headers

GET /UW04dFcwD1sZaDBQWlIiIwEFUWUXSAoyM2BfVgIhYwdJDiQwDEBaND0CTRAxIwJWAHk/CExRZRdabR4NAj5SLS8GOU8HFAI3Xjo5Mi9hE2I4C08mZwkufRgAEiR0Mj9kAXdHZwAmcEARMj9hGQMVBmk+PRM+WgMNYSdUF28EOgEHAisVbhZkIjx1RR4mCU8+ZwAEcRgPBlRgPxMlIHMYOGk9CTE/FC5bBhQrVGI/FB8MaBgzYghwNjkWKnICFRYkXT4EHzR2GDw9Imo6MBMHT1FlEygKNRAIXlctDjkjUDcVHwp6HQI7On8lFDVeVEQzJj9ROTATAH1GehQkfUYWFiR8AwMINVweMjYjADY5JRt6Mx0DI0EYMwE/dhMTED9RNmUbW3pGHhkJCxMQHysAExtgLAEgOTVZWzMaFjcKJRA1KHYCMiZLUgc4Px0FMAMCBHM2NRk6fzA7KwY HTTP/1.1
Host: rebelfarewe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1197
date: Wed, 13 Dec 2023 02:42:38 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: 8BRGDKUQqWcOAdXT12hQFME52VMkANrO9j2vmrAsIMUAa7CH1TWUIw==
X-Firefox-Spdy: h2

rebelfarewe.org/utx?cb=blc9SPg4v6js&top=userscloud.com&tid=708052

65.9.55.37

204 No Content

0 B

URL GET HTTP/2
rebelfarewe.org/utx?cb=blc9SPg4v6js&top=userscloud.com&tid=708052
IP
65.9.55.37:443
ASN
#16509 AMAZON-02

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerAmazon
Subjectrebelfarewe.org
FingerprintC5:5B:3C:AB:24:BE:35:FA:54:AC:75:0B:A2:01:C7:8C:30:1A:93:6F
ValiditySat, 09 Dec 2023 00:00:00 GMT - Mon, 06 Jan 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=blc9SPg4v6js&top=userscloud.com&tid=708052 HTTP/1.1
Host: rebelfarewe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 13 Dec 2023 02:42:38 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 13 Dec 2023 02:43:38 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: ACMaDCc1sl7FcN2j7AYEk0rPYKUq--6sj6t1L0HI1wpfCDd7GcClEA==
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

142.250.150.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintF3:FB:54:1B:21:E9:69:01:41:02:BB:D0:97:A2:BA:45:72:5A:71:D8
ValidityMon, 20 Nov 2023 08:09:49 GMT - Mon, 12 Feb 2024 08:09:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:EGga8YQawtCGff2Vc8WX3kRo2FWCWg:MKR1PeiziajGc5Y6; Expires=Fri, 12-Dec-2025 02:42:38 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 13 Dec 2023 02:42:38 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp37udV99VrLBtif4WOUpcoDYHpCEhvWplM3y4if2RCuQxqFMmGpY5kI3jp6AIfYHv61lQsm-w
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-ZwGyfjjNkMKdGsGET_1XAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

142.250.150.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintF3:FB:54:1B:21:E9:69:01:41:02:BB:D0:97:A2:BA:45:72:5A:71:D8
ValidityMon, 20 Nov 2023 08:09:49 GMT - Mon, 12 Feb 2024 08:09:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:4cqt14ZtlOLoF_8nBG2rTZdMMentrg:YANd2dVdpVsWRi3r; Expires=Fri, 12-Dec-2025 02:42:38 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 13 Dec 2023 02:42:38 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0AthoEi56BXFyHOdIxg8-BZWaYyD1z1n1tSymRJ-ukOxgvb1c6CUb3ikTLUc-yxXsMDox-nQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-lzPLO_LlzsIjJyBvcRtnnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rebelfarewe.org/multi?cs=cGJVYmJHWmNaUUlaYVpUR1tjVFI&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.3&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=2090440840422022&agec=1702435358&fs=1&mbkb=162.86644951140065&ref=https%3A%2F%2Fuserscloud.com%2F5fmg7tw3hyc6&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_rOfO=1702435359031&crc=1

65.9.55.37

200 OK

1.6 kB

URL GET HTTP/2
rebelfarewe.org/multi?cs=cGJVYmJHWmNaUUlaYVpUR1tjVFI&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.3&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=2090440840422022&agec=1702435358&fs=1&mbkb=162.86644951140065&ref=https%3A%2F%2Fuserscloud.com%2F5fmg7tw3hyc6&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_rOfO=1702435359031&crc=1
IP
65.9.55.37:443
ASN
#16509 AMAZON-02

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerAmazon
Subjectrebelfarewe.org
FingerprintC5:5B:3C:AB:24:BE:35:FA:54:AC:75:0B:A2:01:C7:8C:30:1A:93:6F
ValiditySat, 09 Dec 2023 00:00:00 GMT - Mon, 06 Jan 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3287), with no line terminators
Size
1.6 kB (1578 bytes)
Hash
b32b737bfd04cba7737c02be4589190b
ac4643870e01d1f854f7d01eb5af7b954cd05e6d
33a38ed1a48704f42f3c544245c582ff0585e8bfb2b60a1344153c8dd2457d0b

HTTP Headers

GET /multi?cs=cGJVYmJHWmNaUUlaYVpUR1tjVFI&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.3&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=2090440840422022&agec=1702435358&fs=1&mbkb=162.86644951140065&ref=https%3A%2F%2Fuserscloud.com%2F5fmg7tw3hyc6&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_rOfO=1702435359031&crc=1 HTTP/1.1
Host: rebelfarewe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 1578
date: Wed, 13 Dec 2023 02:42:38 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=da4eb43c-8970-41fc-9210-1a848b4d4b34
csu=2090440840422022
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: oErYGnFKLRQCcaCcEa578uIUOWEoZXZLD-d5VGU4XeZF7Ql6JXNpsA==
X-Firefox-Spdy: h2

nditingdecord.org/popunder.gif

188.114.97.1

200 OK

476 B

URL GET HTTP/3
nditingdecord.org/popunder.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectnditingdecord.org
Fingerprint1E:D5:8B:FE:9C:EB:63:D9:8F:D0:91:22:B4:FE:0A:FB:7F:9D:AF:9E
ValidityFri, 08 Dec 2023 05:23:30 GMT - Thu, 07 Mar 2024 05:23:29 GMT

File type
GIF image data, version 89a, 1 x 1 - data
Size
476 B (476 bytes)
Hash
a533abd1742e30b4d4f0824807f0b996
56bbb33d371261ee53b531d6c5d9fa7e5140eae4
484ee244a3aae0b4d9765a84c9d1c69f15b79b74779139900a1bd8f79f6941d2

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: nditingdecord.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:38 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 27139
last-modified: Tue, 12 Dec 2023 19:10:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZjRE5IG4KAJowCQrHD1Jm6Bo6201tSai1b4WEaRFhhHE51krF21pSa3arvFd1JTjcXQvcqnKGEVNxG4li8c4eGtqviY9LNQR8Jx2t20Y6grljJjWgteIyjIbAcTInPeGNqvrdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 834adadf6c7fb523-OSL
alt-svc: h3=":443"; ma=86400

d12nvv2jqzsaax.cloudfront.net/8MG1RQmVTAj8kWkQENX9TAF1iclEWByItC0BQKzYIBSESCTJWJnc2H1RQYWQJUQM2f0NVAzJ/VBYMNSBYBEslMgpbUDA4FEoVPSwQVx53NwQNAD44DFwBMGdXdlh/ckACXXk1DF4JPjUWFV9hLBEVX2FzVR5ddHEnFV9hNQxeW2VnVnJIY3IdBll0cScVX2-EwExVeEHNVBUNha0ACXTYnBlsCdHAjAl1gclUBXWBnVwALODAAVgIpZ1d2XGF3SwBLJH9U

143.204.42.118

765 B

URL
d12nvv2jqzsaax.cloudfront.net/8MG1RQmVTAj8kWkQENX9TAF1iclEWByItC0BQKzYIBSESCTJWJnc2H1RQYWQJUQM2f0NVAzJ/VBYMNSBYBEslMgpbUDA4FEoVPSwQVx53NwQNAD44DFwBMGdXdlh/ckACXXk1DF4JPjUWFV9hLBEVX2FzVR5ddHEnFV9hNQxeW2VnVnJIY3IdBll0cScVX2-EwExVeEHNVBUNha0ACXTYnBlsCdHAjAl1gclUBXWBnVwALODAAVgIpZ1d2XGF3SwBLJH9U
IP
143.204.42.118:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1102), with no line terminators
Size
765 B (765 bytes)
Hash
f70f37773843725343d14ae7d15338bd
ec610d99fad29ee24e4ca12232813fdf53f0d970
b7df3497e0c14f2ac78320441ad55bc00165297db0b84c36cc6db6dcf651d023

HTTP Headers

GET /8MG1RQmVTAj8kWkQENX9TAF1iclEWByItC0BQKzYIBSESCTJWJnc2H1RQYWQJUQM2f0NVAzJ/VBYMNSBYBEslMgpbUDA4FEoVPSwQVx53NwQNAD44DFwBMGdXdlh/ckACXXk1DF4JPjUWFV9hLBEVX2FzVR5ddHEnFV9hNQxeW2VnVnJIY3IdBll0cScVX2-EwExVeEHNVBUNha0ACXTYnBlsCdHAjAl1gclUBXWBnVwALODAAVgIpZ1d2XGF3SwBLJH9U HTTP/1.1
Host: d12nvv2jqzsaax.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebelfarewe.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 765
date: Wed, 13 Dec 2023 02:42:38 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bAu6Tuu19q_1UD7J50BkvA_LD_CGyy1_kYys5h0af6sIDJJj6cmf4g==
X-Firefox-Spdy: h2

pogothere.xyz/

172.64.166.32

200 OK

467 B

URL GET HTTP/2
pogothere.xyz/
IP
172.64.166.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
467 B (467 bytes)
Hash
9c95869a37e08262c6643b1cba7e151b
2a978ef7a669fd857ad10f95a76a5ae1943e2c49
d50b69c06cf41583249f1b0bbd56107ed5d43e9c5917dddc63795b807da0691e

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 13 Dec 2023 02:42:38 GMT
content-type: text/plain
set-cookie: csu=569946163792295@1@1702435358; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5B4Z4USkifkJunOWuDYRdX4zoudbof8MDOzPCb9oWkeGaJvqS58JQl8HRxAlsXukCYJnbwxziZsvJI2Z2WsuMuMR6pUzaxEAyy4AY9AUEK3BoCJ9xqatbuwFFbstZ4Yh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adadbff7a8880-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
FingerprintA4:AF:A0:00:99:C9:85:E5:30:F6:F3:F2:B5:4F:AE:4F:D0:46:74:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
JSON data - , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1365
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 13 Dec 2023 02:43:28 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://userscloud.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data - , ASCII text
Size
65 B (65 bytes)
Hash
0135d7ba20549f8d76679f2d8b99041c
a2f838cdeaf0d6f6d07fa1f90957f4b80c987749
89e3bc3408551aa75bb99a21cd155821847a684c551efd62547ce00803e4d265

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 13 Dec 2023 02:42:38 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5633c6db2ebe47c9b562e0778423cd78; expires=Thu, 12 Dec 2024 02:42:38 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp37udV99VrLBtif4WOUpcoDYHpCEhvWplM3y4if2RCuQxqFMmGpY5kI3jp6AIfYHv61lQsm-w

142.250.150.84

302 Found

401 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp37udV99VrLBtif4WOUpcoDYHpCEhvWplM3y4if2RCuQxqFMmGpY5kI3jp6AIfYHv61lQsm-w
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:3A:D9:47:14:B0:78:30:A1:BF:B4:45:F6:F5:81:AD:0A:C7:76:89
ValidityMon, 20 Nov 2023 08:02:55 GMT - Mon, 12 Feb 2024 08:02:54 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document, ASCII text, with very long lines (393)
Size
401 B (401 bytes)
Hash
de1fde8294489f86d90e06d0ddf1331a
6ab73482da4678bc62de0d9992d497d8ef37f872
012c2ca506d5fd35f3bc5b3d8f0214b51a3775cd754f023232309317a15824c5

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp37udV99VrLBtif4WOUpcoDYHpCEhvWplM3y4if2RCuQxqFMmGpY5kI3jp6AIfYHv61lQsm-w HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:5TQ6Cvf9kcfphwBRHglmeVsoP0gEqQ:sNfHdN-7yI8al1fU;Path=/;Expires=Fri, 12-Dec-2025 02:42:38 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 13 Dec 2023 02:42:39 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp3LyTF73s0NLsxFDNq1EvD694nZRIt03J3eOK3Td2O_wR656c4zZpBh4d5NpsgQB-TSWlax&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1510140174%3A1702435359001980&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-4sU-wFBxtMpYjg_rVEOA0w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 401
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0AthoEi56BXFyHOdIxg8-BZWaYyD1z1n1tSymRJ-ukOxgvb1c6CUb3ikTLUc-yxXsMDox-nQ

142.250.150.84

302 Found

403 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0AthoEi56BXFyHOdIxg8-BZWaYyD1z1n1tSymRJ-ukOxgvb1c6CUb3ikTLUc-yxXsMDox-nQ
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:3A:D9:47:14:B0:78:30:A1:BF:B4:45:F6:F5:81:AD:0A:C7:76:89
ValidityMon, 20 Nov 2023 08:02:55 GMT - Mon, 12 Feb 2024 08:02:54 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document, ASCII text, with very long lines (398)
Size
403 B (403 bytes)
Hash
5167ab5a94a7eb44b986e35e58be46c8
4bd82f9516b63a81b00bbbc84577203f3ee7df27
e24990446b851b5b41c8688123ef7a7e90361698f40aa7fce6c01da70d02301c

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0AthoEi56BXFyHOdIxg8-BZWaYyD1z1n1tSymRJ-ukOxgvb1c6CUb3ikTLUc-yxXsMDox-nQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:lPkdh3i4fPDquV-OwrX__gjLVtwgcA:gyl6Io4_IMuqnYSa;Path=/;Expires=Fri, 12-Dec-2025 02:42:38 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 13 Dec 2023 02:42:39 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0c_MFax6GYyGeA6ats8Bkd4BR3ak97p8LFzs62s7WaD1CV5_AxrO6mFXBb1zzxfblzJG25&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2012849120%3A1702435359011700&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-iU9fak2If3TRsIuKfdQNmw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

goomaphy.com/500/4859604?excludes=&oaid=5633c6db2ebe47c9b562e0778423cd78&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2F5fmg7tw3hyc6&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0

139.45.197.239

200 OK

0 B

URL OPTIONS HTTP/2
goomaphy.com/500/4859604?excludes=&oaid=5633c6db2ebe47c9b562e0778423cd78&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2F5fmg7tw3hyc6&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectgoomaphy.com
Fingerprint76:09:CE:CA:DB:32:34:61:6D:9D:6E:FC:84:17:F2:07:82:3C:FE:73
ValidityMon, 13 Nov 2023 05:07:14 GMT - Sun, 11 Feb 2024 05:07:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/4859604?excludes=&oaid=5633c6db2ebe47c9b562e0778423cd78&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2F5fmg7tw3hyc6&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://userscloud.com/
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 13 Dec 2023 02:42:39 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg

172.67.22.216

200 OK

12 kB

URL GET HTTP/2
offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 - data
Size
12 kB (11455 bytes)
Hash
59d005e99dabed8d7a753617b9dfe4d6
5b4b05e20f8496be4f1f8d9e93adc1e1ccfbe383
d09719c31f8376e40f2a23e1e9833214527ec837e61e2e715752d58a1154bd31

HTTP Headers

GET /www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 13 Dec 2023 02:42:39 GMT
content-type: image/jpeg
content-length: 11455
cache-control: max-age=86400
cf-bgj: h2pri
etag: "631844d9-2cbf"
expires: Wed, 13 Dec 2023 05:12:44 GMT
last-modified: Wed, 07 Sep 2022 07:14:33 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 77395
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 834adae5ffceb517-OSL
X-Firefox-Spdy: h2

goomaphy.com/impression/uBnn7jdeM4WIAaKxORr4fzQ_JrmNyMmYBiLwS9O9IfJWvO857s4-Ktt7UTW-6a-mSukJTLyfWuktugk4nU5ShSP867ghHE-YD5wBOg-kUSVx7Hr1DZT0KX5WnUndv80HpBpaw8IzSxNX63XU7x_9C52Utw03bKdjx3Nramzm9zurtPHCY2VNG6wlXHgyd-_yCjIqBKw-ZcDY07Xb2MdvshoiYOlIPpTTvl91z8IRWDhweBk7ePE8Q9G90ys3HlyaHYSVMtGcLE_6JYp3vRg7U4EH1c3ipE82hkbKlnAUk25fOEBCl4tIunDIBMcUed039BC6TrISqN6PZoeQNW-vKc9mu2h-zsfpc3LRRn7hyrZ9SQJEwcUYevSYRnmcT2-y4p9800OwIBVK7XwUCSO8Ca2KQ33eKtLzPw__ciwn8Cc09-d8sOZKkgQb3a7gWEMdbAombip4wchxPro4yfSTG0fXgFQWBhmz0nNzXgGxh4opdwhXo_A1xS0Tm2Z8Fele7Ea1ppeZl--tM4cdkU9PNlYtuM1bgJkkFxdfPQig5maVSojJOvXCBkUbH-82gFAA1IT51Jd6GqSNYiOB_jknRQ==?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2F5fmg7tw3hyc6&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0

139.45.197.239

200 OK

43 B

URL GET HTTP/2
goomaphy.com/impression/uBnn7jdeM4WIAaKxORr4fzQ_JrmNyMmYBiLwS9O9IfJWvO857s4-Ktt7UTW-6a-mSukJTLyfWuktugk4nU5ShSP867ghHE-YD5wBOg-kUSVx7Hr1DZT0KX5WnUndv80HpBpaw8IzSxNX63XU7x_9C52Utw03bKdjx3Nramzm9zurtPHCY2VNG6wlXHgyd-_yCjIqBKw-ZcDY07Xb2MdvshoiYOlIPpTTvl91z8IRWDhweBk7ePE8Q9G90ys3HlyaHYSVMtGcLE_6JYp3vRg7U4EH1c3ipE82hkbKlnAUk25fOEBCl4tIunDIBMcUed039BC6TrISqN6PZoeQNW-vKc9mu2h-zsfpc3LRRn7hyrZ9SQJEwcUYevSYRnmcT2-y4p9800OwIBVK7XwUCSO8Ca2KQ33eKtLzPw__ciwn8Cc09-d8sOZKkgQb3a7gWEMdbAombip4wchxPro4yfSTG0fXgFQWBhmz0nNzXgGxh4opdwhXo_A1xS0Tm2Z8Fele7Ea1ppeZl--tM4cdkU9PNlYtuM1bgJkkFxdfPQig5maVSojJOvXCBkUbH-82gFAA1IT51Jd6GqSNYiOB_jknRQ==?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2F5fmg7tw3hyc6&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectgoomaphy.com
Fingerprint76:09:CE:CA:DB:32:34:61:6D:9D:6E:FC:84:17:F2:07:82:3C:FE:73
ValidityMon, 13 Nov 2023 05:07:14 GMT - Sun, 11 Feb 2024 05:07:13 GMT

File type
GIF image data, version 89a, 1 x 1 - data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/uBnn7jdeM4WIAaKxORr4fzQ_JrmNyMmYBiLwS9O9IfJWvO857s4-Ktt7UTW-6a-mSukJTLyfWuktugk4nU5ShSP867ghHE-YD5wBOg-kUSVx7Hr1DZT0KX5WnUndv80HpBpaw8IzSxNX63XU7x_9C52Utw03bKdjx3Nramzm9zurtPHCY2VNG6wlXHgyd-_yCjIqBKw-ZcDY07Xb2MdvshoiYOlIPpTTvl91z8IRWDhweBk7ePE8Q9G90ys3HlyaHYSVMtGcLE_6JYp3vRg7U4EH1c3ipE82hkbKlnAUk25fOEBCl4tIunDIBMcUed039BC6TrISqN6PZoeQNW-vKc9mu2h-zsfpc3LRRn7hyrZ9SQJEwcUYevSYRnmcT2-y4p9800OwIBVK7XwUCSO8Ca2KQ33eKtLzPw__ciwn8Cc09-d8sOZKkgQb3a7gWEMdbAombip4wchxPro4yfSTG0fXgFQWBhmz0nNzXgGxh4opdwhXo_A1xS0Tm2Z8Fele7Ea1ppeZl--tM4cdkU9PNlYtuM1bgJkkFxdfPQig5maVSojJOvXCBkUbH-82gFAA1IT51Jd6GqSNYiOB_jknRQ==?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2F5fmg7tw3hyc6&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=5633c6db2ebe47c9b562e0778423cd78
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 13 Dec 2023 02:42:43 GMT
content-type: image/gif
content-length: 43
x-trace-id: 08011a14d9198d7964b9ad9ef3097cd7
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0c_MFax6GYyGeA6ats8Bkd4BR3ak97p8LFzs62s7WaD1CV5_AxrO6mFXBb1zzxfblzJG25&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2012849120%3A1702435359011700&theme=glif

142.250.150.84

403 Forbidden

12 kB

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0c_MFax6GYyGeA6ats8Bkd4BR3ak97p8LFzs62s7WaD1CV5_AxrO6mFXBb1zzxfblzJG25&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2012849120%3A1702435359011700&theme=glif
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:3A:D9:47:14:B0:78:30:A1:BF:B4:45:F6:F5:81:AD:0A:C7:76:89
ValidityMon, 20 Nov 2023 08:02:55 GMT - Mon, 12 Feb 2024 08:02:54 GMT

File type
gzip compressed data, max compression - data
Size
12 kB (12259 bytes)
Hash
a5c393fad15cb9035938cdd443afa997
17bcbf923a4a1ed9f68588835348c6fe4aeedbdd
db14452e97f43958155db4aa73efd92ff26b21a31fa49edd0f7a380aca217faf

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0c_MFax6GYyGeA6ats8Bkd4BR3ak97p8LFzs62s7WaD1CV5_AxrO6mFXBb1zzxfblzJG25&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2012849120%3A1702435359011700&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 13 Dec 2023 02:42:39 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-jQC0dZnflaibFFADkbD82g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

userscloud.com/assets/library/jquery/jquery.min.js?v=v2.0.0-rc8&sv=v0.0.1.2

188.114.97.1

200 OK

34 kB

URL GET HTTP/3
userscloud.com/assets/library/jquery/jquery.min.js?v=v2.0.0-rc8&sv=v0.0.1.2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
ASCII text, with very long lines (32072)
Size
34 kB (34207 bytes)
Hash
bdce12c949e78d570c8d44e9c2b23508
9afdc4fec954646bd6270caf82f107fdef605bc5
c73b004ebf31b395cf237c3d2b13c1e576f385e04660ceb5f7be163ff3c201dc

HTTP Headers

GET /assets/library/jquery/jquery.min.js?v=v2.0.0-rc8&sv=v0.0.1.2 HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 25 May 2014 12:12:31 GMT
vary: Accept-Encoding
etag: W/"5381de2f-16b88"
expires: Fri, 22 Dec 2023 06:22:37 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: HIT
age: 1801200
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nciaxium%2B%2FP6guUCG3LkSSBE28BXfTzpI%2Bq4qf6sFFR1C1JGhihJZGiUl4aVNW8DCknv6nOcaMApAagCGKgES1XOCxswNPWKZhfohP2yzY3oacJbCThxyUDWy2as0HhxBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adada3f4c0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0 - data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:46:25 GMT
expires: Fri, 06 Dec 2024 15:46:25 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 471379
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0 - data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 04:57:34 GMT
expires: Fri, 06 Dec 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 510310
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

userscloud.com/cdn-cgi/rum?

188.114.97.1

204 No Content

0 B

URL POST HTTP/3
userscloud.com/cdn-cgi/rum?
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 487
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Wed, 13 Dec 2023 02:43:01 GMT
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 834adb6d89250b45-OSL
x-frame-options: DENY
x-content-type-options: nosniff

userscloud.com/assets/vendor/core/bootstrap.js

188.114.97.1

200 OK

46 kB

URL GET HTTP/3
userscloud.com/assets/vendor/core/bootstrap.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
ASCII text, with very long lines (524)
Size
46 kB (45935 bytes)
Hash
4c9e4799bf2544b007be51273ebcf261
b7cf2d7bfc287dbc71293bb6b590c7557e8d7334
567795e373535ee36eaa0805687b1ba40b46c192cba6c56d83767f320bf14c2c

HTTP Headers

GET /assets/vendor/core/bootstrap.js HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: application/javascript; charset=utf8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=67546
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
etag: W/"64b79761-107da"
expires: Tue, 26 Dec 2023 05:54:58 GMT
last-modified: Wed, 19 Jul 2023 07:57:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1457259
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uMOzVOKVf8VZttPcavGg42PZ8Kqv0uZbQ6ALUFcu5lFeIOYMvEbqYO2pW0RkX55m01vYLnLbiOa7uJ5otR2CFBwM8kA4MDX%2BpxdnL0TtnNP8dYc0iOVYDwHwfPYpwEyH6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adada1f440b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

userscloud.com/assets/vendor/core/jquery.nicescroll.js

188.114.97.1

200 OK

73 kB

URL GET HTTP/3
userscloud.com/assets/vendor/core/jquery.nicescroll.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
ASCII text, with very long lines (3017)
Size
73 kB (73248 bytes)
Hash
04ce40702fe23a251ac39b5a3d16912c
399bc3cc5c1e0971b6ca98f47f93dde61e33d5fb
dcc9042d6e57da51821acd007645a5269b176f61c9d35146966f971edba08396

HTTP Headers

GET /assets/vendor/core/jquery.nicescroll.js HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: application/javascript; charset=utf8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=115828
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
etag: W/"64b7976a-1c474"
expires: Mon, 25 Dec 2023 05:19:34 GMT
last-modified: Wed, 19 Jul 2023 07:57:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1545783
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=taQ0RKmXBX%2BLxYtIzYZuHz5DKOgqIlJZFSggfbvtyBNc%2FbWebLw6MmfPQqfxZJ3s1BL8nImWZlktydlHCgCXwJMo8ZHl6g4K3iu%2BdkciVdh5ApwMf%2FFFZZMeIPLtF0Bckg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adada1f410b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.106

200 OK

11 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text
Size
11 kB (10615 bytes)
Hash
dbdc7ee435c6a7f4277bfc7fedf28368
8194a5d7e0108bed7abb001d8bf2b8985a5aa2ca
91b113cbf5aedc9b93ceebe313863344b1ead775a618a7e9f31f9e98dbbdf227

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 13 Dec 2023 02:42:44 GMT
date: Wed, 13 Dec 2023 02:42:44 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

104.16.56.101

200 OK

20 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
IP
104.16.56.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint89:79:35:ED:04:A2:CA:50:F7:9A:B8:FE:DF:A5:0C:B1:F2:E6:DD:E8
ValidityMon, 10 Apr 2023 00:00:00 GMT - Tue, 09 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (19986), with no line terminators
Size
20 kB (19986 bytes)
Hash
dd1d068fdb5fe90b6c05a5b3940e088c
0d96f9df8772633a9df4c81cf323a4ef8998ba59
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

HTTP Headers

GET /beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 834adad90fa90b06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.166.32

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.166.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 13 Dec 2023 02:42:38 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 13 Dec 2023 00:40:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WosC7S1z0b0%2Bf4g3Rw4jIWjCJaevlMg95Fk7uSujmiPSV4B%2F5wmP1dzzClnUVJF4Ec0I4BaPAhWbxpvyR6oI4p5VPoFVlyoZym%2BfO06IE9TC1dlIOm05IfS9Z0CHg10Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 834adadc2fc78880-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

userscloud.com/5fmg7tw3hyc6

188.114.97.1

200 OK

469 kB

URL User Request GET HTTP/2
userscloud.com/5fmg7tw3hyc6
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type

Size
469 kB (468894 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /5fmg7tw3hyc6 HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Tue, 12 Dec 2023 02:42:37 GMT
set-cookie: lang=english; domain=.userscloud.com; path=/
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYXuwOUtkZBrfgT3s84chOE8D9wzBZdqwLsaZE1gy29K2IB62v99KuXqMQHdR9Qukprp0qWL4cdTQ6R980cSNO7ETYmS49XnzyxOVnipJkNwEshEfcBw2daoSXan6h3McA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adad5d9cd56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.166.32

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.166.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 13 Dec 2023 02:42:38 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 13 Dec 2023 00:40:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xPM0FO04Wz1TPG%2F2XrDo0PxSBxdijcbNmMlSO71pl5FoSOvwrHsG8FEmER0Iw8mNTF%2FwcXkzM5NOzzo%2Bpsu61QsxQhF3YV1TQVG8YmKusVCtgmvY6hULtXzZpMPgw%2BJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 834adadc2fcb8880-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp3LyTF73s0NLsxFDNq1EvD694nZRIt03J3eOK3Td2O_wR656c4zZpBh4d5NpsgQB-TSWlax&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1510140174%3A1702435359001980&theme=glif

142.250.150.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp3LyTF73s0NLsxFDNq1EvD694nZRIt03J3eOK3Td2O_wR656c4zZpBh4d5NpsgQB-TSWlax&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1510140174%3A1702435359001980&theme=glif
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:3A:D9:47:14:B0:78:30:A1:BF:B4:45:F6:F5:81:AD:0A:C7:76:89
ValidityMon, 20 Nov 2023 08:02:55 GMT - Mon, 12 Feb 2024 08:02:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp3LyTF73s0NLsxFDNq1EvD694nZRIt03J3eOK3Td2O_wR656c4zZpBh4d5NpsgQB-TSWlax&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1510140174%3A1702435359001980&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 13 Dec 2023 02:42:39 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-3ghKDD2ui8atHON8gAakOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

userscloud.com/uc/vendor/font-awesome.min.css

188.114.97.1

200 OK

24 kB

URL GET HTTP/3
userscloud.com/uc/vendor/font-awesome.min.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
ASCII text, with very long lines (23673), with no line terminators
Size
24 kB (23673 bytes)
Hash
119f4133d5b93cb4e19f994a653ea95c
8eab23294c2d67f23137e27f12b1920a7fe442f6
69ef379cc3ea00f00d2f6260aee0ca937260f374b2e0ab8b8ce0cb5133679816

