Report - userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip

Report Overview

Submitted URL
userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip
IP
172.67.207.105
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-29 08:06:58
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	51 kB	34.120.237.76
pogothere.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	107 kB	172.64.199.35
fleraprt.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	474 B	482 B	139.45.195.254
userscloud.com	236337	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	886 B	231 kB	172.67.207.105
waisheph.com	74994	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	728 B	25 kB	139.45.197.245
offerimage.com	304078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	406 B	12 kB	172.67.22.216
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
andamafraidt.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.8 kB	19 kB	54.230.111.39
esathyaspsu.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	1.7 kB	172.67.181.17
d1jwpd11ofhd5g.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	1.7 kB	143.204.42.138
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	430 B	2.9 kB	31.13.72.36
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	410 B	743 B	139.45.195.8
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	5.7 kB	216.58.207.237
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	3.8 kB	93.184.220.29
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	366 B	17 kB	216.58.211.10
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.70.239.215
static.cloudflareinsights.com	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	441 B	48 kB	104.18.47.230
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	978 B	2.2 kB	23.36.77.32
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	104.18.32.68
tovanillitechan.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	2.5 kB	139.45.197.239
goomaphy.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	3.5 kB	139.45.197.239
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	21 kB	142.250.74.174
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	7.1 kB	23.36.77.32
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	7.0 kB	142.250.74.3
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	344 B	20 kB	104.21.84.149
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	466 B	17 kB	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-29	medium	tovanillitechan.com	Sinkholed
2022-09-29	medium	fleraprt.com	Sinkholed
2022-09-29	medium	goomaphy.com	Sinkholed
2022-09-29	medium	goomaphy.com	Sinkholed
2022-09-29	medium	tovanillitechan.com	Sinkholed
2022-09-29	medium	goomaphy.com	Sinkholed
2022-09-29	medium	goomaphy.com	Sinkholed
2022-09-29	medium	tovanillitechan.com	Sinkholed

JavaScript (25)

	URL	Size	First Seen	Last Seen
	tovanillitechan.com/42/38?z=2892518	0 B	2023-03-07	2024-04-26
Pretty URL tovanillitechan.com/42/38?z=2892518 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 10:08:18 Times Seen37089313 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-01-06
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:05:31 Last Seen2024-01-06 17:39:53 Times Seen66 Hash 99ba52a15d2da967b023016d1af58cbd 5c2246049c43834d17113877b4731bd4f9803d55 9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f Loading...

	userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip	456 kB	2023-03-08	2023-03-08
Pretty URL userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip IP 172.67.207.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:24 Times Seen1 Hash e80016b4763cfb0ae1dc63932ece4657 f3105a62f4778fa94a90ba2bcf970ca5ace8d207 b21c3516c4e501649647eac8d3910c51dfcf77ab30b4a446cfb7dfe97adbce51 Loading...

	userscloud.com/bootstrap.js	36 kB	2023-03-07	2023-06-03
Pretty URL userscloud.com/bootstrap.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:49 Last Seen2023-06-03 18:30:09 Times Seen8 Hash 7692d94a55d6e480f1ec460ac7f25611 eec0f64168b11a020fdda1194c865970eadb043b 0a75980b19789a7a4273709bb9dea6de6c002d1cb08a017e02675a669862b6dc Loading...

	andamafraidt.xyz/Y0JDUmECICA/XgJ/IXQUES5+d1MlZ3EUBVIoNCIFUnMsNAkHdyR8Ag8tNjYHES0tJk8NJzd3UyUVITw3DBgEai8kJRoRNCEtIBYnDxgbOTcBFAUmKCs6MB4gMXcKHgsmFAkHMAcHK2orMgd3AycyMgoFJCoGByoSMxUWOS0kNTcIOQglFhYgOREUPiwABAITJzADFjYgMiEZFTMuIAEQBSwHEmc1JAMgNyMECxkRNCUmCBcjJBQGIgIxFwIxOQ97EgUYOQkbFzQmBhIXAycXcgU5GxgNCgsXGBQ+IwEIKCICMRAsATIPcnMHNykAGz4ZLRQvaismA24hMSIHNxotDxglClE1GxUEWAUXBSI0IBMgGiUyCwIUDSEjCj47OhVyOiIkLg0XRwkxLDwRXgQWKCpSNzUiBlY	2.9 kB	2023-03-08	2023-03-08
Pretty URL andamafraidt.xyz/Y0JDUmECICA/XgJ/IXQUES5+d1MlZ3EUBVIoNCIFUnMsNAkHdyR8Ag8tNjYHES0tJk8NJzd3UyUVITw3DBgEai8kJRoRNCEtIBYnDxgbOTcBFAUmKCs6MB4gMXcKHgsmFAkHMAcHK2orMgd3AycyMgoFJCoGByoSMxUWOS0kNTcIOQglFhYgOREUPiwABAITJzADFjYgMiEZFTMuIAEQBSwHEmc1JAMgNyMECxkRNCUmCBcjJBQGIgIxFwIxOQ97EgUYOQkbFzQmBhIXAycXcgU5GxgNCgsXGBQ+IwEIKCICMRAsATIPcnMHNykAGz4ZLRQvaismA24hMSIHNxotDxglClE1GxUEWAUXBSI0IBMgGiUyCwIUDSEjCj47OhVyOiIkLg0XRwkxLDwRXgQWKCpSNzUiBlY IP 54.230.111.39 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:23 Times Seen1 Hash 505d4499a2a3813a37a0df88525563ef 747e5dc8db8901f3a0d90f2c958bbea20b9216a0 2dddfd8186072d70450680492b35812fc40e4d1e562f647898f6b09a273b8183 Loading...

	andamafraidt.xyz/QUd3UmUgJRQ/WiB6FXQQMytKd1cHYkUUAXAtACIBcHYYNA0lchB8Bi0oAjYDMygZJksvIgN3VwcqLTg3EyUxEyMWPU8ZBzkNExwzBykhNR0pECAYJBkuPhY1KR49FDYqdzZiLCwBNgg0GC8EBD8UBTYZEikzIToseAMjZicCHxQYNSYSPQsgLj82Pj8yED8LNhMDQxoHEDM5AhIUfzFiKC0FHRgkEBM1ADUQKzgdJAB/NSojKwwaBCwDDyU3PARyOgsjcHYhCj9xHxoTLhkTTwguBAowCzcTKCIVES8QPwQzJSklNzwDFTQ2I3kVLyUvZHUxCi0tAzU/SAQLOQMzJxccPgwIBi06PRYFIBAyByMTBDQECQAHDAB2PndXAwE/BDAiKh8zAy0eJBgjBy9ROBYuKQdvIQQjEiQSORFBBC84cg	2.9 kB	2023-03-08	2023-03-08
Pretty URL andamafraidt.xyz/QUd3UmUgJRQ/WiB6FXQQMytKd1cHYkUUAXAtACIBcHYYNA0lchB8Bi0oAjYDMygZJksvIgN3VwcqLTg3EyUxEyMWPU8ZBzkNExwzBykhNR0pECAYJBkuPhY1KR49FDYqdzZiLCwBNgg0GC8EBD8UBTYZEikzIToseAMjZicCHxQYNSYSPQsgLj82Pj8yED8LNhMDQxoHEDM5AhIUfzFiKC0FHRgkEBM1ADUQKzgdJAB/NSojKwwaBCwDDyU3PARyOgsjcHYhCj9xHxoTLhkTTwguBAowCzcTKCIVES8QPwQzJSklNzwDFTQ2I3kVLyUvZHUxCi0tAzU/SAQLOQMzJxccPgwIBi06PRYFIBAyByMTBDQECQAHDAB2PndXAwE/BDAiKh8zAy0eJBgjBy9ROBYuKQdvIQQjEiQSORFBBC84cg IP 54.230.111.39 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:23 Times Seen1 Hash 442a493242af0a944e68e3524844d628 125d2dd433b11612c30bb2736289183822a9f850 19d695f12b4d95562a9a28df1c862d08223962c4ba2e642a56fa585ba66b67b6 Loading...

	waisheph.com/tag.min.js	72 kB	2023-03-08	2023-03-08
Pretty URL waisheph.com/tag.min.js IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:01:17 Last Seen2023-03-08 05:57:04 Times Seen1 Hash dc9e723d1489007495bf20a45af95542 acbd3c529751c658da922dd6d5d5075a6d205eca c2a40f0558c123ab94048f28d292bca4a82a93ccae5d0cc4f7126c475eef3efc Loading...

	d1jwpd11ofhd5g.cloudfront.net/WbnVoZG8NGgYCUBocDFlZXkVbVFtIHxsLAR5ILjEVJUQdEh8JQE4QFQpIWEIDDxsPWUkLGwtZXkgUDAZSWlMcFAAFSAUdAQcZGRMbBBdOEQ5TGAceBgIZCUFdKEBGVEpcRUAcXl9QWyZKXEUEDQEbDU1WXxZNXjtZWlBbJkpcRRoSSl00UVJBXlxNVl8JEA-sPAEtHLlZfX0VYVV9fUFpUCQcHDQIAFlBaIlZYW1hCGlNE	1.1 kB	2023-03-08	2023-03-08
Pretty URL d1jwpd11ofhd5g.cloudfront.net/WbnVoZG8NGgYCUBocDFlZXkVbVFtIHxsLAR5ILjEVJUQdEh8JQE4QFQpIWEIDDxsPWUkLGwtZXkgUDAZSWlMcFAAFSAUdAQcZGRMbBBdOEQ5TGAceBgIZCUFdKEBGVEpcRUAcXl9QWyZKXEUEDQEbDU1WXxZNXjtZWlBbJkpcRRoSSl00UVJBXlxNVl8JEA-sPAEtHLlZfX0VYVV9fUFpUCQcHDQIAFlBaIlZYW1hCGlNE IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:23 Times Seen1 Hash ade1341d34905eddcc29eb09b32e3197 a82c3aa9e855f7fa85a4f052d0f7f128f0684b4a ea187e647fab61312e61e1765bbbdc4301566ca9847bde256de91a0c4ebdfb7b Loading...

	userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip	63 kB	2023-03-08	2023-03-11
Pretty URL userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip IP 172.67.207.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-11 21:28:49 Times Seen1 Hash 397bd17e2cd1676757a8497f72d9d8f9 977916627bc639724a358eea60b6cb707b775d5c 0815a71de6fef534fd92ac785d31a992b26816a0af611a190518a9da8b1d2db9 Loading...

	userscloud.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-04-26
Pretty URL userscloud.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-26 08:02:34 Times Seen43116 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip	176 B	2023-03-07	2023-12-13
Pretty URL userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip IP 172.67.207.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:49 Last Seen2023-12-13 03:43:10 Times Seen20 Hash b15edaefda6a35986fe6ac91236991e8 ba92dc94c927758d41137d414a5bfdaf1340e23c bde47c349904f0573639857e3e1822c8848836650d18e136cf786a08d4e6eda0 Loading...

	userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip	446 B	2023-03-08	2023-03-11
Pretty URL userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip IP 172.67.207.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-11 21:28:49 Times Seen1 Hash 9d37f9143fd90e1df3afd2e2652c251e 4aa91ad50d8421a050e6ab31d626309c40f3dd5b cf17f9ab5989cd39bc8722b54b0836a8138969edc5444a7645f8cae92772b8f5 Loading...

	userscloud.com/assets/library/jquery/jquery.min.js?v=v2.0.0-rc8&sv=v0.0.1.2	93 kB	2023-03-07	2024-04-25
Pretty URL userscloud.com/assets/library/jquery/jquery.min.js?v=v2.0.0-rc8&sv=v0.0.1.2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:49 Last Seen2024-04-25 20:03:56 Times Seen1818 Hash bdce12c949e78d570c8d44e9c2b23508 9afdc4fec954646bd6270caf82f107fdef605bc5 c73b004ebf31b395cf237c3d2b13c1e576f385e04660ceb5f7be163ff3c201dc Loading...

	userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip	82 B	2023-03-07	2024-04-25
Pretty URL userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip IP 172.67.207.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:49 Last Seen2024-04-25 20:03:56 Times Seen41 Hash 9e775e8a1bb87b2856daa36a22341440 ebf714c77099aa49203093ad0d0343df9734ad71 365b750d4dae44d93e4da4d75c801f89714c91980a9e05b8afac0c998f3f063a Loading...

	www.googletagmanager.com/gtag/js?id=UA-70768172-1	109 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-70768172-1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:23 Times Seen1 Hash 6c1e11c0b03d02e30b607f5057cbfa71 46f0fdef96b1bea346bae597d004d4bc3f3a70c1 e9d6cbdbdbcad3585f45338df515adca41a71d9665938bfd983f3cd0e36e290a Loading...

	tzegilo.com/stattag.js	33 kB	2023-03-07	2023-03-17
Pretty URL tzegilo.com/stattag.js IP 104.21.84.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:13:21 Last Seen2023-03-17 12:47:57 Times Seen1 Hash df875929410d71d763e9fa10b830bb2a b0711a8d2bf6ad4ffa4640534588b423f2ef7fec 0be796b658c6cee0d55aa164994d0d83f9ec7aa7ecf1eb41c1ddf208bba9e3b1 Loading...

	andamafraidt.xyz/UGpZVHMxCDo5TDFXO3IGIgZkcUEWT2sSF2EALiQXYVs2Mhs0Xz56EDwFLDAVIgU3IF0+Dy1xQRYLDgA1Cjw1P0UIADojKTlbAAQkJAI4FRc3Mw4kVmIsDi0cZSQgPz4VAC5jPBUNbRAEOwAbECICKQ03NR4EGCA6YTwyDh1oWwwQECgwEW0mHhAPPxISCW0ZGSQBGwxLOSENDhIKLiozPWENaB4KZB4OLgcnJh0zPh4uMj4+FlpoGkAoGD1mC2QLASM3MTJtPBIRKGEOISRSGGYYZicdMDYZMhcmEgUGMQ0yChwbDAs8LWojNzE5CCIVESMANkFpWRgMXhIQOGYfBzodAQoeAgsmNhceKRU0PAc4ExgRDB4GAwBbPiY+KlJrBysoARFmMhgOaw5WYiwVFQs/TDMnHD4aZB8ZMgsgNSoAEGw5NAAEbTs	3.0 kB	2023-03-08	2023-03-08
Pretty URL andamafraidt.xyz/UGpZVHMxCDo5TDFXO3IGIgZkcUEWT2sSF2EALiQXYVs2Mhs0Xz56EDwFLDAVIgU3IF0+Dy1xQRYLDgA1Cjw1P0UIADojKTlbAAQkJAI4FRc3Mw4kVmIsDi0cZSQgPz4VAC5jPBUNbRAEOwAbECICKQ03NR4EGCA6YTwyDh1oWwwQECgwEW0mHhAPPxISCW0ZGSQBGwxLOSENDhIKLiozPWENaB4KZB4OLgcnJh0zPh4uMj4+FlpoGkAoGD1mC2QLASM3MTJtPBIRKGEOISRSGGYYZicdMDYZMhcmEgUGMQ0yChwbDAs8LWojNzE5CCIVESMANkFpWRgMXhIQOGYfBzodAQoeAgsmNhceKRU0PAc4ExgRDB4GAwBbPiY+KlJrBysoARFmMhgOaw5WYiwVFQs/TDMnHD4aZB8ZMgsgNSoAEGw5NAAEbTs IP 54.230.111.39 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:23 Times Seen1 Hash b3df1df4c74e4e60f3ef07595ef7c37d 3a4ea6891af8e9b1e22c258c4a69cc61936bf93f 0f8b693e57fbb72d4d461a59d9819e78d872520c9390b2c35d43ee3f8e948fe5 Loading...

	d1jwpd11ofhd5g.cloudfront.net/aWTFZVlk6XjcwZi1YPWthaAdgYWp/Wyo5NykMEjw7OEg4DwkjBDQRCTcFNnAtI1VkZn81UDcxZH9UNzVkaBc4MjtkBX8iKTZaZDsgN1g1Jy4tWztwLDgMNDkjMF01N3xrd2x4aXwDaX4haAB8ZRt8A2k6MDdEIXNraUlhYAZvBXxlG3wDaSQvfAIYb293AX-Bza2lWPDUyNhRrEGtpAGlmaGkAfGRpP1grMz82SXxkH2AHd2Z/LAxo	576 B	2023-03-08	2023-03-08
Pretty URL d1jwpd11ofhd5g.cloudfront.net/aWTFZVlk6XjcwZi1YPWthaAdgYWp/Wyo5NykMEjw7OEg4DwkjBDQRCTcFNnAtI1VkZn81UDcxZH9UNzVkaBc4MjtkBX8iKTZaZDsgN1g1Jy4tWztwLDgMNDkjMF01N3xrd2x4aXwDaX4haAB8ZRt8A2k6MDdEIXNraUlhYAZvBXxlG3wDaSQvfAIYb293AX-Bza2lWPDUyNhRrEGtpAGlmaGkAfGRpP1grMz82SXxkH2AHd2Z/LAxo IP 143.204.42.138 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:23 Times Seen1 Hash 9374dfdf539e6d2017763af8572bdcef 9f25060a3e013e383912a2a8630df78ae550914b a96a0b2d3bf75aef3580e3b0324b434894cb4c127b7ba3222566f0116ab381c5 Loading...

	d1jwpd11ofhd5g.cloudfront.net/mZjRRbFAFWz8KbxJdNVFnVgxhWWJAXiIDPhYJFSk0A0ImFAZQYhsVZUBAKwhtVhI9DT4BCXcJPgUJYEoxAlZsWHYSRD4HbQtNPwU8F0MlBjJAQTBRPQlOOAA8BxFjKmVIBHReYE5MYF11VXZ0XmAKXT8ZKEMGYRRoUGtnWHVVdnReYBRCdF8RXwJ/XHlDBm-ELNQVfPkliIAZhXWBWBWFddVQENwUiA1I+FHVUcmhaflYSJFFh	589 B	2023-03-08	2023-03-08
Pretty URL d1jwpd11ofhd5g.cloudfront.net/mZjRRbFAFWz8KbxJdNVFnVgxhWWJAXiIDPhYJFSk0A0ImFAZQYhsVZUBAKwhtVhI9DT4BCXcJPgUJYEoxAlZsWHYSRD4HbQtNPwU8F0MlBjJAQTBRPQlOOAA8BxFjKmVIBHReYE5MYF11VXZ0XmAKXT8ZKEMGYRRoUGtnWHVVdnReYBRCdF8RXwJ/XHlDBm-ELNQVfPkliIAZhXWBWBWFddVQENwUiA1I+FHVUcmhaflYSJFFh IP 143.204.42.138 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:23 Times Seen1 Hash 7951fec57e8f71935686d9a549015ed5 f061ff3740e3e869971acdfcce2ce77f49ced330 f2c2a34e7526b9ff47db8da4447b89f7bd1e3a06967971b9ed6c31895fbee3b0 Loading...

	tovanillitechan.com/1?z=2582807	8.7 kB	2023-03-08	2023-03-08
Pretty URL tovanillitechan.com/1?z=2582807 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:23 Times Seen1 Hash 59abb5e12586205786573b111a5ade0c 7bb43ed0b009f7e5f3e795215cd11bd8502056b6 ec677b68efce46f011eaa876fb19d1e2b2010c3d37f341655a4973901f2d8675 Loading...

	static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194	14 kB	2023-03-07	2024-04-26
Pretty URL static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 IP 104.18.47.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-26 05:43:44 Times Seen1638 Hash 19514b1be5ee33b45d32c1fcd4c67ec2 bdeab77b43cafcc638df9d7c26f1aa7f46bf1fd5 fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505 Loading...

	userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip	541 B	2023-03-07	2024-04-25
Pretty URL userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip IP 172.67.207.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:49 Last Seen2024-04-25 20:03:55 Times Seen30 Hash d18cd1132ea52f64d163bbbb09b2f1db 68f545891967bb12bc0b073ac634706a604b8b2c 76b8697da6e013d1dbfe20a152045f4a8cc34adb37751b13a35a800778a7a4c5 Loading...

	userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip	154 B	2023-03-07	2023-06-03
Pretty URL userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip IP 172.67.207.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:49 Last Seen2023-06-03 18:30:09 Times Seen6 Hash 8173fc1deace6c5ef38292a7122244cf c67b8ff86cbab35d3e007849de8cbd36654980e6 11826bf5bc3ee4f53d2b1ebef4afeec33a0f482c3225a9a4238d119fa9243848 Loading...

	goomaphy.com/401/4859604	80 kB	2023-03-08	2023-03-08
Pretty URL goomaphy.com/401/4859604 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:23:23 Last Seen2023-03-08 03:23:23 Times Seen1 Hash 01672bdcbc739a5b022226f47c8cb04a 88ab4ad47de7f3ecbe1bf4233acc481bd26f690f 940ec5f36b16b0ef0761792559ae67dfda0358749b783ef2ccb22d8590a87f6c Loading...

	tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b	408 kB	2023-03-07	2023-03-08
Pretty URL tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:17:47 Last Seen2023-03-08 05:35:44 Times Seen1 Hash 7ab89f78b6aefbb5652eabbe8b71c1c6 f558db93cba76989a8daa5498bcb9f5357e892e4 296c8334bfec54e3a1a0772e1efe387735181b85d04557ac3befd33e69ce6640 Loading...

HTTP Transactions (80)

URL IP Response Size

userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip

172.67.207.105

301 Moved Permanently

0 B

URL HTTP/1.1
userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip
IP
172.67.207.105:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 29 Sep 2022 08:06:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 29 Sep 2022 09:06:47 GMT
Location: https://userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lQz7Mi0EqCwSjJCUTiysdTrLznR0rHmc%2FcElt5jLtxQGCzeY24ZgJj4vWi7eToBTgrIEspiOinTpTZfDBZKT9rzWKzQxvm1mT58Gky0wcSR4FguPxqmowCHg5zt9sKSWjA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 752338b09c600af6-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 07:15:52 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: an9SJN6Pq56nfijjjHJFRr9GLrCZlfMchuevqLYJquk4tuNZH6iRmg==
Age: 3055

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6dd4587c98aef98ad0939030a6976a7f
92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e
a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15958
Expires: Thu, 29 Sep 2022 12:32:45 GMT
Date: Thu, 29 Sep 2022 08:06:47 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zDUnVxVZQA6gWLcXZb92npxEpXZbWagKZ8EB_eVfWEM1wLjVnfZ4-Q==
age: 9500
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
5e9b0c86817a4d5d89c920b7ed85057b
a248e3a32ab059434400ee945c7b8f4fedb83ffe
b140486f05a6e21ab6193259a40f65734ac7ecb7be043c26977cd5e77388f19c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:47 GMT
Server: ECS (amb/6B7A)
Content-Length: 279

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 07:29:33 GMT
Expires: Thu, 29 Sep 2022 07:40:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FIlBBJvizIzzrRRTIb7l7hvBo10SAAne9-ntOvnFUsKQs1YsbRUhPA==
Age: 2234

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3526d5ce1381ba26cbc553db057e1915
fe01c920696448e8bf12e6fff877bce8281d34a2
09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5875
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:47 GMT
Last-Modified: Thu, 29 Sep 2022 06:28:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.70.239.215

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.70.239.215:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8C870gANkGSgSKVsDTOdjg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kAN5ZQE9hod0/qZEDGMz9vkxa8Q=

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
5e9b0c86817a4d5d89c920b7ed85057b
a248e3a32ab059434400ee945c7b8f4fedb83ffe
b140486f05a6e21ab6193259a40f65734ac7ecb7be043c26977cd5e77388f19c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:48 GMT
Last-Modified: Thu, 29 Sep 2022 08:06:47 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
5fb614248794197f9b905b9acd612902
b5e0d092b74950353d30358d2622d78aeeb3997d
b86b06492883380617b0bd30a1339bf3ec8dcfcecbc2adffbf4e114022123d46

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3134
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:49 GMT
Last-Modified: Thu, 29 Sep 2022 07:14:35 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip

172.67.207.105

200 OK

230 kB

URL HTTP/2
userscloud.com/umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip
IP
172.67.207.105:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (64106)
Size
230 kB (229788 bytes)
Hash
c73056da22d98d5c36308fa0bb742b7c
b97c29e14af07ce12c1821058f67cfa63e6471ca
3827b5618cd02941dbd293d9db44358c458179fde889c557a1a0d1443e5551a6

HTTP Headers

GET /umfxcsvy9aw2/Howard%20the%20Duck%20001-012%20(1976-1977).zip HTTP/1.1
Host: userscloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Wed, 28 Sep 2022 08:06:48 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: BYPASS
set-cookie: lang=english; domain=.userscloud.com; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVssHwyCSEYynXefpJ%2FV0dGZGR%2B1DNxWi4GAEdkp1ELdwsd%2Fk2YRhIdZei12kkkK8RBdTeSGhGwU158IEd0q6w968ePup0te7ZwSf7WNbocZku0xdbqk%2F5TjPJ70nmEsJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338b37f440af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
75eebff373cf84ae810a9e326f9e3d03
a5b22b0eee98dda385cb4e90d119205bc5f3a25f
f2089c63c7c2b3024972aba8cbc12dfcffc79dfc1ef9f7be801c79e7737b0d71

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

104.18.47.230

200 OK

48 kB

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP
104.18.47.230:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
48 kB (47540 bytes)
Hash
1c2cc8f955619a04fde20687c9fe83bc
c5616d0a5ebfcfca77882185abbadf50d6d0c910
c5e1470601d4aeada5a123e02df1e8ea15fdcecd8f2783abe300bf4da62d102c

HTTP Headers

GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bd0d16b527-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fd469409720ae819039ee786fc14c04b
28408757f0a13a499e07e44141ba192aec9ec32d
3e9af4878804bf34e63d54de0cd2b6eb9e690880f619a69ee2705ec61b7eb5ec

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E9AF4878804BF34E63D54DE0CD2B6EB9E690880F619A69EE2705EC61B7EB5EC"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14347
Expires: Thu, 29 Sep 2022 12:05:56 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
75eebff373cf84ae810a9e326f9e3d03
a5b22b0eee98dda385cb4e90d119205bc5f3a25f
f2089c63c7c2b3024972aba8cbc12dfcffc79dfc1ef9f7be801c79e7737b0d71

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10014
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10014
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

andamafraidt.xyz/utx?cb=IVFWKNDhSCby&top=userscloud.com&tid=600304

54.230.111.39

204 No Content

9.7 kB

URL HTTP/2
andamafraidt.xyz/utx?cb=IVFWKNDhSCby&top=userscloud.com&tid=600304
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type
data
Size
9.7 kB (9713 bytes)
Hash
370a048378766a2a5e262c2214dd1aa8
1de92fb3d7fd6053157b75a48e6f04b052ddbae5
08382ec495ab55e64ddfaa4191682182ad59b86f406d974ff0bd12d33215091f

HTTP Headers

GET /utx?cb=IVFWKNDhSCby&top=userscloud.com&tid=600304 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:49 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ciwDFxL0WinYfEKiOhf7zDZdFW6n0sYNtWVx0Nxj0hzOsaK12Ifyqw==
X-Firefox-Spdy: h2

andamafraidt.xyz/Y0JDUmECICA/XgJ/IXQUES5+d1MlZ3EUBVIoNCIFUnMsNAkHdyR8Ag8tNjYHES0tJk8NJzd3UyUVITw3DBgEai8kJRoRNCEtIBYnDxgbOTcBFAUmKCs6MB4gMXcKHgsmFAkHMAcHK2orMgd3AycyMgoFJCoGByoSMxUWOS0kNTcIOQglFhYgOREUPiwABAITJzADFjYgMiEZFTMuIAEQBSwHEmc1JAMgNyMECxkRNCUmCBcjJBQGIgIxFwIxOQ97EgUYOQkbFzQmBhIXAycXcgU5GxgNCgsXGBQ+IwEIKCICMRAsATIPcnMHNykAGz4ZLRQvaismA24hMSIHNxotDxglClE1GxUEWAUXBSI0IBMgGiUyCwIUDSEjCj47OhVyOiIkLg0XRwkxLDwRXgQWKCpSNzUiBlY

54.230.111.39

200 OK

1.2 kB

URL HTTP/2
andamafraidt.xyz/Y0JDUmECICA/XgJ/IXQUES5+d1MlZ3EUBVIoNCIFUnMsNAkHdyR8Ag8tNjYHES0tJk8NJzd3UyUVITw3DBgEai8kJRoRNCEtIBYnDxgbOTcBFAUmKCs6MB4gMXcKHgsmFAkHMAcHK2orMgd3AycyMgoFJCoGByoSMxUWOS0kNTcIOQglFhYgOREUPiwABAITJzADFjYgMiEZFTMuIAEQBSwHEmc1JAMgNyMECxkRNCUmCBcjJBQGIgIxFwIxOQ97EgUYOQkbFzQmBhIXAycXcgU5GxgNCgsXGBQ+IwEIKCICMRAsATIPcnMHNykAGz4ZLRQvaismA24hMSIHNxotDxglClE1GxUEWAUXBSI0IBMgGiUyCwIUDSEjCj47OhVyOiIkLg0XRwkxLDwRXgQWKCpSNzUiBlY
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Size
1.2 kB (1168 bytes)
Hash
9242a79d42e00727443bbccffe9aa641
26d1986c23dbac8951a59933c072dfeeb3f7ca28
ce8166e51b781ecb5f823b47ebd4e6d4597374e0b81ca4f352c1b215ac3b19d6

HTTP Headers

GET /Y0JDUmECICA/XgJ/IXQUES5+d1MlZ3EUBVIoNCIFUnMsNAkHdyR8Ag8tNjYHES0tJk8NJzd3UyUVITw3DBgEai8kJRoRNCEtIBYnDxgbOTcBFAUmKCs6MB4gMXcKHgsmFAkHMAcHK2orMgd3AycyMgoFJCoGByoSMxUWOS0kNTcIOQglFhYgOREUPiwABAITJzADFjYgMiEZFTMuIAEQBSwHEmc1JAMgNyMECxkRNCUmCBcjJBQGIgIxFwIxOQ97EgUYOQkbFzQmBhIXAycXcgU5GxgNCgsXGBQ+IwEIKCICMRAsATIPcnMHNykAGz4ZLRQvaismA24hMSIHNxotDxglClE1GxUEWAUXBSI0IBMgGiUyCwIUDSEjCj47OhVyOiIkLg0XRwkxLDwRXgQWKCpSNzUiBlY HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1168
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MeVAXwY0nT33IAjcgWvWHVxWtSzpAAUWsVWkLuDryaNbIF9YqaIItA==
X-Firefox-Spdy: h2

esathyaspsu.xyz/Z29Bdm5IUCIFUzIqLkIgIykoFQkQLQMxLEJdAzcvVy0YLl43LhA7SBMGJUtYV19yRlpBHygSU1ZJMgIPExoyS19BBi8QAVpJN0tfSVx1WFxeQXFQG1peZwIeBgh8R0gXGzUaU1ZZd0JaVFd5RlhSWHY

172.67.181.17

204 No Content

0 B

URL HTTP/2
esathyaspsu.xyz/Z29Bdm5IUCIFUzIqLkIgIykoFQkQLQMxLEJdAzcvVy0YLl43LhA7SBMGJUtYV19yRlpBHygSU1ZJMgIPExoyS19BBi8QAVpJN0tfSVx1WFxeQXFQG1peZwIeBgh8R0gXGzUaU1ZZd0JaVFd5RlhSWHY
IP
172.67.181.17:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Z29Bdm5IUCIFUzIqLkIgIykoFQkQLQMxLEJdAzcvVy0YLl43LhA7SBMGJUtYV19yRlpBHygSU1ZJMgIPExoyS19BBi8QAVpJN0tfSVx1WFxeQXFQG1peZwIeBgh8R0gXGzUaU1ZZd0JaVFd5RlhSWHY HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b7Jv0sbFJ4rGmpW8wuB1Mhm3O1usbPkTabv4ATXLq7WEtNR3shnpxD8HJgDIx7t43HjGOSOL5EEn815vQUNNJCl%2BauEwGsWyB14HQH%2FH4%2FhfBJ3MUSQhsxlfBfcs9Yuh%2FiI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338be8ffdb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
84ada21ac1d7ada27090048bed7709d6
5a7af8364389fceb02130e30cfc9d1d1f430ca43
4ded0aae9e6b75b5c584663fcffa541371a632cd5a8088b29234f35b2776ad8c

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4DED0AAE9E6B75B5C584663FCFFA541371A632CD5A8088B29234F35B2776AD8C"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10014
Expires: Thu, 29 Sep 2022 10:53:43 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

andamafraidt.xyz/utx?cb=6HZf2A2Qivpi&top=userscloud.com&tid=708052

54.230.111.39

204 No Content

0 B

URL HTTP/2
andamafraidt.xyz/utx?cb=6HZf2A2Qivpi&top=userscloud.com&tid=708052
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=6HZf2A2Qivpi&top=userscloud.com&tid=708052 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:49 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kZQ2LPmyGdRDOfw3r4HGkxnfhIy4wUHiJmIPZjmhWPM6HqXqs3Xuzg==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1a90308f30edbff6584ae7bf93b58a08
c2bf8321e1b5809f2501af0b20ba3189cadd2c75
b9afde96e2623a1f2f75b435027e2e8d686ec7c07cac397755f4695b412e9f82

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9AFDE96E2623A1F2F75B435027E2E8D686EC7C07CAC397755F4695B412E9F82"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13924
Expires: Thu, 29 Sep 2022 11:58:53 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1a90308f30edbff6584ae7bf93b58a08
c2bf8321e1b5809f2501af0b20ba3189cadd2c75
b9afde96e2623a1f2f75b435027e2e8d686ec7c07cac397755f4695b412e9f82

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9AFDE96E2623A1F2F75B435027E2E8D686EC7C07CAC397755F4695B412E9F82"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13924
Expires: Thu, 29 Sep 2022 11:58:53 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

andamafraidt.xyz/QUd3UmUgJRQ/WiB6FXQQMytKd1cHYkUUAXAtACIBcHYYNA0lchB8Bi0oAjYDMygZJksvIgN3VwcqLTg3EyUxEyMWPU8ZBzkNExwzBykhNR0pECAYJBkuPhY1KR49FDYqdzZiLCwBNgg0GC8EBD8UBTYZEikzIToseAMjZicCHxQYNSYSPQsgLj82Pj8yED8LNhMDQxoHEDM5AhIUfzFiKC0FHRgkEBM1ADUQKzgdJAB/NSojKwwaBCwDDyU3PARyOgsjcHYhCj9xHxoTLhkTTwguBAowCzcTKCIVES8QPwQzJSklNzwDFTQ2I3kVLyUvZHUxCi0tAzU/SAQLOQMzJxccPgwIBi06PRYFIBAyByMTBDQECQAHDAB2PndXAwE/BDAiKh8zAy0eJBgjBy9ROBYuKQdvIQQjEiQSORFBBC84cg

54.230.111.39

200 OK

1.2 kB

URL HTTP/2
andamafraidt.xyz/QUd3UmUgJRQ/WiB6FXQQMytKd1cHYkUUAXAtACIBcHYYNA0lchB8Bi0oAjYDMygZJksvIgN3VwcqLTg3EyUxEyMWPU8ZBzkNExwzBykhNR0pECAYJBkuPhY1KR49FDYqdzZiLCwBNgg0GC8EBD8UBTYZEikzIToseAMjZicCHxQYNSYSPQsgLj82Pj8yED8LNhMDQxoHEDM5AhIUfzFiKC0FHRgkEBM1ADUQKzgdJAB/NSojKwwaBCwDDyU3PARyOgsjcHYhCj9xHxoTLhkTTwguBAowCzcTKCIVES8QPwQzJSklNzwDFTQ2I3kVLyUvZHUxCi0tAzU/SAQLOQMzJxccPgwIBi06PRYFIBAyByMTBDQECQAHDAB2PndXAwE/BDAiKh8zAy0eJBgjBy9ROBYuKQdvIQQjEiQSORFBBC84cg
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Size
1.2 kB (1176 bytes)
Hash
809a7e67ab9c56d5277de4759ca2b85e
f525a1c8753bcbea6ccfb0dca4415822c93a05d8
b3290d4ea054b555dd15ed546faf432ada4bbbfeaae8edc8e6da4d6f925e4435

HTTP Headers

GET /QUd3UmUgJRQ/WiB6FXQQMytKd1cHYkUUAXAtACIBcHYYNA0lchB8Bi0oAjYDMygZJksvIgN3VwcqLTg3EyUxEyMWPU8ZBzkNExwzBykhNR0pECAYJBkuPhY1KR49FDYqdzZiLCwBNgg0GC8EBD8UBTYZEikzIToseAMjZicCHxQYNSYSPQsgLj82Pj8yED8LNhMDQxoHEDM5AhIUfzFiKC0FHRgkEBM1ADUQKzgdJAB/NSojKwwaBCwDDyU3PARyOgsjcHYhCj9xHxoTLhkTTwguBAowCzcTKCIVES8QPwQzJSklNzwDFTQ2I3kVLyUvZHUxCi0tAzU/SAQLOQMzJxccPgwIBi06PRYFIBAyByMTBDQECQAHDAB2PndXAwE/BDAiKh8zAy0eJBgjBy9ROBYuKQdvIQQjEiQSORFBBC84cg HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pjePB1Vh4uEtqePvbefpqFz-IuyenGE593NW8Jwvdso3wJQCsvyS2Q==
X-Firefox-Spdy: h2

esathyaspsu.xyz/VVFBeVF6biIKbAAGFw81Ox8pLGAxExM+BwAHKisQD2APGgAAHGcNODFsdklpZWRzXyE8NXxLaHMiNRglICJ8SHc8PycWbHMnfEh/ZX93SX9ldzREYHMlMRg2aGBnCSUhPXxIZ2NldUppbWF3T2Bt

172.67.181.17

204 No Content

0 B

URL HTTP/2
esathyaspsu.xyz/VVFBeVF6biIKbAAGFw81Ox8pLGAxExM+BwAHKisQD2APGgAAHGcNODFsdklpZWRzXyE8NXxLaHMiNRglICJ8SHc8PycWbHMnfEh/ZX93SX9ldzREYHMlMRg2aGBnCSUhPXxIZ2NldUppbWF3T2Bt
IP
172.67.181.17:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /VVFBeVF6biIKbAAGFw81Ox8pLGAxExM+BwAHKisQD2APGgAAHGcNODFsdklpZWRzXyE8NXxLaHMiNRglICJ8SHc8PycWbHMnfEh/ZX93SX9ldzREYHMlMRg2aGBnCSUhPXxIZ2NldUppbWF3T2Bt HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0hj8JAxGMntCNqLoeDAZ6ReiqohIYeovXtSnDxmjDja1HvwfVLEY%2F9XOlf5SBaJ8eePX4jZyCxr%2FbaKPJgIE2Wb%2BO02lmOAOnHaIMGNjRmQSy8I1QWQjcGsMoLOcAaT%2BOBY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338beb82cb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

andamafraidt.xyz/UGpZVHMxCDo5TDFXO3IGIgZkcUEWT2sSF2EALiQXYVs2Mhs0Xz56EDwFLDAVIgU3IF0+Dy1xQRYLDgA1Cjw1P0UIADojKTlbAAQkJAI4FRc3Mw4kVmIsDi0cZSQgPz4VAC5jPBUNbRAEOwAbECICKQ03NR4EGCA6YTwyDh1oWwwQECgwEW0mHhAPPxISCW0ZGSQBGwxLOSENDhIKLiozPWENaB4KZB4OLgcnJh0zPh4uMj4+FlpoGkAoGD1mC2QLASM3MTJtPBIRKGEOISRSGGYYZicdMDYZMhcmEgUGMQ0yChwbDAs8LWojNzE5CCIVESMANkFpWRgMXhIQOGYfBzodAQoeAgsmNhceKRU0PAc4ExgRDB4GAwBbPiY+KlJrBysoARFmMhgOaw5WYiwVFQs/TDMnHD4aZB8ZMgsgNSoAEGw5NAAEbTs

54.230.111.39

200 OK

1.2 kB

URL HTTP/2
andamafraidt.xyz/UGpZVHMxCDo5TDFXO3IGIgZkcUEWT2sSF2EALiQXYVs2Mhs0Xz56EDwFLDAVIgU3IF0+Dy1xQRYLDgA1Cjw1P0UIADojKTlbAAQkJAI4FRc3Mw4kVmIsDi0cZSQgPz4VAC5jPBUNbRAEOwAbECICKQ03NR4EGCA6YTwyDh1oWwwQECgwEW0mHhAPPxISCW0ZGSQBGwxLOSENDhIKLiozPWENaB4KZB4OLgcnJh0zPh4uMj4+FlpoGkAoGD1mC2QLASM3MTJtPBIRKGEOISRSGGYYZicdMDYZMhcmEgUGMQ0yChwbDAs8LWojNzE5CCIVESMANkFpWRgMXhIQOGYfBzodAQoeAgsmNhceKRU0PAc4ExgRDB4GAwBbPiY+KlJrBysoARFmMhgOaw5WYiwVFQs/TDMnHD4aZB8ZMgsgNSoAEGw5NAAEbTs
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3027), with no line terminators
Size
1.2 kB (1181 bytes)
Hash
5c9ffa6c38bbb4c7837f3ac87ed82209
af2b56fb7a4c400828ac7cdfb4d113820440cd01
5e6e9caaa7490a35b68ccca484499011516875a29781f0b65926b68e8acd92bd

HTTP Headers

GET /UGpZVHMxCDo5TDFXO3IGIgZkcUEWT2sSF2EALiQXYVs2Mhs0Xz56EDwFLDAVIgU3IF0+Dy1xQRYLDgA1Cjw1P0UIADojKTlbAAQkJAI4FRc3Mw4kVmIsDi0cZSQgPz4VAC5jPBUNbRAEOwAbECICKQ03NR4EGCA6YTwyDh1oWwwQECgwEW0mHhAPPxISCW0ZGSQBGwxLOSENDhIKLiozPWENaB4KZB4OLgcnJh0zPh4uMj4+FlpoGkAoGD1mC2QLASM3MTJtPBIRKGEOISRSGGYYZicdMDYZMhcmEgUGMQ0yChwbDAs8LWojNzE5CCIVESMANkFpWRgMXhIQOGYfBzodAQoeAgsmNhceKRU0PAc4ExgRDB4GAwBbPiY+KlJrBysoARFmMhgOaw5WYiwVFQs/TDMnHD4aZB8ZMgsgNSoAEGw5NAAEbTs HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1181
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xjk3Z7HvcFlwiPhcAm75wBSci2-7DxZ4nzqSn_GMUMG_gSUE23Z1Rw==
X-Firefox-Spdy: h2

esathyaspsu.xyz/cGlXUkVfVjQheCVZIwUmJhklNyg+LzYVBwoLZxQ3KjEZPhcdWXEmLBRUb2NzSV5kdDUZDWpgfFYaIzMxBRpqY2MZBzE9eFYfamNrQEdhYmtATyJvdFYdJzMiTVhxIjEEBWpjc0ZdY2F9SFlhZHZG

172.67.181.17

204 No Content

0 B

URL HTTP/2
esathyaspsu.xyz/cGlXUkVfVjQheCVZIwUmJhklNyg+LzYVBwoLZxQ3KjEZPhcdWXEmLBRUb2NzSV5kdDUZDWpgfFYaIzMxBRpqY2MZBzE9eFYfamNrQEdhYmtATyJvdFYdJzMiTVhxIjEEBWpjc0ZdY2F9SFlhZHZG
IP
172.67.181.17:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cGlXUkVfVjQheCVZIwUmJhklNyg+LzYVBwoLZxQ3KjEZPhcdWXEmLBRUb2NzSV5kdDUZDWpgfFYaIzMxBRpqY2MZBzE9eFYfamNrQEdhYmtATyJvdFYdJzMiTVhxIjEEBWpjc0ZdY2F9SFlhZHZG HTTP/1.1
Host: esathyaspsu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Da1QNkHfgCCCMIotfcWjYZw5vZUSCK15GIVFrsEXzoU3iZ0Emkt4lMFiltygjCbcNj%2FFV%2BunkghlOCLV%2FKKj8eCcLbYLIJB5n9ZQK5R%2F3oC5GxwgaJT4glt68kusZ6t1ZnU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338bec84bb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

waisheph.com/tag.min.js

139.45.197.245

200 OK

23 kB

URL HTTP/2
waisheph.com/tag.min.js
IP
139.45.197.245:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (22987 bytes)
Hash
55bfb65a45375a59df27572861a64783
2838cf8e3623bfbccf2618dac1495f992dae2b6c
9c86b08b70bf998cacd69539dbd479bfe6cc5f973cd514cd8c3f29c21092b5c1

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 22987
content-encoding: br
x-trace-id: c252d2723f6842b11f7c4152e85edcaa
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 28 Sep 2022 07:56:13 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2835
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

andamafraidt.xyz/utx?cb=wS6ujBeG7KIZ&top=userscloud.com&tid=816973

54.230.111.39

204 No Content

0 B

URL HTTP/2
andamafraidt.xyz/utx?cb=wS6ujBeG7KIZ&top=userscloud.com&tid=816973
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=wS6ujBeG7KIZ&top=userscloud.com&tid=816973 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Thu, 29 Sep 2022 08:06:49 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 29 Sep 2022 08:07:49 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hhIUtmW5-FfKLg3-uWtpGsPzJLzEn-ZZDBZNeIJ78uEsOtIMTdGKUg==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2835
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2835
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

tzegilo.com/stattag.js

104.21.84.149

200 OK

20 kB

URL HTTP/2
tzegilo.com/stattag.js
IP
104.21.84.149:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Size
20 kB (19615 bytes)
Hash
e506495f752652700386d76f00e71901
81bb93e65c682c3022c1e116ac203bface2426fc
97ac6d705ae33fb2f6b7124bb670c43fcff9c1cfd54e505cd855a75d0265421a

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 968
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xsDVPfo3Hh7LF7XhaFrUPEn3endDz9w3Z%2B%2BexA1uiuRht%2F%2FXIEgKxS1ue7Zl6U8g9w5PxvRdDGEtoZc1tjNR%2B6LGBUuTQTrl4%2FDHER3GeJ9FtJz6lujGXbnFzVVaeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bf8a26b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10023 bytes)
Hash
f4505f57697072468da82e0b536d0d5b
e1067a2dfbc22e7eb196046d57bd1e17604dba75
b5e79054f165f38b99f93a8128284f82076523988aeb102b85dd8ff1a2870d00

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10023
x-amzn-requestid: 0cb6b9a1-0707-4094-b197-5a0add2df717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK4dHJLIAMFWmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be9c-2d8bbb17157900f126c5bb3c;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wZ2hBqHAdwimAVV3p-CJFrb9zQ-CTN5ar9CB-cu0mZoENYUFTKKPWQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 22:04:58 GMT
age: 36111
etag: "e1067a2dfbc22e7eb196046d57bd1e17604dba75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.3 kB (3332 bytes)
Hash
6ac86079d2901fb11bfaff81d91bb2d2
4fc0699c763f67a2602b4b3f46b8b4013d2049c6
8c25b9129fc01f6ffad911994e91436ab0026ed0b54568757a20ab7f92584467

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3332
x-amzn-requestid: fb6cb616-5b4d-4aaf-a891-50b4de8b6f95
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJ_6AGNYIAMFSHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333e03f-377fe02d1cc7ad2b3a15ca1a;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 05:48:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nJJZxZlapt4k5988yU-V94pBBH2SmfSZ0Zb_oJXA07mppg0lF04wLg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 17:18:10 GMT
age: 53319
etag: "4fc0699c763f67a2602b4b3f46b8b4013d2049c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14073 bytes)
Hash
11594ce7500d8776bfd5162b17f87d72
72603efba82d649ce5a7a0ca45dc830c0d9ef012
511f5aa33750cd4a02cf3968bf165ffa521e77cb4fb7135b516d7ad14e8b9d01

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14073
x-amzn-requestid: 4ff72590-e28d-4d4b-af1a-4d62e75e3d66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKnpEsJoAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be30-38b014a25551aa0a2ab04ccf;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dyDhatfeYzzSQpRY7JpOIu3VhjlI8IOWcKCLCBWYaxJ1CYgCxqdQjA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:49:42 GMT
age: 37027
etag: "72603efba82d649ce5a7a0ca45dc830c0d9ef012"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9654 bytes)
Hash
36ae9444071dd70dcf86802c370ffda9
44cc19b21912d07f82a88af5b2fa6d3e370459bf
99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9654
x-amzn-requestid: 7961f184-9476-43de-bf35-8ccb50ee1760
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYsHA6oAMFvRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-05f567f7606462ac44f89987;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XaB4TwXv4xy0Sy3dncNYZWEPEnHY5BkEHR7fZDK59APYkzH9DPdT7A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:40 GMT
age: 13569
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9002 bytes)
Hash
c80d7ce8a9d3fba54855e05731db759c
d76293673a7aa2861b069ced614cdcdb84fed6d3
eabd1bfef29cad4045d688a909b9a8c88818d80bb432ce642d055583cf66d77d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9002
x-amzn-requestid: 0623931b-a4d6-49de-ba32-d071c08eddbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKoiGKRIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be36-1573e2e91c85617424db019f;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:50 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mmSMfKcxGrh9meSHTynf1wRZLrzc4wejFbKSO6qaJ3hn8h4-QwAAcQ==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:50:26 GMT
age: 36983
etag: "d76293673a7aa2861b069ced614cdcdb84fed6d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2f5989d4743444fc557dab6bf17a3a62
342d1dccc65999045ef7d3ac1933d4393431cf78
dda1c7a6542a0b3c0c9dafe943fb8fbd85e508e57150175b89222a45b650cd89

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DDA1C7A6542A0B3C0C9DAFE943FB8FBD85E508E57150175B89222A45B650CD89"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4623
Expires: Thu, 29 Sep 2022 09:23:52 GMT
Date: Thu, 29 Sep 2022 08:06:49 GMT
Connection: keep-alive

d1jwpd11ofhd5g.cloudfront.net/aWTFZVlk6XjcwZi1YPWthaAdgYWp/Wyo5NykMEjw7OEg4DwkjBDQRCTcFNnAtI1VkZn81UDcxZH9UNzVkaBc4MjtkBX8iKTZaZDsgN1g1Jy4tWztwLDgMNDkjMF01N3xrd2x4aXwDaX4haAB8ZRt8A2k6MDdEIXNraUlhYAZvBXxlG3wDaSQvfAIYb293AX-Bza2lWPDUyNhRrEGtpAGlmaGkAfGRpP1grMz82SXxkH2AHd2Z/LAxo

143.204.42.138

200 OK

458 B

URL HTTP/2
d1jwpd11ofhd5g.cloudfront.net/aWTFZVlk6XjcwZi1YPWthaAdgYWp/Wyo5NykMEjw7OEg4DwkjBDQRCTcFNnAtI1VkZn81UDcxZH9UNzVkaBc4MjtkBX8iKTZaZDsgN1g1Jy4tWztwLDgMNDkjMF01N3xrd2x4aXwDaX4haAB8ZRt8A2k6MDdEIXNraUlhYAZvBXxlG3wDaSQvfAIYb293AX-Bza2lWPDUyNhRrEGtpAGlmaGkAfGRpP1grMz82SXxkH2AHd2Z/LAxo
IP
143.204.42.138:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (576), with no line terminators
Size
458 B (458 bytes)
Hash
7c2713c2ef08b4ed7f76b7501c81146d
cddf018400f3aaa95c6b38e3b1ac9003fd7b08a3
a8b19fccdd2e7a6e835ab18768f991d6b8f540f9d6f7b14d4bf82e3fbe409bfa

HTTP Headers

GET /aWTFZVlk6XjcwZi1YPWthaAdgYWp/Wyo5NykMEjw7OEg4DwkjBDQRCTcFNnAtI1VkZn81UDcxZH9UNzVkaBc4MjtkBX8iKTZaZDsgN1g1Jy4tWztwLDgMNDkjMF01N3xrd2x4aXwDaX4haAB8ZRt8A2k6MDdEIXNraUlhYAZvBXxlG3wDaSQvfAIYb293AX-Bza2lWPDUyNhRrEGtpAGlmaGkAfGRpP1grMz82SXxkH2AHd2Z/LAxo HTTP/1.1
Host: d1jwpd11ofhd5g.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 438
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RO1gx4FGWbaNSJCSNs7bMArj-gBTpy6XqwfyZcjK520s2iv5jQaR3g==
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.199.35

200 OK

103 kB

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.199.35:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
103 kB (103166 bytes)
Hash
3c32cd478bd525ce21049658288b6ba2
1f119937ecfea63ec65bdaf42597de6228e69c95
90664a9ed648aa6da40a2b3bd855a308cbb8e20579c9a21ca053dc0e75dda4b6

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3379
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OT%2BhN2taBe1yQrkJlSjoY7qDEt9fOl3M7lVgpc765U8EHLah9EkR7%2BVHZkXEgqQOnNe55RpH4g%2B31afMI404CD0knnJKm%2B9ZtCc8xN2Ki4abp%2BlOus61Y1BRVsEHTyWm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bedb917705-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

d1jwpd11ofhd5g.cloudfront.net/mZjRRbFAFWz8KbxJdNVFnVgxhWWJAXiIDPhYJFSk0A0ImFAZQYhsVZUBAKwhtVhI9DT4BCXcJPgUJYEoxAlZsWHYSRD4HbQtNPwU8F0MlBjJAQTBRPQlOOAA8BxFjKmVIBHReYE5MYF11VXZ0XmAKXT8ZKEMGYRRoUGtnWHVVdnReYBRCdF8RXwJ/XHlDBm-ELNQVfPkliIAZhXWBWBWFddVQENwUiA1I+FHVUcmhaflYSJFFh

143.204.42.138

200 OK

446 B

URL HTTP/2
d1jwpd11ofhd5g.cloudfront.net/mZjRRbFAFWz8KbxJdNVFnVgxhWWJAXiIDPhYJFSk0A0ImFAZQYhsVZUBAKwhtVhI9DT4BCXcJPgUJYEoxAlZsWHYSRD4HbQtNPwU8F0MlBjJAQTBRPQlOOAA8BxFjKmVIBHReYE5MYF11VXZ0XmAKXT8ZKEMGYRRoUGtnWHVVdnReYBRCdF8RXwJ/XHlDBm-ELNQVfPkliIAZhXWBWBWFddVQENwUiA1I+FHVUcmhaflYSJFFh
IP
143.204.42.138:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (589), with no line terminators
Size
446 B (446 bytes)
Hash
ced9c0e7670e9891489093d2cd4ec48a
57a04a00465ee546599d6dcadbf01871afc91d0c
ab246e220a2d7e186e3297c87d237d63f001b33fdd11e23526c49e357bac35e1

HTTP Headers

GET /mZjRRbFAFWz8KbxJdNVFnVgxhWWJAXiIDPhYJFSk0A0ImFAZQYhsVZUBAKwhtVhI9DT4BCXcJPgUJYEoxAlZsWHYSRD4HbQtNPwU8F0MlBjJAQTBRPQlOOAA8BxFjKmVIBHReYE5MYF11VXZ0XmAKXT8ZKEMGYRRoUGtnWHVVdnReYBRCdF8RXwJ/XHlDBm-ELNQVfPkliIAZhXWBWBWFddVQENwUiA1I+FHVUcmhaflYSJFFh HTTP/1.1
Host: d1jwpd11ofhd5g.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://andamafraidt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 446
date: Thu, 29 Sep 2022 08:06:49 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8hS-xm0MabkA2UBpTwSbOOsBTpY4p0ZO5CZUE4H595i6RJPiFn9MAg==
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:06:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=338908,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 752338c0daceb51d-OSL

my.rtmark.net/gid.js?userId=0da5edeb978a4f09b303b3df40a11ea1

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=0da5edeb978a4f09b303b3df40a11ea1
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
d6c541c8866a93186f041a8c29e8247c
61e3543262c564c7e62fd610c122965973614021
13d04d8e0c6d1dea75b0e43faac13cff10ae2042aae106f06faea07a5c456d43

HTTP Headers

GET /gid.js?userId=0da5edeb978a4f09b303b3df40a11ea1 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0da5edeb978a4f09b303b3df40a11ea1; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
008bb0f15929580c49beb48408615d01
a28e34ab71eea646efaf0a505a3bd07671bd6012
f612ef9519f2b8baad9918a77a873fb28c691518df1504fb32a47af79b8f7e18

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:06:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 00:52:20 GMT
Expires: Mon, 03 Oct 2022 00:52:19 GMT
Etag: "a28e34ab71eea646efaf0a505a3bd07671bd6012"
Cache-Control: max-age=318929,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 752338c0dbb9b515-OSL

tovanillitechan.com/42/38?z=2892518

139.45.197.239

200 OK

0 B

URL HTTP/2
tovanillitechan.com/42/38?z=2892518
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /42/38?z=2892518 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=b4ebca288d5049d1b0ad0853237822eb; oaidts=1664438809
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: fc7757ed8b7847d4b7d06aaa6e8139f5
access-control-expose-headers: X-Sc
set-cookie: OAID=b4ebca288d5049d1b0ad0853237822eb; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
oaidts=1664438809; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://userscloud.com
Content-Length: 1784
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 29 Sep 2022 08:07:09 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://userscloud.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

goomaphy.com/500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.239

200 OK

0 B

URL HTTP/2
goomaphy.com/500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg

172.67.22.216

200 OK

11 kB

URL HTTP/2
offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
IP
172.67.22.216:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (11449 bytes)
Hash
96d73cf80f752e9319997c6e575c3b82
3dcf9d3b3e94698a842b1a98de17a02a8c3b4457
44dc0e0d92f12e669842f12722ca1a1848fb4be50deabd86c7d9deb64946db86

HTTP Headers

GET /www/images/96d73cf80f752e9319997c6e575c3b82.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:50 GMT
content-type: image/jpeg
content-length: 11449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "627e5574-2cb9"
expires: Thu, 29 Sep 2022 11:32:37 GMT
last-modified: Fri, 13 May 2022 12:56:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 74053
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338c308a4b4f3-OSL
X-Firefox-Spdy: h2

139.45.197.239

200 OK

1.0 kB

URL HTTP/2
goomaphy.com/500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (1258), with no line terminators
Size
1.0 kB (1021 bytes)
Hash
3d5168441dcc2b0571e9bf4a5c7f401e
5d6a2f2f60fab6b08f2aaad426d8b6d3295c1aa2
6a78e6696ed7833417e6c173d338061bce3bde718d022dec20b5b3a86275c22b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/4859604?excludes=&oaid=0da5edeb978a4f09b303b3df40a11ea1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=b28ac85450484965a1b2ef1a4745bef2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/javascript
x-trace-id: 07d2f52837fbf753294137984a8b314f
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://userscloud.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=0da5edeb978a4f09b303b3df40a11ea1; expires=Fri, 29 Sep 2023 08:06:49 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=0da5edeb978a4f09b303b3df40a11ea1

139.45.197.239

200 OK

7 B

URL HTTP/2
tovanillitechan.com/9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=0da5edeb978a4f09b303b3df40a11ea1
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=2892518&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=0da5edeb978a4f09b303b3df40a11ea1 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 191
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: scm=1; OAID=b4ebca288d5049d1b0ad0853237822eb; oaidts=1664438809
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:50 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2afe93281b0105eeec2b4ce9baa32d0b
access-control-expose-headers: X-Sc
set-cookie: OAID=0da5edeb978a4f09b303b3df40a11ea1; expires=Fri, 29 Sep 2023 08:06:50 GMT; secure; SameSite=None
oaidts=1664438809; expires=Fri, 29 Sep 2023 08:06:50 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

andamafraidt.xyz/multi?cs=ZWh2Q3hVXk50T1FZT3FLU15FdEg&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1233689347733832&agec=1664438809&fs=1&mbkb=512.8205128205128&ref=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_YMpk=1664438807168&crc=1

54.230.111.39

200 OK

1.5 kB

URL HTTP/2
andamafraidt.xyz/multi?cs=ZWh2Q3hVXk50T1FZT3FLU15FdEg&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1233689347733832&agec=1664438809&fs=1&mbkb=512.8205128205128&ref=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_YMpk=1664438807168&crc=1
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3183), with no line terminators
Size
1.5 kB (1495 bytes)
Hash
705f7326941448eecb7f9bb9b320faaf
551d4632f4071595e9e40d60d599550cd246b8fd
49bb30c70fb0785b796cff8c17e000580f3f9ec749a6efd03544b7c6aa2ebe05

HTTP Headers

GET /multi?cs=ZWh2Q3hVXk50T1FZT3FLU15FdEg&abt=0&red=1&sm=76&k=userscloud%20free%20cloud%20storage%20unlimited&v=1.0.60.0&sts=0&prn=0&emb=0&tid=708052&rxy=1280_1024&u=1233689347733832&agec=1664438809&fs=1&mbkb=512.8205128205128&ref=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_YMpk=1664438807168&crc=1 HTTP/1.1
Host: andamafraidt.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 1495
date: Thu, 29 Sep 2022 08:06:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://userscloud.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=57bf900e-71a7-4446-bc79-16c78a30ca0d
csu=1233689347733832
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZotcXT0CdpDN5odLfgY_l4Pd9w2fpM6dASpmQsTzMCnyMvexmSox0w==
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
366fbb58b56c6469840359066ae0ef4b
519ec2d019a3df15e1555ee7e9f784207f3ee604
4c03f3b3b06d0359ff6c3e72e91c39cb8f6e6406ed7b8ba9e09708da8e2d38f4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3190
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Last-Modified: Thu, 29 Sep 2022 07:13:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c3da91f34812391491a0b02df83a7670
c1bb27bae663584e2b1af0632e291cb1b16475ec
604e15400aa4b851d27581040b17fc890d74bc9f7b6533c699dc682266fdc939

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (19826 bytes)
Hash
cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 29 Sep 2022 06:41:09 GMT
expires: Thu, 29 Sep 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 5141
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c3da91f34812391491a0b02df83a7670
c1bb27bae663584e2b1af0632e291cb1b16475ec
604e15400aa4b851d27581040b17fc890d74bc9f7b6533c699dc682266fdc939

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/j/collect?v=1&_v=j97&a=2098521973&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=864507650&gjid=1958930111&cid=1539716867.1664438808&tid=UA-70768172-1&_gid=1367059933.1664438808&_r=1&gtm=2ou9q0&z=1668110875

142.250.74.174

200 OK

1 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j97&a=2098521973&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=864507650&gjid=1958930111&cid=1539716867.1664438808&tid=UA-70768172-1&_gid=1367059933.1664438808&_r=1&gtm=2ou9q0&z=1668110875
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?v=1&_v=j97&a=2098521973&t=pageview&_s=1&dl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&ul=en-us&de=UTF-8&dt=Userscloud&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=864507650&gjid=1958930111&cid=1539716867.1664438808&tid=UA-70768172-1&_gid=1367059933.1664438808&_r=1&gtm=2ou9q0&z=1668110875 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://userscloud.com
date: Thu, 29 Sep 2022 08:06:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

216.58.207.237

302 Found

398 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Size
398 B (398 bytes)
Hash
785d39ff61f01b674e557ff59d90e627
7e0e348027965bea4cd7e2e252b43b1f247bddbd
eb8d62f274de947a55650f13d1429fb5fd59a452dce3011b539db3a3b24a16b0

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:50 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1862679599%3A1664438810322600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqOFZblBmxEs8IMpSc91m21-vkEcoZn47DmX-8V2tkw_9nVl5_ldyqgvD8FrF2A_DeVfcVLNA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-nhKb5AoGLefgg5Y2_keCig' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:_JE1tOs25IXPqDbUPvhE-7x_2ablRw:Ju7Ev3762ln754PG;Path=/;Expires=Sat, 28-Sep-2024 08:06:50 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7f6c1bbbde940ad17ceda150b7b1664d
7273da22f182d9540784068537cc678ec27800d3
4d8a6cd94e298a71543331248750230237a56a67cef251c7a204291612dbb569

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

216.58.207.237

302 Found

391 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Size
391 B (391 bytes)
Hash
4b2f001528ab7c04d0cdf33496782138
cb81822f2f923dc6f6096d41cdae7b4d091f3df7
686b000a54791aa4806e4fcb4d0b245b85286fa2697cdbff864e51afd5d90c04

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:50 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1259090705%3A1664438810376052&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoJxEo6zb1xYCP5it057DPeaGGoWr-3JUAMGJivz8kcemiHwpGxkJPwj0foVe70LZLfhz5CmQ
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Zy2u32vz95V4kfUtGWUenA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:oWo55EDFwjzk5zoc_a32Q6mYkX6MjQ:Imi0zHsy1Cn95jqx;Path=/;Expires=Sat, 28-Sep-2024 08:06:50 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
366fbb58b56c6469840359066ae0ef4b
519ec2d019a3df15e1555ee7e9f784207f3ee604
4c03f3b3b06d0359ff6c3e72e91c39cb8f6e6406ed7b8ba9e09708da8e2d38f4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3190
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:50 GMT
Last-Modified: Thu, 29 Sep 2022 07:13:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

goomaphy.com/impression/6BtAXb_aMxdQ-s4OsdxHK8qIs-KFMv88m1cAqxyHdh9ou14SpO6YqtiYg3tj0aIDz0F2LMTUa2cYIEv4bz72xEq31i6NJvJfou8iJvBnVOVJ2_YFq6yiKNJBvyPODSKga3ELqovJuUm-hjLhbaclTxTzip3qzm6UScvlgEDa5ug88GQeFNmlJA8oALZ5psOpo7jRRlIq1GrKoYlOpuZS2hdHBKOy4vZcaElo8pRy7aS8M1KPqGMzfnzEVIZ1NwiZvIKqXdGD8mt-oJGuyIzDNuIJygjDVJpMmRtNle1kYKPc1-W3cAc0rjkrAqwopaxp--lVP1UHQCYcuKaiZNoqfsh22oVCW69ETtPbOg2-L7UaJT0cErGdlBPXmKyyp7KwulCkrcXMfrlL2crVmAefZlBBqvFnl2m9pcRO2l2qSnvSAaPhRXnGP1jjbqUAlmkHRlAhi4lPbjPiqoPglYFzkDfHze0Oqtf8IM_6eBYvb9rrL7iIKS6NbetPcvDBu_yNIIAkvizluzyYKA3Za-PL4ZZdNbqDo6hpBKHZHkhta_PziDLhD_gyBj7ltDDYg8Wo_bFovvn8CYGyHU2AfVMs-x9hsFHi-wFM?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.239

200 OK

43 B

URL HTTP/2
goomaphy.com/impression/6BtAXb_aMxdQ-s4OsdxHK8qIs-KFMv88m1cAqxyHdh9ou14SpO6YqtiYg3tj0aIDz0F2LMTUa2cYIEv4bz72xEq31i6NJvJfou8iJvBnVOVJ2_YFq6yiKNJBvyPODSKga3ELqovJuUm-hjLhbaclTxTzip3qzm6UScvlgEDa5ug88GQeFNmlJA8oALZ5psOpo7jRRlIq1GrKoYlOpuZS2hdHBKOy4vZcaElo8pRy7aS8M1KPqGMzfnzEVIZ1NwiZvIKqXdGD8mt-oJGuyIzDNuIJygjDVJpMmRtNle1kYKPc1-W3cAc0rjkrAqwopaxp--lVP1UHQCYcuKaiZNoqfsh22oVCW69ETtPbOg2-L7UaJT0cErGdlBPXmKyyp7KwulCkrcXMfrlL2crVmAefZlBBqvFnl2m9pcRO2l2qSnvSAaPhRXnGP1jjbqUAlmkHRlAhi4lPbjPiqoPglYFzkDfHze0Oqtf8IM_6eBYvb9rrL7iIKS6NbetPcvDBu_yNIIAkvizluzyYKA3Za-PL4ZZdNbqDo6hpBKHZHkhta_PziDLhD_gyBj7ltDDYg8Wo_bFovvn8CYGyHU2AfVMs-x9hsFHi-wFM?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impression/6BtAXb_aMxdQ-s4OsdxHK8qIs-KFMv88m1cAqxyHdh9ou14SpO6YqtiYg3tj0aIDz0F2LMTUa2cYIEv4bz72xEq31i6NJvJfou8iJvBnVOVJ2_YFq6yiKNJBvyPODSKga3ELqovJuUm-hjLhbaclTxTzip3qzm6UScvlgEDa5ug88GQeFNmlJA8oALZ5psOpo7jRRlIq1GrKoYlOpuZS2hdHBKOy4vZcaElo8pRy7aS8M1KPqGMzfnzEVIZ1NwiZvIKqXdGD8mt-oJGuyIzDNuIJygjDVJpMmRtNle1kYKPc1-W3cAc0rjkrAqwopaxp--lVP1UHQCYcuKaiZNoqfsh22oVCW69ETtPbOg2-L7UaJT0cErGdlBPXmKyyp7KwulCkrcXMfrlL2crVmAefZlBBqvFnl2m9pcRO2l2qSnvSAaPhRXnGP1jjbqUAlmkHRlAhi4lPbjPiqoPglYFzkDfHze0Oqtf8IM_6eBYvb9rrL7iIKS6NbetPcvDBu_yNIIAkvizluzyYKA3Za-PL4ZZdNbqDo6hpBKHZHkhta_PziDLhD_gyBj7ltDDYg8Wo_bFovvn8CYGyHU2AfVMs-x9hsFHi-wFM?_z=4859604&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fuserscloud.com%2Fumfxcsvy9aw2%2FHoward%2520the%2520Duck%2520001-012%2520(1976-1977).zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Cookie: OAID=0da5edeb978a4f09b303b3df40a11ea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:54 GMT
content-type: image/gif
content-length: 43
x-trace-id: 16ce0b57249aa641b7c279f89bd345f8
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3e9d3eab1fba386c4fdf3af9a757cfa9
b50127a1072c95ed71110b07dd58eab72747e6f8
869e09d135cff97a1073e32fa1808d0068195421369d138ad6bba86cfef18091

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3e9d3eab1fba386c4fdf3af9a757cfa9
b50127a1072c95ed71110b07dd58eab72747e6f8
869e09d135cff97a1073e32fa1808d0068195421369d138ad6bba86cfef18091

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

216.58.211.10

200 OK

17 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
216.58.211.10:0
ASN
#15169 GOOGLE

File type
data
Size
17 kB (16620 bytes)
Hash
49dcb3f23a58f998f11d8c2ca1b90a68
0aee92fad52d2f03484a134901a90260af43e913
92223ea8fd1122967d4b3adaec6c401be4ab899e973ed13fb3fb90520cdefcfa

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 08:06:54 GMT
date: Thu, 29 Sep 2022 08:06:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 45166
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:06:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pogothere.xyz/

172.64.199.35

200 OK

0 B

URL HTTP/2
pogothere.xyz/
IP
172.64.199.35:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/plain
set-cookie: csu=57201089513118@1@1664438809; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1cK85jZsSe4qxESwM%2FOHXGpYp7HmaYNxAsB4iCZz8SLd5KH020H%2Bc%2BXBsFwYTwzpdYNFlHBpCoJKmUzkY6CPEwoQcI%2FAz%2Fo1Xo9H9AoVVxPXcb%2FovclWkp1g00afPu5g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338becb8d7705-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

waisheph.com/5/535061/?oo=1&aab=1

139.45.197.245

200 OK

0 B

URL HTTP/2
waisheph.com/5/535061/?oo=1&aab=1
IP
139.45.197.245:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /5/535061/?oo=1&aab=1 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userscloud.com
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/json
x-trace-id: fd131dd79cbbf1160619943eb6ae0e04
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0da5edeb978a4f09b303b3df40a11ea1; expires=Fri, 29 Sep 2023 08:06:49 GMT; path=/; secure; SameSite=None
oaidts=1664438809; expires=Fri, 29 Sep 2023 08:06:49 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

pogothere.xyz/

172.64.199.35

200 OK

0 B

URL HTTP/2
pogothere.xyz/
IP
172.64.199.35:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/plain
set-cookie: csu=1224850462523581@1@1664438809; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aSGReU1YApNUSVNVNYBHRZS7LLAlhb1xFB8MwG0AxmnGngegC7dRqIhWh%2F9L3SX38uYCqTiWiBdbOKmaNgS4GKTGsnd8BpADmN3V%2BdU5d8cR1mVdFtLkoHGdrBDg8coN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 752338bf7c9c7705-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?dsh=S1862679599%3A1664438810322600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqOFZblBmxEs8IMpSc91m21-vkEcoZn47DmX-8V2tkw_9nVl5_ldyqgvD8FrF2A_DeVfcVLNA

216.58.207.237

403 Forbidden

0 B

URL HTTP/2
accounts.google.com/v3/signin/identifier?dsh=S1862679599%3A1664438810322600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqOFZblBmxEs8IMpSc91m21-vkEcoZn47DmX-8V2tkw_9nVl5_ldyqgvD8FrF2A_DeVfcVLNA
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /v3/signin/identifier?dsh=S1862679599%3A1664438810322600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqOFZblBmxEs8IMpSc91m21-vkEcoZn47DmX-8V2tkw_9nVl5_ldyqgvD8FrF2A_DeVfcVLNA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Sep 2022 08:06:50 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-e1PMsxRoygAIXBowz27TBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=awCBUgkWP6EnFVrW4jsKJDKT11EoGSeOwVNiak86pFuimslKiIc-nfuAAQ_lOAJLzd-0sw4bqffbpb20IxeN45ou0xtDWIonmJrMfW6U9DPssq1AciKq_cUgtAVDtOgRgO4L7HNFMe58QuTJHfvWg4WeZNoz0pqroSIH4eGAezs; expires=Fri, 31-Mar-2023 08:06:50 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

goomaphy.com/401/4859604

139.45.197.239

200 OK

0 B

URL HTTP/2
goomaphy.com/401/4859604
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /401/4859604 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: application/javascript
x-trace-id: 22ccb1b8a1a0e81dec8bc021f9f67419
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=b28ac85450484965a1b2ef1a4745bef2; expires=Fri, 29 Sep 2023 08:06:49 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.199.35

200 OK

0 B

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.199.35:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3379
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1gK%2Ba3cZ6OOZWTw1G3ifd06wnHp2AGKWwrly1R%2BEbGd8061pAfpDPVCi9EaaYMu3tcRl%2BH0vWnZC1afXplU1NbCZ4ckmM6vyb5vlpf4S6oM%2B8vD4rPclh2wxQv%2FsKkRw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bedb927705-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.199.35

200 OK

0 B

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.199.35:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://userscloud.com/
Origin: https://userscloud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://userscloud.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3379
last-modified: Thu, 29 Sep 2022 07:10:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A7ttuY3k67lonS4lxZOa32nPXNdI7PoaYgUr%2FnOULrT3kYykcwLn3idFwXr2d353fRdW30K5Mm5%2FYFwznXeFmwyrlGeo8h76qkd3cRnltYHbgYtQtzyrGrPVlCKlAArq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 752338bedb947705-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

tovanillitechan.com/1?z=2582807

139.45.197.239

200 OK

0 B

URL HTTP/2
tovanillitechan.com/1?z=2582807
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=2582807 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:06:49 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: edee8b1f7c9ce2ace9e2b0545ba967b0
access-control-expose-headers: X-Sc
x-sc: QooVdthbzBxl9QkLIzoJsTMZFlbHT9uXb4199cigQ4XJyDiN4_bWy-ONf3uBnmIHKIVgjrLMt2sMCqC7w-j9Awie0xY=
set-cookie: scm=1; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
OAID=b4ebca288d5049d1b0ad0853237822eb; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
oaidts=1664438809; expires=Fri, 29 Sep 2023 08:06:49 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userscloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: nV4pUfFUgg7Es5sR/OlzZVXnuwO/9mL0npn1SoORE2err6tFUoYb1pe89LFfAa/qI5C7n1QudGgMzdypkJBVYQ==
date: Thu, 29 Sep 2022 08:06:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations