lurkmore.wtf/Winlogon.exe
65.109.86.69301 Moved Permanently 162 B URL HTTP/1.1 lurkmore.wtf/Winlogon.exe
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
NIDS Severity Alert suricata medium ET HUNTING Suspicious winlogin.exe in URI
GET /Winlogon.exe HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 31 Jan 2023 12:37:50 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://lurkmore.wtf/Winlogon.exe
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11164
Expires: Tue, 31 Jan 2023 15:43:55 GMT
Date: Tue, 31 Jan 2023 12:37:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9511
Expires: Tue, 31 Jan 2023 15:16:22 GMT
Date: Tue, 31 Jan 2023 12:37:51 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 12:35:54 GMT
content-type: application/json
age: 117
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4175
Expires: Tue, 31 Jan 2023 13:47:26 GMT
Date: Tue, 31 Jan 2023 12:37:51 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: niw9lgDY8Q2Nkt0v0eGrGA8YkA+W4p+7f7ucG8vQ5FPF4d1NYFE4sfxqGvsS2gCiZdufZ/S7Bobrtg+RnwfNMQ==
x-amz-request-id: XMCYG6M6X52NC93A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 12:22:13 GMT
age: 938
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
lurkmore.wtf/images/thumb/a/ac/Telegram_logo.png/40px-Telegram_logo.png
65.109.86.69200 OK 1.6 kB URL HTTP/2 lurkmore.wtf/images/thumb/a/ac/Telegram_logo.png/40px-Telegram_logo.png
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 91fb5da5dc2728240a7a9574ba9f30d5
324a687cff304b10f31405e4fc85b833425c6efc
ea7da0f9ede3c1d67c9c2da36993210dd7878e850984cb1f839cb3bc4a5b63da
GET /images/thumb/a/ac/Telegram_logo.png/40px-Telegram_logo.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/png
content-length: 1578
last-modified: Wed, 07 Dec 2022 10:50:14 GMT
etag: "63906fe6-62a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/a/ac/Telegram_logo.png/40px-Telegram_logo.png
accept-ranges: bytes
X-Firefox-Spdy: h2
lurkmore.wtf/images/thumb/9/90/Vk_icon.png/40px-Vk_icon.png
65.109.86.69200 OK 1.7 kB URL HTTP/2 lurkmore.wtf/images/thumb/9/90/Vk_icon.png/40px-Vk_icon.png
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 0a26af7a40146b4846b3f3d6459ff077
9a86b4de75cb97b314e586143c38736edb89dc16
bf81ee8afc323d757d8a898d06c1cb3476ccd595c9379be9de2df42ac45abf9b
GET /images/thumb/9/90/Vk_icon.png/40px-Vk_icon.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/png
content-length: 1661
last-modified: Wed, 07 Dec 2022 16:21:56 GMT
etag: "6390bda4-67d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/9/90/Vk_icon.png/40px-Vk_icon.png
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 12:37:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-S7F6YJVLPS
142.250.74.72200 OK 79 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-S7F6YJVLPS
IP 142.250.74.72:0
File type ASCII text, with very long lines (22178)
Hash 6105446d1fa447139871cd481ef08f36
5caadecaeb91369523b2be81a51fa011c8dc7568
774751c91d78415f0100b6b1869587cadf30639be5000b42abbebd8187d2b98e
GET /gtag/js?id=G-S7F6YJVLPS HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 31 Jan 2023 12:37:52 GMT
expires: Tue, 31 Jan 2023 12:37:52 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79210
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lurkmore.wtf/skins/Vector/resources/common/images/bullet-icon.svg?d4515
65.109.86.69200 OK 159 B URL HTTP/2 lurkmore.wtf/skins/Vector/resources/common/images/bullet-icon.svg?d4515
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Hash d4515e17cf80ac2d88111406eae94387
2d98a564d597a1f50443d6c7db414ddefb50c0b6
6b2ae95e88a82be06108353d7174b1f9c18dd629e3aba1d149afcb39795335a4
GET /skins/Vector/resources/common/images/bullet-icon.svg?d4515 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/svg+xml
content-length: 159
last-modified: Mon, 16 Jan 2023 18:24:07 GMT
etag: "63c59647-9f"
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/Vector/resources/common/images/bullet-icon.svg?d4515
accept-ranges: bytes
X-Firefox-Spdy: h2
lurkmore.wtf/skins/Vector/resources/common/images/search.svg?bbf78
65.109.86.69200 OK 280 B URL HTTP/2 lurkmore.wtf/skins/Vector/resources/common/images/search.svg?bbf78
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text
Hash bbf781d07afb47f411c879833b698fcb
fc3bdcd9c553d3bf274bb2828c5908b0b10ac41d
0f6e4f6019dffc1ce266a7bb9ed185cdb7b46d4443a79f2f55c4daa2ebedcf7f
GET /skins/Vector/resources/common/images/search.svg?bbf78 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/svg+xml
content-length: 280
last-modified: Mon, 16 Jan 2023 18:24:07 GMT
etag: "63c59647-118"
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/Vector/resources/common/images/search.svg?bbf78
accept-ranges: bytes
X-Firefox-Spdy: h2
lurkmore.wtf/skins/common/images/logo.svg?6f851
65.109.86.69200 OK 1.4 kB URL HTTP/2 lurkmore.wtf/skins/common/images/logo.svg?6f851
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 6f85178bb247d5568162cb09faeeff41
6b9c7204acccdcad00dac6e32c3f1e36ce8b53c0
299080e10db1ba236020f66a55ea32386711042bf0c43e58da14e9ae5122e83b
GET /skins/common/images/logo.svg?6f851 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/svg+xml
content-length: 1419
last-modified: Wed, 07 Dec 2022 18:04:34 GMT
etag: "6390d5b2-58b"
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/common/images/logo.svg?6f851
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 12:37:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
65.109.86.69200 OK 129 kB URL HTTP/2 lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
Size 129 kB (129117 bytes)
Hash bd0f9f75d76a1eb42be05e1074f13e5f
061f6d036195ee60bf9b7778186a2e67a91eaf6c
9427c17bab328f84fd6f0ddc1e0b00d245db49476eb8b0f5881648f6aaedda6e
GET /load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
access-control-allow-origin: *
etag: W/"lgx2m"
cache-control: public, max-age=300, s-maxage=300
expires: Tue, 31 Jan 2023 12:42:50 GMT
link: </skins/common/images/logo.svg?6f851>;rel=preload;as=image
x-request-id: 6873d107ac8f65c0a7c1009f
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
content-encoding: gzip
X-Firefox-Spdy: h2
matomo.redthread.studio/matomo.js
65.109.86.69200 OK 66 kB URL HTTP/2 matomo.redthread.studio/matomo.js
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1601)
Hash a3a7245d6daf7d31d2069c0ba05879dd
ec1bf464889e71aec1ced6d8361a26c76e4a1460
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693
GET /matomo.js HTTP/1.1
Host: matomo.redthread.studio
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: application/javascript
content-length: 65842
last-modified: Mon, 30 Jan 2023 20:01:43 GMT
etag: "63d82227-10132"
expires: Tue, 31 Jan 2023 13:37:51 GMT
pragma: public
cache-control: max-age=3600, public
accept-ranges: bytes
X-Firefox-Spdy: h2
upload.wikimedia.org/wikipedia/commons/thumb/5/51/Facebook_f_logo_%282019%29.svg/40px-Facebook_f_logo_%282019%29.svg.png
91.198.174.208200 OK 968 B URL HTTP/2 upload.wikimedia.org/wikipedia/commons/thumb/5/51/Facebook_f_logo_%282019%29.svg/40px-Facebook_f_logo_%282019%29.svg.png
IP 91.198.174.208:0
File type PNG image data, 40 x 40, 8-bit colormap, non-interlaced\012- data
Hash 54ec590ab3ae8a7fc6cec9a6af296e45
69216a2d88c07190ffeb30d99d7b2cf50950be20
92889e61017fef1e807344358e209f72443534fa396bb767f6810caaa328548a
GET /wikipedia/commons/thumb/5/51/Facebook_f_logo_%282019%29.svg/40px-Facebook_f_logo_%282019%29.svg.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 11:33:55 GMT
etag: 54ec590ab3ae8a7fc6cec9a6af296e45
server: ATS/9.1.3
content-type: image/png
content-length: 968
content-disposition: inline;filename*=UTF-8''Facebook_f_logo_%282019%29.svg.png
last-modified: Tue, 22 Mar 2022 23:50:54 GMT
age: 3836
x-cache: cp3065 hit, cp3061 hit/50
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
upload.wikimedia.org/wikipedia/commons/thumb/c/ce/Twitter_Logo.png/40px-Twitter_Logo.png
91.198.174.208200 OK 756 B URL HTTP/2 upload.wikimedia.org/wikipedia/commons/thumb/c/ce/Twitter_Logo.png/40px-Twitter_Logo.png
IP 91.198.174.208:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9975c6132396772e0ad666571e70a58e
c9e7b54cadd2142b83536946681ee6d6ac3fc413
b32fca477294d2c9ac55471657c57c275834034e5456589a0af092d24a390009
GET /wikipedia/commons/thumb/c/ce/Twitter_Logo.png/40px-Twitter_Logo.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 20:17:10 GMT
etag: 9975c6132396772e0ad666571e70a58e
server: ATS/9.1.4
content-type: image/webp
content-length: 756
content-disposition: inline;filename*=UTF-8''Twitter_Logo.png.webp
last-modified: Sat, 19 Feb 2022 05:13:13 GMT
age: 58842
x-cache: cp3051 hit, cp3061 hit/291
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
lurkmore.wtf/images/thumb/d/da/Sculpture-drawing.png/80px-Sculpture-drawing.png
65.109.86.69200 OK 15 kB URL HTTP/2 lurkmore.wtf/images/thumb/d/da/Sculpture-drawing.png/80px-Sculpture-drawing.png
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 80 x 113, 8-bit/color RGBA, non-interlaced\012- data
Hash faa012d50b7ed3c7a66caf9e8669286e
2ac4f0348c4ff8c9e7264aef70780e9a03c1e7d1
90f44091ef096f0e9989c81786b6454becabff7dcabcfd5459ae8facb4ba756c
GET /images/thumb/d/da/Sculpture-drawing.png/80px-Sculpture-drawing.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/png
content-length: 15159
last-modified: Wed, 07 Dec 2022 13:19:23 GMT
etag: "639092db-3b37"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/d/da/Sculpture-drawing.png/80px-Sculpture-drawing.png
accept-ranges: bytes
X-Firefox-Spdy: h2
lurkmore.wtf/images/thumb/7/77/Advicedog.jpg/64px-Advicedog.jpg
65.109.86.69200 OK 1.7 kB URL HTTP/2 lurkmore.wtf/images/thumb/7/77/Advicedog.jpg/64px-Advicedog.jpg
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 64x64, components 3\012- data
Hash 706906243db7df8fed2ff539801c3e9d
49635a757fe3f51bef6c79acb174a7260301b1e1
6e79829d072e6778db29d83be6947734a612273f6eaa4c7d1c9f0f99482fbff3
GET /images/thumb/7/77/Advicedog.jpg/64px-Advicedog.jpg HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/jpeg
content-length: 1658
last-modified: Wed, 07 Dec 2022 10:41:14 GMT
etag: "63906dca-67a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/7/77/Advicedog.jpg/64px-Advicedog.jpg
accept-ranges: bytes
X-Firefox-Spdy: h2
lurkmore.wtf/images/thumb/e/e8/Winlogon_force_start-up.png/300px-Winlogon_force_start-up.png
65.109.86.69200 OK 69 kB URL HTTP/2 lurkmore.wtf/images/thumb/e/e8/Winlogon_force_start-up.png/300px-Winlogon_force_start-up.png
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 300 x 306, 8-bit/color RGBA, non-interlaced\012- data
Hash 18e8cb4834345d1e7039287c28aea2b4
7ab0a8bc3d86b0896dde1bfc72d37c8d5ee530b8
1f2538ef1eea3301d1be3740586a75cefeff4613a3e8d91e777cc00143cbf184
GET /images/thumb/e/e8/Winlogon_force_start-up.png/300px-Winlogon_force_start-up.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/png
content-length: 69448
last-modified: Wed, 07 Dec 2022 08:57:42 GMT
etag: "63905586-10f48"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/e/e8/Winlogon_force_start-up.png/300px-Winlogon_force_start-up.png
accept-ranges: bytes
X-Firefox-Spdy: h2
lurkmore.wtf/images/thumb/f/f1/Taskmgr_ex.png/300px-Taskmgr_ex.png
65.109.86.69200 OK 66 kB URL HTTP/2 lurkmore.wtf/images/thumb/f/f1/Taskmgr_ex.png/300px-Taskmgr_ex.png
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 300 x 303, 8-bit/color RGBA, non-interlaced\012- data
Hash df890c81a411ec6fb6bdd2c7520ed367
d49a46b11910e1b103542977f124e4dc75ba4c67
632fa0f8539d5f75040e0bd9f10b61c946b1f702364a90360378365f75b2480e
GET /images/thumb/f/f1/Taskmgr_ex.png/300px-Taskmgr_ex.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/png
content-length: 65776
last-modified: Wed, 07 Dec 2022 07:45:27 GMT
etag: "63904497-100f0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/f/f1/Taskmgr_ex.png/300px-Taskmgr_ex.png
accept-ranges: bytes
X-Firefox-Spdy: h2
matomo.redthread.studio/matomo.php?action_name=winlogon.exe%20%E2%80%94%20Lurkmore&idsite=1&rec=1&r=640875&h=12&m=38&s=8&url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&_id=1a294521202f9d56&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=NU7ZSF&pf_net=97&pf_srv=89&pf_tfr=1&pf_dm1=237&uadata=%7B%7D
65.109.86.69204 No Content 0 B URL HTTP/2 matomo.redthread.studio/matomo.php?action_name=winlogon.exe%20%E2%80%94%20Lurkmore&idsite=1&rec=1&r=640875&h=12&m=38&s=8&url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&_id=1a294521202f9d56&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=NU7ZSF&pf_net=97&pf_srv=89&pf_tfr=1&pf_dm1=237&uadata=%7B%7D
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /matomo.php?action_name=winlogon.exe%20%E2%80%94%20Lurkmore&idsite=1&rec=1&r=640875&h=12&m=38&s=8&url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&_id=1a294521202f9d56&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=NU7ZSF&pf_net=97&pf_srv=89&pf_tfr=1&pf_dm1=237&uadata=%7B%7D HTTP/1.1
Host: matomo.redthread.studio
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
x-country-code: NO
x-country-name: Norway
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data:
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
x-robots-tag: none
x-download-options: noopen
access-control-allow-origin: https://lurkmore.wtf, *
cross-origin-embedder-policy: *
cross-origin-opener-policy: *
referrer-policy: origin
x-content-type-options: nosniff, nosniff
x-xss-protection: 0, 1; mode=block
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 11:41:42 GMT
age: 3370
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
lurkmore.wtf/skins/common/images/favicon/apple-touch-icon.png
65.109.86.69200 OK 3.5 kB URL HTTP/2 lurkmore.wtf/skins/common/images/favicon/apple-touch-icon.png
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 180 x 180, 8-bit gray+alpha, non-interlaced\012- data
Hash 00f44e5080080781f94f30389aa56512
523f50cde07db17579fe0771737f174dc5f57026
78edcfef5063cbcd471c861a7f0f99c5b8887b6761026d24149541a2b24caf10
GET /skins/common/images/favicon/apple-touch-icon.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/png
content-length: 3508
last-modified: Wed, 07 Dec 2022 18:04:34 GMT
etag: "6390d5b2-db4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/common/images/favicon/apple-touch-icon.png
accept-ranges: bytes
X-Firefox-Spdy: h2
lurkmore.wtf/skins/common/images/favicon/favicon.svg
65.109.86.69200 OK 523 B URL HTTP/2 lurkmore.wtf/skins/common/images/favicon/favicon.svg
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash e3935041ae4cb83dc21fb1bfdccdb417
ffdff84bd7b1ca918c8fcc5ecca46f265dc73e2b
5a1f40b79f52434723d182db8bd48430ad531314a579fbbee853a8a17c0c849a
GET /skins/common/images/favicon/favicon.svg HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/svg+xml
content-length: 523
last-modified: Wed, 07 Dec 2022 18:04:34 GMT
etag: "6390d5b2-20b"
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/common/images/favicon/favicon.svg
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 5f372a210a2bae7b82926f96f964521b
100fcfffd0b2be743061df713f512de664692c11
97ea333b4b8abb128fd88fd338bbbec67a8b089fc15a4712701361671eeeb4ee
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 12:37:52 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sat, 04 Feb 2023 09:07:56 GMT
ETag: "100fcfffd0b2be743061df713f512de664692c11"
Last-Modified: Tue, 31 Jan 2023 09:07:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1953
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7922804aeb86b51e-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4536
Expires: Tue, 31 Jan 2023 13:53:28 GMT
Date: Tue, 31 Jan 2023 12:37:52 GMT
Connection: keep-alive
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash a236c7014c1f1a1e52d356f59e5d665a
b66c638eb2346287364c37725819bbab1f409d66
ad2d57579e453af0eac49156840bcd1dcfbd802a82135af98f41f714d7e698f2
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73769
date: Tue, 31 Jan 2023 12:37:52 GMT
access-control-allow-origin: *
etag: "63c93a4b-12029"
expires: Tue, 31 Jan 2023 13:37:52 GMT
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.160.32.147101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.32.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m/sLjUUFR+LwSmvLJmL4YA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CTlwBKt0zocpo0qJi4FEPldBvEs=
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 31 Jan 2023 12:37:52 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Tue, 31 Jan 2023 13:37:52 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/91155547/1?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
77.88.21.119200 OK 407 B URL HTTP/2 mc.yandex.ru/watch/91155547/1?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash 2e02682385bc3da9f247d273583a38e9
e8394e90fb6a1ac149bc0529ffaaf0043c4133af
0cdc6165de0ca8753dace73c2af0936b492bdc89066d23d4df9e014bf827a4bd
GET /watch/91155547/1?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Referer: https://lurkmore.wtf/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 407
date: Tue, 31 Jan 2023 12:37:52 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://lurkmore.wtf
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 12:37:52 GMT
last-modified: Tue, 31-Jan-2023 12:37:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-S7F6YJVLPS>m=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-S7F6YJVLPS>m=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-S7F6YJVLPS>m=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://lurkmore.wtf
date: Tue, 31 Jan 2023 12:37:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-ECRM93CDBX>m=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-ECRM93CDBX>m=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-ECRM93CDBX>m=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://lurkmore.wtf
date: Tue, 31 Jan 2023 12:37:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-0EFNHM40WN>m=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-0EFNHM40WN>m=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-0EFNHM40WN>m=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://lurkmore.wtf
date: Tue, 31 Jan 2023 12:37:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2211
Expires: Tue, 31 Jan 2023 13:14:44 GMT
Date: Tue, 31 Jan 2023 12:37:53 GMT
Connection: keep-alive
mc.yandex.ru/watch/91155547?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
77.88.21.119302 Found 503 B URL HTTP/2 mc.yandex.ru/watch/91155547?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 77.88.21.119:0
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
GET /watch/91155547?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/91155547/1?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Tue, 31 Jan 2023 12:37:52 GMT
access-control-allow-origin: https://lurkmore.wtf
set-cookie: yabs-sid=2074902601675168672; Path=/; SameSite=None; Secure
i=3H3TpDzAdi0o7wRRDKI0951OfXXeKvP/a1ZQuCtBuvDde3GPUEan+3hPklm7i0KEVvBITzmUBx/bO3/LIgtIGk+l+Jw=; Expires=Fri, 28-Jan-2033 12:37:48 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=7237426881675168672; Expires=Wed, 31-Jan-2024 12:37:52 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7237426881675168672; Expires=Wed, 31-Jan-2024 12:37:52 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706704672.yc.1675168672#1706704672.yrts.1675168672#1706704672.yrtsi.1675168672; Expires=Wed, 31-Jan-2024 12:37:52 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 12:37:52 GMT
last-modified: Tue, 31-Jan-2023 12:37:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2211
Expires: Tue, 31 Jan 2023 13:14:44 GMT
Date: Tue, 31 Jan 2023 12:37:53 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6f9ffb8f9e99229b45ca5fdb84ce7d5
04577ad69ee9749b14382254eb5bbf0e1edcd7fa
6111acf3f363123b39d13cd3d23ab39b8c8d00379874f19231d1cd3da17c52c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8558
x-amzn-requestid: 2841cd36-22e6-4ecb-b56a-bfadce3197c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_BFA8IAMFyvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e393-3fd03bd14de762b0738a3b0a;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R29JYq4Z8V_Xuq2no0bKxk1K6h2PmTO5OSxzMa4zppDVk3j9rO9aTw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:24:36 GMT
age: 33197
etag: "04577ad69ee9749b14382254eb5bbf0e1edcd7fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2797bfd35b7ec24888de84be14f7f2ec
8e315ac5856967286eaa8769e081d827fb4ca39e
b99f3bd73eb4395194bc7bb6a1b801750182239e5b70f3207f99e494b60b72ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11129
x-amzn-requestid: 74f2a4dd-7d5d-4839-90a8-d2e74f6d785d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffDBZGRPoAMFedg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e53b-3de444596550bb41188ada5b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:17:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9Fga247EZZqiGmdMJ72resdBZR2KLgflGDBPESmuw9cFVs4hSzMzTw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:50:52 GMT
age: 31621
etag: "8e315ac5856967286eaa8769e081d827fb4ca39e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c4934be94898028e2ab696561b51462
6cf734e2d29938688913daacfb75506d8e004a94
239adcbb538b7a6d1483c65c7694d4a9f9fa9cadf456ab5681c4b764185e3596
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 67109f87-6073-4991-b540-cdeedc2d7b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flYlPF9uIAMFXMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86e21-60ac2c7b37c72e6e54a5c69d;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:25:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Gif_csWkacU59D_hnOrJpK6u2aPI8Ylf2JyQEJZ2RLNMCrXSmmMa9w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:56:35 GMT
age: 38478
etag: "6cf734e2d29938688913daacfb75506d8e004a94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUGjUSIkoacdmaO1jnMwIuNMONhjyVfAIcTQ3B5d5da_g9eEnCtW7g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:17 GMT
age: 53376
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a2d26da68a313cc65958fc2692351c2
798c3538f3147ca77d317676ddd1bf040bd0f93b
76ce30224803d680c0115e987a712ce5552b2760beadf796a96b17439fb20797
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10898
x-amzn-requestid: e29f8dfc-07d4-4136-afaf-e1e067eea2ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxGshIAMFw5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-5e87d2a44722af9e4e86c3d4;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XYo_QvM8GWDyulOtUb5nVjS9PxOinaRJ3lYvCreeqd_9tHI5yv5xcQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:21 GMT
age: 53372
etag: "798c3538f3147ca77d317676ddd1bf040bd0f93b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lurkmore.wtf/load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42
65.109.86.69200 OK 32 kB URL HTTP/2 lurkmore.wtf/load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
Hash b5b83160bf1e95c33abe2b11003e788d
c7c62f242b6d2d306c6f4627437d1a671e54069e
3761d55aad8bbdef466cb987db44f1ad629a1227e5ce623abf6d412531159546
GET /load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1; _ga_S7F6YJVLPS=GS1.1.1675168689.1.0.1675168689.0.0.0; _ga=GA1.1.1996508158.1675168689; _ga_0EFNHM40WN=GS1.1.1675168689.1.0.1675168689.0.0.0; _ga_ECRM93CDBX=GS1.1.1675168689.1.0.1675168689.0.0.0; _ym_uid=1675168690805555117; _ym_d=1675168690
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
etag: W/"1sd42"
cache-control: public, max-age=2592000, s-maxage=2592000
expires: Thu, 02 Mar 2023 12:37:51 GMT
x-request-id: a348eb23888ff2e8d459e20a
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42
content-encoding: gzip
X-Firefox-Spdy: h2
lurkmore.wtf/load.php?lang=ru&modules=UC.ajaxed%2Ccollapsiblesidebar%2Cgallerymodify%2Cmorphobjects%2Cprettyphotify%2Cqueue%2Csectionmenus%2Cslimscroll%7Cext.popups%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Coojs-router%2Csite%7Cjquery.client%2Ccookie%7Cmediawiki.String%2CTitle%2Capi%2Cbase%2Ccldr%2Ccookie%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.ui.button%2Cicon%7Cmmv.bootstrap%2Chead%7Cmmv.bootstrap.autostart%7Cskins.vector.legacy.js&skin=vector&version=85a3e
65.109.86.69200 OK 0 B URL HTTP/2 lurkmore.wtf/load.php?lang=ru&modules=UC.ajaxed%2Ccollapsiblesidebar%2Cgallerymodify%2Cmorphobjects%2Cprettyphotify%2Cqueue%2Csectionmenus%2Cslimscroll%7Cext.popups%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Coojs-router%2Csite%7Cjquery.client%2Ccookie%7Cmediawiki.String%2CTitle%2Capi%2Cbase%2Ccldr%2Ccookie%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.ui.button%2Cicon%7Cmmv.bootstrap%2Chead%7Cmmv.bootstrap.autostart%7Cskins.vector.legacy.js&skin=vector&version=85a3e
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
GET /load.php?lang=ru&modules=UC.ajaxed%2Ccollapsiblesidebar%2Cgallerymodify%2Cmorphobjects%2Cprettyphotify%2Cqueue%2Csectionmenus%2Cslimscroll%7Cext.popups%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Coojs-router%2Csite%7Cjquery.client%2Ccookie%7Cmediawiki.String%2CTitle%2Capi%2Cbase%2Ccldr%2Ccookie%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.ui.button%2Cicon%7Cmmv.bootstrap%2Chead%7Cmmv.bootstrap.autostart%7Cskins.vector.legacy.js&skin=vector&version=85a3e HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
etag: W/"85a3e"
cache-control: public, max-age=2592000, s-maxage=2592000
expires: Thu, 02 Mar 2023 12:37:51 GMT
x-request-id: cfc42b3520393914aa00038b
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=UC.ajaxed%2Ccollapsiblesidebar%2Cgallerymodify%2Cmorphobjects%2Cprettyphotify%2Cqueue%2Csectionmenus%2Cslimscroll%7Cext.popups%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Coojs-router%2Csite%7Cjquery.client%2Ccookie%7Cmediawiki.String%2CTitle%2Capi%2Cbase%2Ccldr%2Ccookie%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.ui.button%2Cicon%7Cmmv.bootstrap%2Chead%7Cmmv.bootstrap.autostart%7Cskins.vector.legacy.js&skin=vector&version=85a3e
content-encoding: gzip
X-Firefox-Spdy: h2
lurkmore.wtf/load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector
65.109.86.69200 OK 0 B URL HTTP/2 lurkmore.wtf/load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
GET /load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
etag: W/"1bzfh"
cache-control: public, max-age=300, s-maxage=300
expires: Tue, 31 Jan 2023 12:42:50 GMT
x-request-id: fba8b433260ce20de026d0b4
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector
content-encoding: gzip
X-Firefox-Spdy: h2
lurkmore.wtf/load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67
65.109.86.69200 OK 0 B URL HTTP/2 lurkmore.wtf/load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
GET /load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1; _ga_S7F6YJVLPS=GS1.1.1675168689.1.0.1675168689.0.0.0; _ga=GA1.1.1996508158.1675168689; _ga_0EFNHM40WN=GS1.1.1675168689.1.0.1675168689.0.0.0; _ga_ECRM93CDBX=GS1.1.1675168689.1.0.1675168689.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
etag: W/"j6c67"
cache-control: public, max-age=2592000, s-maxage=2592000
expires: Thu, 02 Mar 2023 12:37:51 GMT
x-request-id: db9b726e1c4ef0b0589cb28c
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67
content-encoding: gzip
X-Firefox-Spdy: h2
lurkmore.wtf/Winlogon.exe
65.109.86.69200 OK 0 B URL HTTP/2 lurkmore.wtf/Winlogon.exe
IP 65.109.86.69:0
ASN #24940 Hetzner Online GmbH
NIDS Severity Alert suricata medium ET HUNTING Suspicious winlogin.exe in URI
GET /Winlogon.exe HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-language: ru
vary: Accept-Encoding, Accept-Encoding, Cookie
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: private, must-revalidate, max-age=0
last-modified: Mon, 30 Jan 2023 12:37:50 GMT
x-request-id: 7def6fa7fb2b163343de539a
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/Winlogon.exe
content-encoding: gzip
X-Firefox-Spdy: h2