HTTP Headers

GET /uc/vendor/font-awesome.min.css HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: text/css
last-modified: Sat, 02 Jan 2021 15:50:50 GMT
vary: Accept-Encoding
etag: W/"5ff0965a-5c79"
expires: Sat, 23 Dec 2023 02:31:18 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: HIT
age: 1728679
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hgt1bQ7JTQ6HQrRYzq%2Bt499FG%2B%2Fiaaf1yiScfhQ2Kxj7CITUu5PHL6Ydhp%2BcVrxF0RBdfmMdNJgoSKikrBtA62IMSBcIBwp62SJ%2FywQMRttVO%2B1Fsug61FAVnPAx6FcVaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adad8cef10b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

userscloud.com/css/app/layout.min.css

188.114.97.1

200 OK

6.1 kB

URL GET HTTP/3
userscloud.com/css/app/layout.min.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
ASCII text, with very long lines (6115), with no line terminators
Size
6.1 kB (6105 bytes)
Hash
4beaa77f63c0f783d7f361202288d7d1
28fe633d455573f188f12a09af12873389214289
f8b79b8ac735e0278cd54f105c6ca96924e12cfcb9c5090c3382eb157967b2cf

HTTP Headers

GET /css/app/layout.min.css HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: text/css
last-modified: Sat, 02 Jan 2021 15:52:04 GMT
vary: Accept-Encoding
etag: W/"5ff096a4-17d9"
expires: Fri, 22 Dec 2023 04:10:24 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: HIT
age: 1809133
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pacKQmo1V%2FKfd9dyg%2FVNUcBnIIMbfTv3ohTiciwyvFIBjFRy%2Bn8AoggSGQWInTLxNnnuh1ewuK%2FNbevODKw8hY8Jh0c5ude0FsnO4UqSrTzhCFUws%2FrhTI4wjBsLAj%2FC%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adad8cef60b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

userscloud.com/css/app/navbar.css

188.114.97.1

200 OK

22 kB

URL GET HTTP/3
userscloud.com/css/app/navbar.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
ASCII text, with very long lines (21541), with no line terminators
Size
22 kB (21541 bytes)
Hash
e5966e208e3efb6d8685e3a7af083e99
857f31674d38b5bff935788d0ec2e7f75fbbc7c5
7bd50417ade257be6ce545fca12e92a3d87743f6c979b3b1b25413525c52f977

HTTP Headers

GET /css/app/navbar.css HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=21572
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
etag: W/"591dba6e-5444"
expires: Fri, 22 Dec 2023 04:10:24 GMT
last-modified: Thu, 18 May 2017 15:14:54 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1809133
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ws%2B6tPBN6fGnWD9yOeYhNRdyDuowXpkpWqCIZpdPFy%2FUdk3EkpHlxdChnnuRZLDdmeXFhIapIHquj1W9u%2Br8K4lJdx0xQFcr9CCzj5XkJ9qSZ4Dk7ncCKHvRz7e7pQxBlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adad8cef70b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tzegilo.com/stattag.js

172.67.193.52

200 OK

19 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.193.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
FingerprintF2:F3:F8:C4:40:73:B6:FE:DD:58:70:D7:13:25:D2:51:21:88:50:0B
ValiditySun, 03 Dec 2023 17:24:18 GMT - Sat, 02 Mar 2024 17:24:17 GMT

File type
ASCII text, with very long lines (18369)
Size
19 kB (19019 bytes)
Hash
89e89aea544ea2785d49cc4cd9cf26f6
7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b
86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 13 Dec 2023 02:42:38 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:52 GMT
etag: W/"64f987a8-4a4b"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6787
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wB7jtUNzJJs7x2FMnAuhE300Faik4r1QlVO5yy1zlvjlfpXvUGdHHXT1H8IiZ1WLIfidZDrd9ACscq2p8G5Uz%2BhiHrHHjACnkqFmGQEo%2F2zKtYO53KjWAPk54Ae%2F1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 834adadfbb8e56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.166.32

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.166.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 13 Dec 2023 02:42:38 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 13 Dec 2023 00:40:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PINUIk%2BV48NK6BVxvxdsK8N1FkkyMbnHEYqHKvJ1D2G7fv9KleJ%2Ff62%2B51ODZO4jnT22VgXIUOX%2BdE41AYfVxdk39gF%2Fj%2FOYd15Gr68gB%2BLe4CgJmx33tcpIYfDeuqSz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 834adadc5fef8880-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

userscloud.com/css/vendor/bootstrap.css

188.114.97.1

200 OK

113 kB

URL GET HTTP/3
userscloud.com/css/vendor/bootstrap.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
113 kB (112979 bytes)
Hash
fb92411a60a8991cc518340cd318074d
fb07c3c93163fe3f995ae3effe5a76ffcbf235ea
3b51bdd84feefd84aae1e1ddd6cbd4196dd91069e98d6508d4bc24d1105d5bdf

