Report - accept.obviouslyus.xyz/

Report Overview

Submitted URL
accept.obviouslyus.xyz/
IP
104.21.27.14
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-30 14:42:18
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
118

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	70 kB	34.120.237.76
accept.obviouslyus.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	18 kB	705 kB	104.21.27.14
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.41.253.170

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-30	medium	accept.obviouslyus.xyz/	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMTQ2NTM4ODcxL2wvNDE2NzUxNTIxLmpwZz8xNTI2NjQwMDQ5	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDgxMDYyNzY4L2wvMTQwODQ1MzE1OS5qcGc/MTYzNzg4MjkwMg==	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjgyODMyNzk1L2wvODAwMTQ2MzczLmpwZz8xNTc1OTgyMjYz	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTMzNjkxNTYxL2wvMTYxNDYwOTIzMS5qcGc/MTY1NzE4NTEwNw==	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjIzOTQ3MjU2L2wvNjM2NDY0MzkyLmpwZz8xNTU2MzY1Mzk1	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjU1NzU2NzE0L2wvNzI0MjI1NzUzLmpwZz8xNTY3MzMyODU2	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzc3NzU1NzIzL2wvMTA2NTUxNTgyMy5qcGc/MTYwNTE4MjY2Nw==	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjk5MDY4OTM0L2wvODQ0NjYwMjkzLmpwZz8xNTgxNTk5NDg2	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMTE0OTk4MDUwL2wvMzI1MjIxMzgxLmpwZz8xNTEzMTQ1OTI4	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzAzNDE1MzY3L2wvODU2NDAzMTU3LmpwZz8xNTgzMDQ4Mjc1	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzk4OTk4NzgxL2wvMTEyNjE0MzY2Mi5qcGc/MTYxMTM5NDc4MA==	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTAzNzU1MTg3L2wvMTQ5NDYxMDIyNy5qcGc/MTY0NjAwMjY2Nw==	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTEzMzgzNDc5L2wvMTUzMzI0MzA0OC5qcGc/MTY0OTU3MTM4Nw==	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDU1MTg5NzE0L2wvMTMxNDA2NjcxNS5qcGc/MTYyOTUzODkzOA==	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDE5NDk5NDQyL2wvMTE4NDY4MTg5MC5qcGc/MTYxNzU4MzQ4Ng==	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDQyNjg1Nzk2L2wvMTI2ODA3MzUxNC5qcGc/MTYzNjM2MTEwOA==	Malware
2022-09-30	medium	accept.obviouslyus.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	Malware
2022-09-30	medium	accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTQwMjQ2NDgyL2wvMTY0MTU2NjMxNy5qcGc/MTY1OTg3MDMxMw==	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed
2022-09-30	medium	obviouslyus.xyz	Sinkholed

JavaScript (2)

	URL	Size	First Seen	Last Seen
	accept.obviouslyus.xyz/	43 B	2023-03-07	2024-04-23
Pretty URL accept.obviouslyus.xyz/ IP 104.21.27.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:50 Last Seen2024-04-23 03:20:22 Times Seen520 Hash fa8fe7891315724038c6cf0288337122 d529ef7e3e566098770beeadad68481446492cfa 0817cadaebe48beb42d133dab916469fe60c4201ca1bbc6a319a2330904a0141 Loading...

	accept.obviouslyus.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-27
Pretty URL accept.obviouslyus.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.27.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-27 03:43:40 Times Seen55102 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

HTTP Transactions (58)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11223
Expires: Fri, 30 Sep 2022 17:49:10 GMT
Date: Fri, 30 Sep 2022 14:42:07 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 30 Sep 2022 13:58:05 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: M4uZ8GyXCBxpYi_dNjgknfW8WJb8YxAzCCxEwztBJJyH8p8BeKamVw==
Age: 2642

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 30 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ogeg53hBTEze5IrtEWoYfSD3m4M9CbuUwlQrLkNUYTJ_qP6EK6mldA==
age: 33220
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 30 Sep 2022 14:42:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 30 Sep 2022 14:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 30 Sep 2022 15:04:31 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Zb_YLq5MoKURfkHAfd45YHBuCyHQExASQ9KsD0aQEEqXhc9PrrqAwA==
Age: 754

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d1be374a29f94481ff2c021e35f4eaa0
e05e92d94b5e434e9935e560fd8dc33bdc393aea
37a5132d2183f5c3bfaac5c89df691fea72cac4423110df88bdeb231f430deee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6312
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 14:42:08 GMT
Last-Modified: Fri, 30 Sep 2022 12:56:56 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.41.253.170

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.253.170:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bZZ+G63AbNY0digUQfh9Yg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hg2yBfhEsr/727g68xNLrQMK3Wg=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7525
Expires: Fri, 30 Sep 2022 16:47:34 GMT
Date: Fri, 30 Sep 2022 14:42:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7525
Expires: Fri, 30 Sep 2022 16:47:34 GMT
Date: Fri, 30 Sep 2022 14:42:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7525
Expires: Fri, 30 Sep 2022 16:47:34 GMT
Date: Fri, 30 Sep 2022 14:42:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7525
Expires: Fri, 30 Sep 2022 16:47:34 GMT
Date: Fri, 30 Sep 2022 14:42:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10380 bytes)
Hash
139a144f8cb04ac8aae65f4bad1473e7
265840b2d2fc6eb764cc6409b05deee8d77a19c2
6e0f01b6bdd5a92e92c7b29a6172a2900c68900afd2abba948940621252e0fd8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10380
x-amzn-requestid: 35ee2a77-159c-4bb4-a825-98c638398586
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdZYHsTIAMFQNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f6f-4f68073432bcea371c7b8f03;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IENB0e-e13ywHJKPgyLWn1bGPMMxFLUu3cIUcREjGhxDEMROEL1jBg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:45:15 GMT
age: 61014
etag: "265840b2d2fc6eb764cc6409b05deee8d77a19c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2449b320-e517-4241-b0f6-96786331ba6a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11881 bytes)
Hash
13d4e2dbae75f2029d80396e4c8117a3
c5846663f31f7fbced777f0499caac638cc3c28b
ac0fb122c4f6857e9268faeacb387fcb1b1fb87cdfedb163574d3df451cf0447

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2449b320-e517-4241-b0f6-96786331ba6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11881
x-amzn-requestid: 4a49c2e9-a894-44df-b9a6-d02a9edc38a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPd5QHvbIAMF5uw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6336103b-127426cc20c4d17713c2df6f;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:38:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vRAcwp7ffhQQM_wlqjAvBPsk8lVDg8qqLL-MTAqo7qEocF1aE2bX8Q==
via: 1.1 7256fedee68a59a508800e0dda035348.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:46:05 GMT
age: 60964
etag: "c5846663f31f7fbced777f0499caac638cc3c28b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2016911-a1a6-4bdf-a8f3-89e94a0aaff7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7810 bytes)
Hash
456968f691ae9464d69a37bffe9bd7ce
31b8538deb0f00d5b4182739a4a2fcc1b956a998
5cde1e3158e6c6c0b7a01d3bd32f2aa292b3b205f604e5c4ed71cafedad06bf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2016911-a1a6-4bdf-a8f3-89e94a0aaff7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7810
x-amzn-requestid: 7f6d92e1-c7b1-4dd2-9efa-52ad324ca19d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK6pFvkoAMF_yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334beaa-362b7368566955966db78385;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TbPFEVDpMOjK26iu1UGcx56vtP7Pywq05VAylNubOIfbMgo1qGsA-w==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 23:45:42 GMT
age: 53787
etag: "31b8538deb0f00d5b4182739a4a2fcc1b956a998"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98c23448-09e3-4c05-86c5-dafbe6ca8a0e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8059 bytes)
Hash
d21d2bdcedbd619a80017054076319f9
86dd3bf133e9eddf8852f39e1ee695ee599ac886
fc5672d5a8e9c6a5ec531f7ba05b65c192af37edf6c3a48105df3685de44ec0d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98c23448-09e3-4c05-86c5-dafbe6ca8a0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8059
x-amzn-requestid: f8bb9e4b-9f3c-47ba-8524-de16155e536d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZNepwHAVoAMFvNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633544a4-5d884e29378635b60592b618;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 07:09:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NMiKZSkokVXNTV76vsVJ7VEu6YFfT9MqL7tHtT8CwZq0BwTbXOpm6Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 06:34:26 GMT
age: 29263
etag: "86dd3bf133e9eddf8852f39e1ee695ee599ac886"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16011 bytes)
Hash
1389b1d624b44706c7a6f6b7eb769241
78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d
c3c2526b98be06fc7e793e1150bacde2a7bd718e29a851a6e6992e8d84333790

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16011
x-amzn-requestid: d58dfdcd-383a-45ac-8ae2-2b97f016b6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdbjFy1IAMF84A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f7c-1ca9707a5e5087fd769d9ab6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QKHN1asEv6w1mTLxsmn7Oj5AZTsPcg0H8zv5_qQ1BYptjL254kCZdA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:20:36 GMT
age: 58893
etag: "78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d906d66-cd90-4963-827e-8d0564c0f787.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.1 kB (5106 bytes)
Hash
13a12db696bc2bf6a6ea2f48f4c1428e
3481dce8ab711111fc8863d88bee1a887cfd43ac
6dae6c9e5de4146e1f528a36a1795225c9731385f13927fc001fb3f9842fe8f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d906d66-cd90-4963-827e-8d0564c0f787.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5106
x-amzn-requestid: a906507c-8820-489c-9978-7d0fd026c862
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPd5PE0MIAMF3DA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6336103a-49eb3879088f17bc01d177c7;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: op_2CSOAx9-hqXvj1nOyitq0UXqIyItmquWjMkmMdKWnwoTIA_SA6A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:45:26 GMT
age: 61003
etag: "3481dce8ab711111fc8863d88bee1a887cfd43ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/

104.21.27.14

200 OK

7.4 kB

URL HTTP/1.1
accept.obviouslyus.xyz/
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (820), with CRLF, LF, NEL line terminators
Size
7.4 kB (7445 bytes)
Hash
b5fd2dfe5d59715b73d1da8eeb3357e3
f558507a06a5e7f899533df621500b3a166176ff
d8dadca7ba229ed1903100f83ebd035cf4633824783b54ff5d1386d6b04dacae

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 14:42:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: zenid=q79ga9ujb9dfd7cjsqu4rv18i5; path=/; domain=.accept.obviouslyus.xyz; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T2WuQFrXI8lB%2Fvhn9Rfs9Mjnybn4yO9JHxU%2Fkt5BxXWaFvETtadk0hPejgB0%2Ftyf4JaKH0zLABxibIjirMAmYcCxypS6WL6JVC1QAxSUOJdVmhhT6OBcAUNOvJo1ASqGoUCpepTavVK6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 752db92a5da6b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

accept.obviouslyus.xyz/includes/templates/lw_a45/images/logo.png

104.21.27.14

200 OK

10 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/logo.png
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 738 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10375 bytes)
Hash
b58907d482308fcc470024f9a336b602
4c9f5fecd4c52e096072de71c66891b480f81105
5f5ceee3802da525c9eec054355b7fdd2c551d2283d514f952da156bc8c8915b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/logo.png HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/png
content-length: 10375
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-2887"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JmJuPzize5TfXcrg9cVFp%2FWFMTzbNSD23l%2FTQ4PPXCHgK5fmkw7Db0X5wnRLnkRKujSpwpDvbXyCggS2hxKh4IPGLj20enD%2F5zw2tjx1yiQfgTY8XrSgSsTrCKJ1woOnlAcqaJQ7lQh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94eec030b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/rank_1.gif

104.21.27.14

200 OK

2.0 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/rank_1.gif
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 100 x 39\012- data
Size
2.0 kB (2024 bytes)
Hash
c9c1a377b2465fa88eb90f7f21fc4943
c329224a6ff30a92cb75e8d055d12185c30b54c6
0362db86a76badda7ca8dec6954d760c2bfe7b5c3e438682ff3213926d5a5c08

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/rank_1.gif HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/gif
content-length: 2024
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-7e8"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gAPY%2BZ%2BW1%2Byt3%2BhMBTbWe8Jj96ISuv%2Figx5WNqaaiteS%2FNqpQzq1et9%2FC84Nhe4UyinAQHBvRckGr57irHzfYdo382JJ8JlqtCviLXqT0sH%2FCrJ3Mk0ld4B2lPtXz6kGEBxldqzt62Ee"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94eec060b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-userinfo.png

104.21.27.14

200 OK

21 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-userinfo.png
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (20729 bytes)
Hash
282776802dbe54ad44ef05a0231549b8
abd3240c130f6453aeefa78b9604766c52a85e7f
187fcf1d9346330a0b57ddc24ec15a8982a4bebbfa1d51de001d8eea7029314e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/footer-icon-userinfo.png HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/png
content-length: 20729
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-50f9"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjEkf895zse28D0hZn4vsAO%2BuyYAr4Cix2bZ1etpI7Hoj9iV4F3wJyAOUfDhfrCusCZO5V9acbTUOSHQul%2BOw%2FYQ4qfpshttUkS7Xzjj1ot%2Fn4zoDAg7ZloQsGUMR7sPRDUA%2Fo%2FxbnzN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94efc2e0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-onoff.png

104.21.27.14

200 OK

23 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-onoff.png
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (23025 bytes)
Hash
6123c7feb75a3c7da4b3a27823c4e553
1420b1d26af4ced92e9be5f576b4868a9fea04a3
ef7e18edb6acca77e6ac3ff6e0f5b468bd69b5ccecb847539627ce36f6d2f76c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/footer-icon-onoff.png HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/png
content-length: 23025
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-59f1"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Hfp4U4CGdAiQhkuVY9h0lRhU8N4mp2CQeWydjd2k3eR%2FXV2En%2FVj%2Fjr4E6OcLHABFUL7JhO9F4F0Z60nTU1zFTpltsoqe95GlE8OAHldYdaDiYW6arUKfZ7fl%2BP3vtSlc7ahhj94M8Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94efc2a0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-pay.png

104.21.27.14

200 OK

21 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-pay.png
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (20731 bytes)
Hash
350602e85bf3f5e398bc23a1a42837b0
951c76c851b8faaa677ae7eb9780f1d25c8fc717
58e6040a9c2c9ef665fff2c79e4b0ebde3af2ddcc04af1b94cd80e047464c47f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/footer-icon-pay.png HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/png
content-length: 20731
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-50fb"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L99aj4n6T0NkVfpZ3EA2JoGQycohd3SZyFnysEQ5cfzQeUa4Uf4I8sDJ53ai04ry%2FQsSZvpJirk10HWHjZj5GsWFMIn2hUhqT56CxfRQEgat5YfkVQteixsc0T%2BKlMEmClM8lEn60LaA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94efc2b0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-shipping.png

104.21.27.14

200 OK

20 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-shipping.png
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (19906 bytes)
Hash
312c0785edd7e59c81636334c05b2759
014c2b21fa1ea8a457a0b8027c427ae761c236e7
81ee56e2de839432c2d91faded3d4d0bb1cbf22edb8064f1c138e90108f08dae

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/footer-icon-shipping.png HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/png
content-length: 19906
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-4dc2"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4KX7%2BRyW94lFqF9a%2Bm%2FOWpw6lbVUaY9AiSsDyib0dVbU0EKqyDcj%2BudoWve4B6T0qJb20r4cQCI6lFS41T9%2BFbPNYLtufQ0FRALNRxdgVofr2cV7Dm5jU68jFpizeVocbRKwMH4sccpY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94efc290b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-qna.png

104.21.27.14

200 OK

20 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/footer-icon-qna.png
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20517 bytes)
Hash
e126def98267881f46160041fddcd283
b8f207b6e9a190c180422b99e0fb4ac4c83cd86d
b66849e3a8aebe6e23e4f8348f1f77155e6a96bb744b68d88e35ffcd80806a59

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/footer-icon-qna.png HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/png
content-length: 20517
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-5025"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHUoKAC5LZuFVXFFzxg%2B9OS0ZWKvEuK6YaDDYLmUXUHTJu%2FmYXXVACRjobYRLYkVhNY9ci%2B4DvGUviftMmO6QYcUSXpsSb2wlT7XXK%2FG06ZBbdKZdpYsvmGRyjL8Biu9eveTv5OKNWyY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94efc2d0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/hello3.jpg

104.21.27.14

200 OK

83 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/hello3.jpg
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 992x818, components 3\012- data
Size
83 kB (83193 bytes)
Hash
5121162abd69cfcecd9252708c56cf6d
511661aa1f79720b0452c5c3d36c91833aabd152
0b394c10fb58ec0f000606254e02e09f67ff9d0da78302284a81203cfc77a608

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/hello3.jpg HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpeg
content-length: 83193
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-144f9"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2FAZ6noQinBXZ22bZMz6VtB7SMYAeVxbKo45euXYexp%2B%2BBt80RY4jKiKaPt%2BZPVoThIJjP50Q2EBDtFhSvUhWIdHdWayiC%2FIuYj9NdHdbHxB0PdGHTHUpWwBeR5AHMRdZhMYFpE6bBmv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94eec0c0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/fb.jpg

104.21.27.14

200 OK

52 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/fb.jpg
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x200, components 3\012- data
Size
52 kB (51860 bytes)
Hash
172bbaa6b8ea5a13cc65b9b0c92d00c6
baf66fd609e3581aae79ab78cb61b4a7b0a42910
4da850f172b4685b331e380b8dcb4f2f6301d72fdeda45177c9bcee60f8ad545

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/fb.jpg HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpeg
content-length: 51860
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-ca94"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GT7x0oNdQl4RHZelkqGotJkO1K41toCApEvUo76Tae4IaE5RyVVV8dWTdmESvvgWzQPyjFG6gXdAd3RcdG0eqmgcrutos75Hl%2FJHknLAwCWMn2532bnoZKzIqB%2Fzv%2F0woST%2BxrKdLv3l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94efc270b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/hello1.jpg

104.21.27.14

200 OK

44 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/hello1.jpg
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 587x497, components 3\012- data
Size
44 kB (44323 bytes)
Hash
6203fb33b6264af2076befabbed9e9bf
1aa286f78bb6f23938c3f9e36092c8d84e71bf4c
36879f1a2157deabf69b12134db941245e1185b46332a2a4068dca6a6ab35574

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/hello1.jpg HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpeg
content-length: 44323
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-ad23"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ts85RI6zr9yAdxJqnqFU0MeK9%2FAvJrg%2FZdY0sQMzNSGlL%2FKPKF1%2BhWWaq0YufRUSod3E%2FmT%2F75%2FdXgvUOvQTqZe0RpnGcKGG9yBLL5uWT5lilClSK8%2FpvSuiM3PmOJtXOZfpKnqCVesn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94eec080b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/hello2.jpg

104.21.27.14

200 OK

132 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/hello2.jpg
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 1200x1200, components 3\012- data
Size
132 kB (132151 bytes)
Hash
ce17eea1d6513a5761e6cfa89839bede
881c345203f5f9f410706d455b4413ab12f57e1d
e51f7b84f4b28c466d2e6a5b26a02e042a64d64f0c2307c4859161d608f7ebe1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/hello2.jpg HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpeg
content-length: 132151
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-20437"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1G4elrIpyePIBtqQiaezDMTSu9qX5UGRS05NxQ7DC8nW%2Fws8tRl7NIVxGwvfIJbFfVlRAlIKlDDnZQ%2BdIWZV0xZN0VEocxtHqCPFbVS9nm7yV0Zo0sk8i4gGiRUcWuTOWJveLmB%2BMFtx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94eec0a0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/images/slide_522635.jpg

104.21.27.14

200 OK

242 kB

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/images/slide_522635.jpg
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1635x660, components 3\012- data
Size
242 kB (241872 bytes)
Hash
3cce5f1757fddf7b7f0a53a067ebabb0
008c61882a701106ec765f8ea82e3acdc1a29171
89e101e5e5a19361fba1ee6772652106df8f9ca70d48137d89622eab915cb1fe

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/images/slide_522635.jpg HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpeg
content-length: 241872
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
etag: "62f9ecbb-3b0d0"
expires: Sun, 30 Oct 2022 14:42:13 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BdWWLyN7GjYik7FiNCkT9mivG8Y2zILF8C3XWj1f3v8Ocw%2B1%2B9D41Mt%2FtElmPSbNVKYF4I78qaaGypuZbiZre88X0i%2FP5iF4bQSxmx5%2F1a%2BTeaSyIptgM0r%2BF5pRZmRQpD2rshZFgfWb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94eec040b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/favicon.ico

104.21.27.14

200 OK

105 B

URL HTTP/1.1
accept.obviouslyus.xyz/favicon.ico
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
105 B (105 bytes)
Hash
f5755be425622c647f7b1bfc46c779d9
1f51e79cef0a25e8d04783b4e0a7660b76b6f657
24bf4d92ad9b12374ae1fe9ab145e89e62c3953c5c6274dbbf017d2574ad8ce4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 14:42:15 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Dec 2017 23:11:02 GMT
ETag: W/"5a457a06-1536"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6i5KMDwjhYAwd1Fqe3uRQR9%2FPYH5UN8FFaf%2BV1CAcx8o5naiQZ1p1N2%2FckIvGCoLhx9V9WqKtWOqhSrV0m%2B5dF2Nudi9iGtM2Qu44IOyLDMVilWBqOONCU1QnUFlaHIckBkpKFDCeelJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 752db95bf810b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b0ca911-b50f-4428-bc54-d62ec4bfbdd6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2883 bytes)
Hash
ba98a00397ab04917b88ea839aaa89ba
5394355bb1d55f59019512d573d1811ba75be13e
986115463c1ed51857aea255b32fa02af545c438a017948223aeb5ef0430b4ef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b0ca911-b50f-4428-bc54-d62ec4bfbdd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 2883
x-amzn-requestid: 36f47219-8c00-45d8-996d-e8721fc474da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdbaECEoAMFn1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f7c-59a9a1a165a00fc92f2dee7f;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 0DmySWIMOOriHJs6ryDgrUCc_fQqTN3ZJvOsEsvkYAy3eBM-KZUTOg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:52:00 GMT
age: 60616
etag: "5394355bb1d55f59019512d573d1811ba75be13e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_cart.css

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_cart.css
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/css/stylesheet_cart.css HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
vary: Accept-Encoding
etag: W/"62f9ecbb-214a"
expires: Sat, 01 Oct 2022 02:42:13 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2KeOdhawkSXiKEJKjeqFcytkpqEV6ympL5eHmX4elhoZHR2PKMSlU%2FwqM3bcn7j%2Fr3VtBR0eGjmMeFaNZ3z2GcDfUYPZr011LqLW5uoNH05emrFIxcUcjZVt2a1iFos0xlT4DsJAbuxJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc310b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMTQ2NTM4ODcxL2wvNDE2NzUxNTIxLmpwZz8xNTI2NjQwMDQ5

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMTQ2NTM4ODcxL2wvNDE2NzUxNTIxLmpwZz8xNTI2NjQwMDQ5
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMTQ2NTM4ODcxL2wvNDE2NzUxNTIxLmpwZz8xNTI2NjQwMDQ5 HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2PQlVTdU6bB7ook7szK9slRh30RNAKIOAlmRK1BeFdRQFyJNoHMOtPsg41OhGei4waR2UFDCESBlYMv8a0VopeWTkAYv63Vs245M9T2fmopXqsFyRYH4uAHsnmikdP7hu1AfE7wTyUWX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc140b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDgxMDYyNzY4L2wvMTQwODQ1MzE1OS5qcGc/MTYzNzg4MjkwMg==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDgxMDYyNzY4L2wvMTQwODQ1MzE1OS5qcGc/MTYzNzg4MjkwMg==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDgxMDYyNzY4L2wvMTQwODQ1MzE1OS5qcGc/MTYzNzg4MjkwMg== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBojO86g%2FPymUyEubBcx7Wf0wcYr2w%2FEkkvRcPX0zwVxcfsTg8uKWEAfpsjr8kdk7gN7sIwOCrAVrNvrvZFO2rn%2FLFFmrFsw7dgBwqCXSfsCu3UjVIDpi%2Bkf7%2FqnTQrMWcVrn1ydgBaG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc150b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjgyODMyNzk1L2wvODAwMTQ2MzczLmpwZz8xNTc1OTgyMjYz

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjgyODMyNzk1L2wvODAwMTQ2MzczLmpwZz8xNTc1OTgyMjYz
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjgyODMyNzk1L2wvODAwMTQ2MzczLmpwZz8xNTc1OTgyMjYz HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E0TAaf2GC0zSnoa7pWBidTjj1mZpSKgFWbhYH6DIfick%2BJBs9Cj6iIxTaRhIdWH6NLwt96NBTyMNyp7Tqacx%2BGzTbRzD7Ma%2B6u9l1cXwfv34DUpmUbSNuc5%2Fb%2Fmf71MjO6uqINqWb49b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc120b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_tm.css

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_tm.css
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/css/stylesheet_tm.css HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
vary: Accept-Encoding
etag: W/"62f9ecbb-9ed5"
expires: Sat, 01 Oct 2022 02:42:13 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8FTWZKIwvzBOKONcALk0RjD8D2QyFuzHdxoHGuZBac4cTwUOch%2FLyQM%2B8YXg37dADXcEtrK8L6NK3MpSkjsDuszx%2FqFPHngfpCi4hD0gnpaH2DH7o6UY%2BBWZ9YX5KuGNxuVb%2BG0adwln"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94eec010b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet.css

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet.css
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/css/stylesheet.css HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
vary: Accept-Encoding
etag: W/"62f9ecbb-37f9"
expires: Sat, 01 Oct 2022 02:42:13 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uutrVJ3uXIaS4iiiRB5T73Ppsgld9Dn8YuGlRZFTcl%2F02s0hnQivT00%2B4no2UXzJw2UHoMnzPR5s8ChvgHeD3vqaPOGp%2FDcAEDyu89c69XdHdHw6qZB5UmuIPzcmoRpymH4Q4T2vFuBG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc300b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTMzNjkxNTYxL2wvMTYxNDYwOTIzMS5qcGc/MTY1NzE4NTEwNw==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTMzNjkxNTYxL2wvMTYxNDYwOTIzMS5qcGc/MTY1NzE4NTEwNw==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTMzNjkxNTYxL2wvMTYxNDYwOTIzMS5qcGc/MTY1NzE4NTEwNw== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ybWYgm3QdYmYL0l3RcVRTMYuyewKYS1BklPMmhboQcYDDadiG%2Fplv6zgjFHJUEKXasXDaW8o3uVQHO2DfbAlYcccv6Lrbqd6p6O9n3XJU26qOVJYhc1wPFfrcig2WEhFWDHGu6Lqjl3G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc1c0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjIzOTQ3MjU2L2wvNjM2NDY0MzkyLmpwZz8xNTU2MzY1Mzk1

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjIzOTQ3MjU2L2wvNjM2NDY0MzkyLmpwZz8xNTU2MzY1Mzk1
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjIzOTQ3MjU2L2wvNjM2NDY0MzkyLmpwZz8xNTU2MzY1Mzk1 HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=birxa%2FgFfDyyaJ1pq2qel5rNNGgmf%2BG5A3Oci1De%2FmR9se2Au69g1O2uLDTUoiYlFDcrpLYS7UFavm5BaMUcmduE0bv0sQxewG8WEMv8J5L8fDRqvYXkbFflSH2UOhnJbaRLjzS9L%2F%2Fd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc190b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjU1NzU2NzE0L2wvNzI0MjI1NzUzLmpwZz8xNTY3MzMyODU2

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjU1NzU2NzE0L2wvNzI0MjI1NzUzLmpwZz8xNTY3MzMyODU2
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjU1NzU2NzE0L2wvNzI0MjI1NzUzLmpwZz8xNTY3MzMyODU2 HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V3sXOF9WQrCBi3DVBxLfMjrAuF%2BzUUajfdIL7sxw2BkH5F5kgbU%2BiSi5Un355yVP6rPkjXpb7%2FnTdwnxideYwnuBcOrNvtS6vii%2BQXZugmZPwe9PTw5R3SXIpxp7giKrKdhIJ7QnkiST"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc100b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/font/css/font-awesome.min.css

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/font/css/font-awesome.min.css
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/font/css/font-awesome.min.css HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
vary: Accept-Encoding
etag: W/"62f9ecbb-7918"
expires: Sat, 01 Oct 2022 02:42:13 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bxx%2FQfsCK0CpYYGHw2S40qt4fdoPRiNGMZLCYd%2F3efk0ntMNK0jSLbgUZ6wYWTkoswLhCzT0K0A9eFylTZgcamGdRJgnUJ4aXxd4CTckfZ4z5sqcB3lNHl6l7pOH1KhLafNS1uPIg%2FUC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94eebff0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_css_buttons.css

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_css_buttons.css
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/css/stylesheet_css_buttons.css HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
vary: Accept-Encoding
etag: W/"62f9ecbb-553"
expires: Sat, 01 Oct 2022 02:42:13 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3GAyfoa5f6Dwrsdy%2B1gB2BC0UnBIQuyjJu1fl9tVYc1VbEgqJQfLsdx0kSFwLvze7iPokgWW1UAMt6nfnvC9R36fR8ybwxpLUaNUdwAC%2Bc4JyHuH6f54q6V9EDM403s3iqSIlBLvxt2f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc340b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/css/style_categories.css

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/css/style_categories.css
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/css/style_categories.css HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
vary: Accept-Encoding
etag: W/"62f9ecbb-6cd"
expires: Sat, 01 Oct 2022 02:42:13 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9U670YsAjShus6fUh0EheMk9qZFbNoEJBKppDdt4znxzQGWjUnQUvHPoO7TCTSFx0L%2BkAR4ugy42CILN%2B%2BgShUys1Rcogq80fE6WEQ8iz4qMUazEIhNulSqcZGntdP6gHU%2FuKCk46Nzl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc2f0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzc3NzU1NzIzL2wvMTA2NTUxNTgyMy5qcGc/MTYwNTE4MjY2Nw==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzc3NzU1NzIzL2wvMTA2NTUxNTgyMy5qcGc/MTYwNTE4MjY2Nw==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzc3NzU1NzIzL2wvMTA2NTUxNTgyMy5qcGc/MTYwNTE4MjY2Nw== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wySAVWU2zkkzUOL8BoR0Op91Ia4aTNbbMD7J0D951dhbVlfafEtWsfiRTLlRWpVr77i5uX5rwC2QZX5Wobo3R44R%2FxdTCdhN7HFuyDQZdz3VgVZONLyWnQ%2F8Jzdz9dILWABv9Sg%2Bnxjk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc1a0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjk5MDY4OTM0L2wvODQ0NjYwMjkzLmpwZz8xNTgxNTk5NDg2

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjk5MDY4OTM0L2wvODQ0NjYwMjkzLmpwZz8xNTgxNTk5NDg2
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMjk5MDY4OTM0L2wvODQ0NjYwMjkzLmpwZz8xNTgxNTk5NDg2 HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XO8zEWY3OaILai1%2B1BpSjEkqPESc6TP3plksUmzvZRdFgn3Y%2BXA4KWGARde%2B9dskutF9F2tVAQLgrUkDjbQZaZNnX3fLyAol1lW7JLS0nHCkKrUHZsuFeQdID78%2Bxmqp6sKb%2Bl4twyK2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc170b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMTE0OTk4MDUwL2wvMzI1MjIxMzgxLmpwZz8xNTEzMTQ1OTI4

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMTE0OTk4MDUwL2wvMzI1MjIxMzgxLmpwZz8xNTEzMTQ1OTI4
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMTE0OTk4MDUwL2wvMzI1MjIxMzgxLmpwZz8xNTEzMTQ1OTI4 HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oyDBo6A0XyCzSckH83zEOosp0eHFgSrWfIgmL6m%2FmpLg088X81Z8kViHfami7tzSAQLns2ZTMBk3gZqS6j6VkgHJApXPC3BLd7212Jd6vv6wq30OIB4z83OItNYqolaOVXf09AwL%2FY01"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc250b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzAzNDE1MzY3L2wvODU2NDAzMTU3LmpwZz8xNTgzMDQ4Mjc1

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzAzNDE1MzY3L2wvODU2NDAzMTU3LmpwZz8xNTgzMDQ4Mjc1
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzAzNDE1MzY3L2wvODU2NDAzMTU3LmpwZz8xNTgzMDQ4Mjc1 HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kLu4WoLIDX9oVgQcFKuTzYLYEdSZxWheX6%2FtxSsDjBwxZiw%2FSJeaZaFVdH%2BxDjVLfomjI3jrJvzQm05wfIpvKCdhB8Jg4SBNlav2T3WpN0tzh96BkkhHOWEaPNVg%2ByyJ9vxj74RhQ0zB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc1f0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_related.css

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_related.css
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/css/stylesheet_related.css HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
vary: Accept-Encoding
etag: W/"62f9ecbb-80e"
expires: Sat, 01 Oct 2022 02:42:13 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8pOBnbZEgLbYKUU7FiEBLGPqV3ESqHnt0zOrbxOAKy9iY0rx50N5b92t6BVr0Wn0vMHO5Tl7fAAxG1wgRsqssOrgCJzEsZY9XMr65WP%2F6xWllKuP2EHv6w3EoqrFibANNTejjMkOLnNg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94eec000b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_index_home.css

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/includes/templates/lw_a45/css/stylesheet_index_home.css
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /includes/templates/lw_a45/css/stylesheet_index_home.css HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 06:50:35 GMT
vary: Accept-Encoding
etag: W/"62f9ecbb-dfd"
expires: Sat, 01 Oct 2022 02:42:13 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UoKwDVn2SY30GPVRE%2FBAUp0ONQ8M77CVkFOCSF87MyTrcZcNJUKcnbpJAQxzo4Dhwagqouksu%2BiOwdAh7MAOi7kj7ug7z1xRynqxHpIzr54Kh%2Fdgkp0%2BaT50BTzM6orLCXzRj6v9RTNk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc320b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzk4OTk4NzgxL2wvMTEyNjE0MzY2Mi5qcGc/MTYxMTM5NDc4MA==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzk4OTk4NzgxL2wvMTEyNjE0MzY2Mi5qcGc/MTYxMTM5NDc4MA==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvMzk4OTk4NzgxL2wvMTEyNjE0MzY2Mi5qcGc/MTYxMTM5NDc4MA== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W4%2BC9123CdUm8TcSkG3K33LoOgf5GFwnGVA%2BZanDX2yqGPdhGfddUMfShZEiU1Zo2XfqtpG1%2B0%2FIN2Ij%2BUdB1eSAqVaaLsvkgZjs59M63iUPfzaTaxiXtZWfEo5FVgh4PS6us5PtQcqn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc160b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTAzNzU1MTg3L2wvMTQ5NDYxMDIyNy5qcGc/MTY0NjAwMjY2Nw==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTAzNzU1MTg3L2wvMTQ5NDYxMDIyNy5qcGc/MTY0NjAwMjY2Nw==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTAzNzU1MTg3L2wvMTQ5NDYxMDIyNy5qcGc/MTY0NjAwMjY2Nw== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LajoXOwfB1gj%2BCa66j%2BiwctOx3YcYweuLDNsWnECHVMv9vXLt%2BdS%2FK9mg5aQLjUxsBQ21ecAKLPFsymzPna3NX8sZjdFZ2PiomyYNSjiSWOSfxPCOP%2BHPoYv%2FcqRD1kcPS0G04%2F7tvCm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94eec070b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTEzMzgzNDc5L2wvMTUzMzI0MzA0OC5qcGc/MTY0OTU3MTM4Nw==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTEzMzgzNDc5L2wvMTUzMzI0MzA0OC5qcGc/MTY0OTU3MTM4Nw==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTEzMzgzNDc5L2wvMTUzMzI0MzA0OC5qcGc/MTY0OTU3MTM4Nw== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lPBLUoSVzelEyMJkwu3r9aDLh17m5azjchcw%2FvqSsZLgNCEc2q3Dq%2FJIQD29iFRxu2bt5fTcRg0WQwznQbXlcl7rsSNzUxagcRQbEOF9Wkj4XqglAPY6TvzDfXUFADEiiWuVDE%2BgMi%2Bh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc1d0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDU1MTg5NzE0L2wvMTMxNDA2NjcxNS5qcGc/MTYyOTUzODkzOA==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDU1MTg5NzE0L2wvMTMxNDA2NjcxNS5qcGc/MTYyOTUzODkzOA==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDU1MTg5NzE0L2wvMTMxNDA2NjcxNS5qcGc/MTYyOTUzODkzOA== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=orA5uPJGkqvThfPSpFjE999X55IdjrpO9SsjNVzLoAl3nSQ%2F5iAfWszN0D6YpWeH7AaJDVyup54V4gD6%2Ft%2BqE3iKSiGCBRZ5UMlLjZuEIAHikGtgvh2435m7dGMZGjfLQj8YNJri5b03"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc1e0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDE5NDk5NDQyL2wvMTE4NDY4MTg5MC5qcGc/MTYxNzU4MzQ4Ng==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDE5NDk5NDQyL2wvMTE4NDY4MTg5MC5qcGc/MTYxNzU4MzQ4Ng==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDE5NDk5NDQyL2wvMTE4NDY4MTg5MC5qcGc/MTYxNzU4MzQ4Ng== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:13 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0vPJii6giPh7FANDKnqiJsx8M%2FBQNfJ5s17w4cH3wGVfPjErgIHOkEHhrEywczscqKYj7ES7zZjUkBUf9KhWtGmDISRqKJ6Fo8Xwyt4zQo6%2FxzQ%2BZz87oblLCbP42mUznSBPWj3M5eWN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc0e0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDQyNjg1Nzk2L2wvMTI2ODA3MzUxNC5qcGc/MTYzNjM2MTEwOA==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDQyNjg1Nzk2L2wvMTI2ODA3MzUxNC5qcGc/MTYzNjM2MTEwOA==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNDQyNjg1Nzk2L2wvMTI2ODA3MzUxNC5qcGc/MTYzNjM2MTEwOA== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Irq1gNJRvAcLrlvQXLf8DO50%2BVhxPeLSOX8vlRBy2Aejhio2%2FPDdhpmsIAMXLcEVOBfv7tsAZKWRy1J3jq%2FnAzmguK2n%2BBXcpNosvl%2BRJUiG01cbk2rhkHZaEI1cZq%2B3TP6Ko79TT7Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc0d0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:12 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 11:11:52 GMT
etag: W/"633188f8-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w5j46iI6CM6%2F3N8yCjTDu6HeBKSeZdetAJg14SWliRKfGFtdCDhSsMxGkH8oMNtEVQCFhLU43jUWIECSAoy62H23CxeFX2gePn3HQ5vqLqzdYqtGn3pg6iaQBM9XcQUytiFQ4Jgx6xgP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752db94eec020b3d-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 02 Oct 2022 14:42:12 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2

accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTQwMjQ2NDgyL2wvMTY0MTU2NjMxNy5qcGc/MTY1OTg3MDMxMw==

104.21.27.14

200 OK

0 B

URL HTTP/2
accept.obviouslyus.xyz/imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTQwMjQ2NDgyL2wvMTY0MTU2NjMxNy5qcGc/MTY1OTg3MDMxMw==
IP
104.21.27.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9pbWcuZnJpbC5qcC9pbWcvNTQwMjQ2NDgyL2wvMTY0MTU2NjMxNy5qcGc/MTY1OTg3MDMxMw== HTTP/1.1
Host: accept.obviouslyus.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://accept.obviouslyus.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Sep 2022 14:42:14 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3caw%2FksFdsV12Z%2BxQ5jGSdI1RaNLZzkw5AdnvTlNzEiP%2B1P4fStly6MANZMthO9ozmxVjTUdhHSs%2FAhkDMr9myShMt60Y92KjrQDBDNUIIO8btRQE2vGPu6zg06cwThy5ogHURsweYFe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752db94efc1b0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (58)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size