HTTP Headers

GET /css/vendor/bootstrap.css HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=113031
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
etag: W/"591db9d6-1b987"
expires: Sun, 24 Dec 2023 06:39:22 GMT
last-modified: Thu, 18 May 2017 15:12:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1627395
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkqdvcrusS6bDPzLJkgBEE2uEo7reLu1uCnAHusCQOcdbLEaFTu9SLO%2BuX0RTTt92QE385DxFWSq4ZIrcASMHO3YEoZFIMpxyCuXFLQP%2FZa0a4yEWrh%2FF6heFPtx%2B%2Ffkqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adad8cef30b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

userscloud.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

188.114.97.1

200 OK

12 kB

URL GET HTTP/3
userscloud.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
ASCII text, with very long lines (12331)
Size
12 kB (12332 bytes)
Hash
88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 15:04:24 GMT
etag: W/"6569f5f8-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F8fNGWSnnCNt1o%2BlKuS8RctcRzs4kpV5cM%2B37wOsgO4CIbe525Tqf2a0deJd1a4lYrMWrHn%2FvD8ssSBM%2BT5x4OqDcnVpNqKKADTaGyCoTyVD8I2XVd9e%2BBZUyDO8MNDnRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 834adad8def90b45-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 15 Dec 2023 02:42:37 GMT
cache-control: max-age=172800, public
content-encoding: gzip

userscloud.com/favicon.ico

188.114.97.1

200 OK

5.4 kB

URL GET HTTP/3
userscloud.com/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel - data
Size
5.4 kB (5430 bytes)
Hash
8ad832e694d4bee05f49fdfbeca3fb25
d552e7ba68c8740cd030e6685a5d73e2e1d6c90b
9676e705dc3929ed2f535545cdcca0fedefa193a85370ebde7eec1e9d6ecec0c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:38 GMT
content-type: image/x-icon
last-modified: Sat, 02 Jan 2021 20:27:44 GMT
vary: Accept-Encoding
etag: W/"5ff0d740-1536"
expires: Sun, 24 Dec 2023 07:56:36 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: HIT
age: 1622762
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ptPkJ2Zr%2B54rwwZAzdiIAgG6oyBDBixcExLR3nwU3gyAjEArN5Akb9Z4NaZMoqzdbMiMw6gQQGEilBOoLXr4t1jjxCKiRMN6K8kj6BpPDZ99bQcGydQ1kfGYe9tv6wGHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adadf48600b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

userscloud.com/css/app/essentials.css

188.114.97.1

200 OK

47 kB

URL GET HTTP/3
userscloud.com/css/app/essentials.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectuserscloud.com
Fingerprint4B:C9:03:8D:9F:C2:E0:B5:01:4E:DC:D5:B0:1B:0E:92:7B:97:6E:F0
ValidityMon, 30 Oct 2023 09:26:09 GMT - Sun, 28 Jan 2024 09:26:08 GMT

File type
ASCII text, with very long lines (47086), with no line terminators
Size
47 kB (47086 bytes)
Hash
f61a433d3e58381dd4132ae1175084f2
744d0c59c5785dc76533d17b6208643070200c04
34a050c1e86080adb47ce332ff806e048bcb5ab73abbb25e73503f251dfb1df4

HTTP Headers

GET /css/app/essentials.css HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/5fmg7tw3hyc6
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 13 Dec 2023 02:42:37 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=47095
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
etag: W/"591dba06-b7f7"
expires: Thu, 28 Dec 2023 06:22:04 GMT
last-modified: Thu, 18 May 2017 15:13:10 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1282833
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6dC3AaCQgkWlOFYzTV4YmFV4jImUcIMrxrjJfLFRmoSL3DsQGu2xGYJQOeix6NqZF9y2AqpSVAiKpo9g8gnAzBKb5iGIVVHwUKk9ljt%2B10KZuHw9BGzGgLQ1wnmthViwAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 834adad8cef50b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

goomaphy.com/401/4859604

139.45.197.239

200 OK

89 kB

URL GET HTTP/2
goomaphy.com/401/4859604
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://userscloud.com/5fmg7tw3hyc6
Certificate
IssuerLet's Encrypt
Subjectgoomaphy.com
Fingerprint76:09:CE:CA:DB:32:34:61:6D:9D:6E:FC:84:17:F2:07:82:3C:FE:73
ValidityMon, 13 Nov 2023 05:07:14 GMT - Sun, 11 Feb 2024 05:07:13 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (88931 bytes)
Hash
2c5d6227b0ecb47f05f019c115bca443
95d328e7fae686493dd08f74965f4464003b78d2
f61ee45c18c5c7f57164c2ce6e54822d2a1314032cf7165680f71d209b5b2ccb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/4859604 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 13 Dec 2023 02:42:38 GMT
content-type: application/javascript
x-trace-id: d980a0bf5e748bdc0e5e669bc8f214d5
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=64f72110d4c0405895bcae9e72478913; expires=Thu, 12 Dec 2024 02:42:38 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML