Report - lurkmore.wtf/Winlogon.exe

Report Overview

Submitted URL
lurkmore.wtf/Winlogon.exe
IP
65.109.86.69
ASN
#24940 Hetzner Online GmbH
Submitted
2023-01-31 12:38:02
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
lurkmore.wtf	unknown	2022-11-08T07:58:14Z	2023-01-19T21:23:03Z	9.9 kB	330 kB	65.109.86.69
mc.yandex.ru	2672	2012-05-21T11:38:30Z	2023-03-13T08:16:45Z	3.5 kB	79 kB	77.88.21.119
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
upload.wikimedia.org	2215	2012-05-21T11:39:45Z	2023-03-13T08:58:21Z	914 B	4.7 kB	91.198.174.208
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	359 B	1.4 kB	104.18.20.226
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.160.32.147
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	686 B	1.4 kB	142.250.74.131
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	380 B	80 kB	142.250.74.72
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	2.0 kB	1.3 kB	216.239.32.36
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.0 kB	5.3 kB	23.36.77.32
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
matomo.redthread.studio	unknown	2022-10-28T08:29:22Z	2023-01-06T09:31:37Z	1.1 kB	67 kB	65.109.86.69
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.7 kB	60 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-31 12:38:08	medium	Client IP	65.109.86.69	ET HUNTING Suspicious winlogin.exe in URI

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	lurkmore.wtf/Winlogon.exe	552 B	2023-03-12	2023-03-13
Pretty URL lurkmore.wtf/Winlogon.exe IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash eeef15895ae2a08c1f6492a7187e6501 faabf04bd0fe327e358be20938584d705004a0a0 87be76dd4b7dd565970d45c140bb0d25befc40375caa7b39dcc4f4ab6c14c450 Loading...

	lurkmore.wtf/Winlogon.exe	884 B	2023-03-13	2023-03-13
Pretty URL lurkmore.wtf/Winlogon.exe IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:18:33 Last Seen2023-03-13 13:18:33 Times Seen1 Hash 084eaea4650509ec017a42a68a93834e 702b05fac8132cde8ac4aae8630bce4261e60d99 fc89efb8b648d7d6aecd552410d8b9b2320abcd5297af8b7eee7f6941df87daa Loading...

	www.googletagmanager.com/gtag/js?id=G-S7F6YJVLPS	230 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-S7F6YJVLPS IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:18:33 Last Seen2023-03-13 13:18:33 Times Seen1 Hash 88ab1b87c122f1f8d11114afb49775ea c87105624518b2b82f2fac12a114e4bbccd587da af304962a42ee11d54fb146e22240cbb20e7e2b2b59439696e0e550a0268c1ed Loading...

	matomo.redthread.studio/matomo.js	66 kB	2023-03-08	2024-04-24
Pretty URL matomo.redthread.studio/matomo.js IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:51:14 Last Seen2024-04-24 18:42:07 Times Seen8065 Hash a3a7245d6daf7d31d2069c0ba05879dd ec1bf464889e71aec1ced6d8361a26c76e4a1460 d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693 Loading...

	lurkmore.wtf/Winlogon.exe	2.7 kB	2023-03-12	2023-03-13
Pretty URL lurkmore.wtf/Winlogon.exe IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash efae9ebe650977a08b060a7f590e7531 42eea70c31359c0e449270536b67173f45a048e2 b2c1070caf572a94781d97988501342e2a66691faa6415b0dfa953ddda82dcd7 Loading...

	mc.yandex.ru/metrika/tag.js	216 kB	2023-03-13	2024-02-12
Pretty URL mc.yandex.ru/metrika/tag.js IP 77.88.21.119 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:21:16 Last Seen2024-02-12 03:39:19 Times Seen26 Hash 11dace43aae35c0df839beaed62a7af2 69bc46afefb0a5a4246be951c20b9ea7196333df e920c8868829d751996c981a49d415d9a1abc190bc51cc719826441236231e32 Loading...

	lurkmore.wtf/load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67	1.9 kB	2023-03-12	2023-03-13
Pretty URL lurkmore.wtf/load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67 IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash 56242d31da0981665521ecf04ed2fe91 dfe06e38d6147de2057d1206c4fe270e948d6053 f639c67091a72735f0c4f4d795920dd55bcccea05605614bc5e7ec04e0faf563 Loading...

	lurkmore.wtf/Winlogon.exe	1.7 kB	2023-03-13	2023-03-13
Pretty URL lurkmore.wtf/Winlogon.exe IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:18:33 Last Seen2023-03-13 13:18:33 Times Seen1 Hash 6bb9b7a45bcab28ed1117a7264ddd0a3 1e18995abf3ec37bf47e8375e3a837fa570b0bd5 20f934a913d8f0ad96b1a00408125afe7c2236c8f3b2e0b711c1d7274f7b3ca7 Loading...

	lurkmore.wtf/Winlogon.exe	197 B	2023-03-07	2024-04-19
Pretty URL lurkmore.wtf/Winlogon.exe IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:32:24 Last Seen2024-04-19 00:53:09 Times Seen6377 Hash 7a82bec10434ac99dbfc2bba8e6a7dd2 1bc768fce08f0719f4c0df55e8bbe1a3768ff250 31e72625b40da49099c181ee8f85d44768afd73088726afca544ce6a6eee9283 Loading...

	lurkmore.wtf/Winlogon.exe	148 B	2023-03-12	2023-03-13
Pretty URL lurkmore.wtf/Winlogon.exe IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash e86b97e9b0acf6b379b8b8d87c08b586 4222d00a23654675d83c5c1c6d5315d3b0d64664 b9e8a083d0669786342d4ed9495c5373e3fc8b534be7102211b7cc73b9024f99 Loading...

	lurkmore.wtf/Winlogon.exe	521 B	2023-03-12	2023-03-13
Pretty URL lurkmore.wtf/Winlogon.exe IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash b0960370a7bc506b4315a54dc2cdf863 274e79cb7c550ac788165509ab1f5bd6ef8bbc52 6b499c7fd9975082ef578def1b3a5c3a0389879b061c175d9e61a204d33461c6 Loading...

	lurkmore.wtf/load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42	77 kB	2023-03-12	2023-03-13
Pretty URL lurkmore.wtf/load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42 IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash 38473efe2a3e99b2f5ace34b64797a37 5efdc47dbdad7dd867121ee4c1f218d8349a89cc e45ffed6b73c970dd0e514daa607b5ead9f92620c38ef94bb12c8e4636b2fcb4 Loading...

	lurkmore.wtf/load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector	35 kB	2023-03-13	2023-03-13
Pretty URL lurkmore.wtf/load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector IP 65.109.86.69 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:18:33 Last Seen2023-03-13 13:18:33 Times Seen1 Hash db464d167158d622adb50e24a65ef09a 054ed12dca85b15de5a7f6088d3b0ce53791f05a eccfd9b99d48695b52726fdf6ba8b5d702523fc1b3aa58558f3d29897ef3bd15 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 7728df46c5033dd6bac91e4fa88f9377	67 B	2023-03-12	2023-03-13
Pretty Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash 7728df46c5033dd6bac91e4fa88f9377 d5c6a47621169e5c661bcbfc0d3eb80cefcc1f33 6901760ce018cd83719be35cfd44b219c50a0897db6060d97a10d921eafffb16 Loading...

	#2 Eval - 5d52b51f573ab95d312ea11963a4e304	73 B	2023-03-12	2023-03-13
Pretty Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash 5d52b51f573ab95d312ea11963a4e304 f0bb71679934d5089b96d36e33a325583fa32358 2b4e430c0585378a7ea21a3a917a06c3f01def0b60ba38c28661db8406d8635e Loading...

	#3 Eval - bb1aea3d924f36b2110952629f2209aa	77 B	2023-03-12	2023-03-13
Pretty Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash bb1aea3d924f36b2110952629f2209aa e2e25732411a7599b167caf29700412348d1e5e2 cdd78d36a49148f552bedd2a20fdc9c3163da5cdbd0c145cfddba53672055a78 Loading...

	#4 Eval - 45b4e83b2c6bc40033182ce83f4a570a	59 B	2023-03-12	2023-03-13
Pretty Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash 45b4e83b2c6bc40033182ce83f4a570a 05aab57434c13124e7a58ee8222ae5b80fa5edd5 e6bc69e2a44f6484411cfbb09c12e4e01b63ff2646ddc7e3c3f32a7b2fc9d292 Loading...

	#5 Eval - a4158598ab26ad75d84463cc2c3d8991	67 B	2023-03-12	2023-03-13
Pretty Observations First Seen2023-03-12 08:20:05 Last Seen2023-03-13 13:18:33 Times Seen1 Hash a4158598ab26ad75d84463cc2c3d8991 299731acfb54cba7d0189558a43d2bd53017f146 d2d21e1ff805fd96815b410b0e762aaea8d72998e677bf624469bd46b4481e94 Loading...

HTTP Transactions (49)

URL IP Response Size

lurkmore.wtf/Winlogon.exe

65.109.86.69

301 Moved Permanently

162 B

URL HTTP/1.1
lurkmore.wtf/Winlogon.exe
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious winlogin.exe in URI

HTTP Headers

GET /Winlogon.exe HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 31 Jan 2023 12:37:50 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://lurkmore.wtf/Winlogon.exe

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11164
Expires: Tue, 31 Jan 2023 15:43:55 GMT
Date: Tue, 31 Jan 2023 12:37:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9511
Expires: Tue, 31 Jan 2023 15:16:22 GMT
Date: Tue, 31 Jan 2023 12:37:51 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 12:35:54 GMT
content-type: application/json
age: 117
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4175
Expires: Tue, 31 Jan 2023 13:47:26 GMT
Date: Tue, 31 Jan 2023 12:37:51 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: niw9lgDY8Q2Nkt0v0eGrGA8YkA+W4p+7f7ucG8vQ5FPF4d1NYFE4sfxqGvsS2gCiZdufZ/S7Bobrtg+RnwfNMQ==
x-amz-request-id: XMCYG6M6X52NC93A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 12:22:13 GMT
age: 938
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

lurkmore.wtf/images/thumb/a/ac/Telegram_logo.png/40px-Telegram_logo.png

65.109.86.69

200 OK

1.6 kB

URL HTTP/2
lurkmore.wtf/images/thumb/a/ac/Telegram_logo.png/40px-Telegram_logo.png
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1578 bytes)
Hash
91fb5da5dc2728240a7a9574ba9f30d5
324a687cff304b10f31405e4fc85b833425c6efc
ea7da0f9ede3c1d67c9c2da36993210dd7878e850984cb1f839cb3bc4a5b63da

HTTP Headers

GET /images/thumb/a/ac/Telegram_logo.png/40px-Telegram_logo.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/png
content-length: 1578
last-modified: Wed, 07 Dec 2022 10:50:14 GMT
etag: "63906fe6-62a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/a/ac/Telegram_logo.png/40px-Telegram_logo.png
accept-ranges: bytes
X-Firefox-Spdy: h2

lurkmore.wtf/images/thumb/9/90/Vk_icon.png/40px-Vk_icon.png

65.109.86.69

200 OK

1.7 kB

URL HTTP/2
lurkmore.wtf/images/thumb/9/90/Vk_icon.png/40px-Vk_icon.png
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1661 bytes)
Hash
0a26af7a40146b4846b3f3d6459ff077
9a86b4de75cb97b314e586143c38736edb89dc16
bf81ee8afc323d757d8a898d06c1cb3476ccd595c9379be9de2df42ac45abf9b

HTTP Headers

GET /images/thumb/9/90/Vk_icon.png/40px-Vk_icon.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/png
content-length: 1661
last-modified: Wed, 07 Dec 2022 16:21:56 GMT
etag: "6390bda4-67d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/9/90/Vk_icon.png/40px-Vk_icon.png
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 12:37:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-S7F6YJVLPS

142.250.74.72

200 OK

79 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-S7F6YJVLPS
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (22178)
Size
79 kB (79210 bytes)
Hash
6105446d1fa447139871cd481ef08f36
5caadecaeb91369523b2be81a51fa011c8dc7568
774751c91d78415f0100b6b1869587cadf30639be5000b42abbebd8187d2b98e

HTTP Headers

GET /gtag/js?id=G-S7F6YJVLPS HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 31 Jan 2023 12:37:52 GMT
expires: Tue, 31 Jan 2023 12:37:52 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79210
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lurkmore.wtf/skins/Vector/resources/common/images/bullet-icon.svg?d4515

65.109.86.69

200 OK

159 B

URL HTTP/2
lurkmore.wtf/skins/Vector/resources/common/images/bullet-icon.svg?d4515
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Size
159 B (159 bytes)
Hash
d4515e17cf80ac2d88111406eae94387
2d98a564d597a1f50443d6c7db414ddefb50c0b6
6b2ae95e88a82be06108353d7174b1f9c18dd629e3aba1d149afcb39795335a4

HTTP Headers

GET /skins/Vector/resources/common/images/bullet-icon.svg?d4515 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/svg+xml
content-length: 159
last-modified: Mon, 16 Jan 2023 18:24:07 GMT
etag: "63c59647-9f"
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/Vector/resources/common/images/bullet-icon.svg?d4515
accept-ranges: bytes
X-Firefox-Spdy: h2

lurkmore.wtf/skins/Vector/resources/common/images/search.svg?bbf78

65.109.86.69

200 OK

280 B

URL HTTP/2
lurkmore.wtf/skins/Vector/resources/common/images/search.svg?bbf78
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text
Size
280 B (280 bytes)
Hash
bbf781d07afb47f411c879833b698fcb
fc3bdcd9c553d3bf274bb2828c5908b0b10ac41d
0f6e4f6019dffc1ce266a7bb9ed185cdb7b46d4443a79f2f55c4daa2ebedcf7f

HTTP Headers

GET /skins/Vector/resources/common/images/search.svg?bbf78 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/svg+xml
content-length: 280
last-modified: Mon, 16 Jan 2023 18:24:07 GMT
etag: "63c59647-118"
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/Vector/resources/common/images/search.svg?bbf78
accept-ranges: bytes
X-Firefox-Spdy: h2

lurkmore.wtf/skins/common/images/logo.svg?6f851

65.109.86.69

200 OK

1.4 kB

URL HTTP/2
lurkmore.wtf/skins/common/images/logo.svg?6f851
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.4 kB (1419 bytes)
Hash
6f85178bb247d5568162cb09faeeff41
6b9c7204acccdcad00dac6e32c3f1e36ce8b53c0
299080e10db1ba236020f66a55ea32386711042bf0c43e58da14e9ae5122e83b

HTTP Headers

GET /skins/common/images/logo.svg?6f851 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: image/svg+xml
content-length: 1419
last-modified: Wed, 07 Dec 2022 18:04:34 GMT
etag: "6390d5b2-58b"
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/common/images/logo.svg?6f851
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 12:37:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector

65.109.86.69

200 OK

129 kB

URL HTTP/2
lurkmore.wtf/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
129 kB (129117 bytes)
Hash
bd0f9f75d76a1eb42be05e1074f13e5f
061f6d036195ee60bf9b7778186a2e67a91eaf6c
9427c17bab328f84fd6f0ddc1e0b00d245db49476eb8b0f5881648f6aaedda6e

HTTP Headers

GET /load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
access-control-allow-origin: *
etag: W/"lgx2m"
cache-control: public, max-age=300, s-maxage=300
expires: Tue, 31 Jan 2023 12:42:50 GMT
link: </skins/common/images/logo.svg?6f851>;rel=preload;as=image
x-request-id: 6873d107ac8f65c0a7c1009f
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=mediawiki.page.gallery.styles%7Cskins.vector.styles.legacy&only=styles&skin=vector
content-encoding: gzip
X-Firefox-Spdy: h2

matomo.redthread.studio/matomo.js

65.109.86.69

200 OK

66 kB

URL HTTP/2
matomo.redthread.studio/matomo.js
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (1601)
Size
66 kB (65842 bytes)
Hash
a3a7245d6daf7d31d2069c0ba05879dd
ec1bf464889e71aec1ced6d8361a26c76e4a1460
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693

HTTP Headers

GET /matomo.js HTTP/1.1
Host: matomo.redthread.studio
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: application/javascript
content-length: 65842
last-modified: Mon, 30 Jan 2023 20:01:43 GMT
etag: "63d82227-10132"
expires: Tue, 31 Jan 2023 13:37:51 GMT
pragma: public
cache-control: max-age=3600, public
accept-ranges: bytes
X-Firefox-Spdy: h2

upload.wikimedia.org/wikipedia/commons/thumb/5/51/Facebook_f_logo_%282019%29.svg/40px-Facebook_f_logo_%282019%29.svg.png

91.198.174.208

200 OK

968 B

URL HTTP/2
upload.wikimedia.org/wikipedia/commons/thumb/5/51/Facebook_f_logo_%282019%29.svg/40px-Facebook_f_logo_%282019%29.svg.png
IP
91.198.174.208:0
ASN
#14907 WIKIMEDIA

File type
PNG image data, 40 x 40, 8-bit colormap, non-interlaced\012- data
Size
968 B (968 bytes)
Hash
54ec590ab3ae8a7fc6cec9a6af296e45
69216a2d88c07190ffeb30d99d7b2cf50950be20
92889e61017fef1e807344358e209f72443534fa396bb767f6810caaa328548a

HTTP Headers

GET /wikipedia/commons/thumb/5/51/Facebook_f_logo_%282019%29.svg/40px-Facebook_f_logo_%282019%29.svg.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 11:33:55 GMT
etag: 54ec590ab3ae8a7fc6cec9a6af296e45
server: ATS/9.1.3
content-type: image/png
content-length: 968
content-disposition: inline;filename*=UTF-8''Facebook_f_logo_%282019%29.svg.png
last-modified: Tue, 22 Mar 2022 23:50:54 GMT
age: 3836
x-cache: cp3065 hit, cp3061 hit/50
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

upload.wikimedia.org/wikipedia/commons/thumb/c/ce/Twitter_Logo.png/40px-Twitter_Logo.png

91.198.174.208

200 OK

756 B

URL HTTP/2
upload.wikimedia.org/wikipedia/commons/thumb/c/ce/Twitter_Logo.png/40px-Twitter_Logo.png
IP
91.198.174.208:0
ASN
#14907 WIKIMEDIA

File type
RIFF (little-endian) data, Web/P image\012- data
Size
756 B (756 bytes)
Hash
9975c6132396772e0ad666571e70a58e
c9e7b54cadd2142b83536946681ee6d6ac3fc413
b32fca477294d2c9ac55471657c57c275834034e5456589a0af092d24a390009

HTTP Headers

GET /wikipedia/commons/thumb/c/ce/Twitter_Logo.png/40px-Twitter_Logo.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 30 Jan 2023 20:17:10 GMT
etag: 9975c6132396772e0ad666571e70a58e
server: ATS/9.1.4
content-type: image/webp
content-length: 756
content-disposition: inline;filename*=UTF-8''Twitter_Logo.png.webp
last-modified: Sat, 19 Feb 2022 05:13:13 GMT
age: 58842
x-cache: cp3051 hit, cp3061 hit/291
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

lurkmore.wtf/images/thumb/d/da/Sculpture-drawing.png/80px-Sculpture-drawing.png

65.109.86.69

200 OK

15 kB

URL HTTP/2
lurkmore.wtf/images/thumb/d/da/Sculpture-drawing.png/80px-Sculpture-drawing.png
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 80 x 113, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (15159 bytes)
Hash
faa012d50b7ed3c7a66caf9e8669286e
2ac4f0348c4ff8c9e7264aef70780e9a03c1e7d1
90f44091ef096f0e9989c81786b6454becabff7dcabcfd5459ae8facb4ba756c

HTTP Headers

GET /images/thumb/d/da/Sculpture-drawing.png/80px-Sculpture-drawing.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/png
content-length: 15159
last-modified: Wed, 07 Dec 2022 13:19:23 GMT
etag: "639092db-3b37"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/d/da/Sculpture-drawing.png/80px-Sculpture-drawing.png
accept-ranges: bytes
X-Firefox-Spdy: h2

lurkmore.wtf/images/thumb/7/77/Advicedog.jpg/64px-Advicedog.jpg

65.109.86.69

200 OK

1.7 kB

URL HTTP/2
lurkmore.wtf/images/thumb/7/77/Advicedog.jpg/64px-Advicedog.jpg
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 64x64, components 3\012- data
Size
1.7 kB (1658 bytes)
Hash
706906243db7df8fed2ff539801c3e9d
49635a757fe3f51bef6c79acb174a7260301b1e1
6e79829d072e6778db29d83be6947734a612273f6eaa4c7d1c9f0f99482fbff3

HTTP Headers

GET /images/thumb/7/77/Advicedog.jpg/64px-Advicedog.jpg HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/jpeg
content-length: 1658
last-modified: Wed, 07 Dec 2022 10:41:14 GMT
etag: "63906dca-67a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/7/77/Advicedog.jpg/64px-Advicedog.jpg
accept-ranges: bytes
X-Firefox-Spdy: h2

lurkmore.wtf/images/thumb/e/e8/Winlogon_force_start-up.png/300px-Winlogon_force_start-up.png

65.109.86.69

200 OK

69 kB

URL HTTP/2
lurkmore.wtf/images/thumb/e/e8/Winlogon_force_start-up.png/300px-Winlogon_force_start-up.png
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 300 x 306, 8-bit/color RGBA, non-interlaced\012- data
Size
69 kB (69448 bytes)
Hash
18e8cb4834345d1e7039287c28aea2b4
7ab0a8bc3d86b0896dde1bfc72d37c8d5ee530b8
1f2538ef1eea3301d1be3740586a75cefeff4613a3e8d91e777cc00143cbf184

HTTP Headers

GET /images/thumb/e/e8/Winlogon_force_start-up.png/300px-Winlogon_force_start-up.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/png
content-length: 69448
last-modified: Wed, 07 Dec 2022 08:57:42 GMT
etag: "63905586-10f48"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/e/e8/Winlogon_force_start-up.png/300px-Winlogon_force_start-up.png
accept-ranges: bytes
X-Firefox-Spdy: h2

lurkmore.wtf/images/thumb/f/f1/Taskmgr_ex.png/300px-Taskmgr_ex.png

65.109.86.69

200 OK

66 kB

URL HTTP/2
lurkmore.wtf/images/thumb/f/f1/Taskmgr_ex.png/300px-Taskmgr_ex.png
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 300 x 303, 8-bit/color RGBA, non-interlaced\012- data
Size
66 kB (65776 bytes)
Hash
df890c81a411ec6fb6bdd2c7520ed367
d49a46b11910e1b103542977f124e4dc75ba4c67
632fa0f8539d5f75040e0bd9f10b61c946b1f702364a90360378365f75b2480e

HTTP Headers

GET /images/thumb/f/f1/Taskmgr_ex.png/300px-Taskmgr_ex.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/png
content-length: 65776
last-modified: Wed, 07 Dec 2022 07:45:27 GMT
etag: "63904497-100f0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/images/thumb/f/f1/Taskmgr_ex.png/300px-Taskmgr_ex.png
accept-ranges: bytes
X-Firefox-Spdy: h2

matomo.redthread.studio/matomo.php?action_name=winlogon.exe%20%E2%80%94%20Lurkmore&idsite=1&rec=1&r=640875&h=12&m=38&s=8&url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&_id=1a294521202f9d56&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=NU7ZSF&pf_net=97&pf_srv=89&pf_tfr=1&pf_dm1=237&uadata=%7B%7D

65.109.86.69

204 No Content

0 B

URL HTTP/2
matomo.redthread.studio/matomo.php?action_name=winlogon.exe%20%E2%80%94%20Lurkmore&idsite=1&rec=1&r=640875&h=12&m=38&s=8&url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&_id=1a294521202f9d56&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=NU7ZSF&pf_net=97&pf_srv=89&pf_tfr=1&pf_dm1=237&uadata=%7B%7D
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /matomo.php?action_name=winlogon.exe%20%E2%80%94%20Lurkmore&idsite=1&rec=1&r=640875&h=12&m=38&s=8&url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&_id=1a294521202f9d56&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=NU7ZSF&pf_net=97&pf_srv=89&pf_tfr=1&pf_dm1=237&uadata=%7B%7D HTTP/1.1
Host: matomo.redthread.studio
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
x-country-code: NO
x-country-name: Norway
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data:
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
x-robots-tag: none
x-download-options: noopen
access-control-allow-origin: https://lurkmore.wtf, *
cross-origin-embedder-policy: *
cross-origin-opener-policy: *
referrer-policy: origin
x-content-type-options: nosniff, nosniff
x-xss-protection: 0, 1; mode=block
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 11:41:42 GMT
age: 3370
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

lurkmore.wtf/skins/common/images/favicon/apple-touch-icon.png

65.109.86.69

200 OK

3.5 kB

URL HTTP/2
lurkmore.wtf/skins/common/images/favicon/apple-touch-icon.png
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 180 x 180, 8-bit gray+alpha, non-interlaced\012- data
Size
3.5 kB (3508 bytes)
Hash
00f44e5080080781f94f30389aa56512
523f50cde07db17579fe0771737f174dc5f57026
78edcfef5063cbcd471c861a7f0f99c5b8887b6761026d24149541a2b24caf10

HTTP Headers

GET /skins/common/images/favicon/apple-touch-icon.png HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/png
content-length: 3508
last-modified: Wed, 07 Dec 2022 18:04:34 GMT
etag: "6390d5b2-db4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/common/images/favicon/apple-touch-icon.png
accept-ranges: bytes
X-Firefox-Spdy: h2

lurkmore.wtf/skins/common/images/favicon/favicon.svg

65.109.86.69

200 OK

523 B

URL HTTP/2
lurkmore.wtf/skins/common/images/favicon/favicon.svg
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
523 B (523 bytes)
Hash
e3935041ae4cb83dc21fb1bfdccdb417
ffdff84bd7b1ca918c8fcc5ecca46f265dc73e2b
5a1f40b79f52434723d182db8bd48430ad531314a579fbbee853a8a17c0c849a

HTTP Headers

GET /skins/common/images/favicon/favicon.svg HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: image/svg+xml
content-length: 523
last-modified: Wed, 07 Dec 2022 18:04:34 GMT
etag: "6390d5b2-20b"
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/skins/common/images/favicon/favicon.svg
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.globalsign.com/gseccovsslca2018

104.18.20.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
5f372a210a2bae7b82926f96f964521b
100fcfffd0b2be743061df713f512de664692c11
97ea333b4b8abb128fd88fd338bbbec67a8b089fc15a4712701361671eeeb4ee

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 12:37:52 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sat, 04 Feb 2023 09:07:56 GMT
ETag: "100fcfffd0b2be743061df713f512de664692c11"
Last-Modified: Tue, 31 Jan 2023 09:07:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1953
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7922804aeb86b51e-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4536
Expires: Tue, 31 Jan 2023 13:53:28 GMT
Date: Tue, 31 Jan 2023 12:37:52 GMT
Connection: keep-alive

mc.yandex.ru/metrika/tag.js

77.88.21.119

200 OK

74 kB

URL HTTP/2
mc.yandex.ru/metrika/tag.js
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Size
74 kB (73769 bytes)
Hash
a236c7014c1f1a1e52d356f59e5d665a
b66c638eb2346287364c37725819bbab1f409d66
ad2d57579e453af0eac49156840bcd1dcfbd802a82135af98f41f714d7e698f2

HTTP Headers

GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 73769
date: Tue, 31 Jan 2023 12:37:52 GMT
access-control-allow-origin: *
etag: "63c93a4b-12029"
expires: Tue, 31 Jan 2023 13:37:52 GMT
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.160.32.147

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.160.32.147:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m/sLjUUFR+LwSmvLJmL4YA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CTlwBKt0zocpo0qJi4FEPldBvEs=

mc.yandex.ru/metrika/advert.gif

77.88.21.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/metrika/advert.gif
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Tue, 31 Jan 2023 12:37:52 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Tue, 31 Jan 2023 13:37:52 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/91155547/1?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29

77.88.21.119

200 OK

407 B

URL HTTP/2
mc.yandex.ru/watch/91155547/1?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Size
407 B (407 bytes)
Hash
2e02682385bc3da9f247d273583a38e9
e8394e90fb6a1ac149bc0529ffaaf0043c4133af
0cdc6165de0ca8753dace73c2af0936b492bdc89066d23d4df9e014bf827a4bd

HTTP Headers

GET /watch/91155547/1?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Referer: https://lurkmore.wtf/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 407
date: Tue, 31 Jan 2023 12:37:52 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://lurkmore.wtf
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 12:37:52 GMT
last-modified: Tue, 31-Jan-2023 12:37:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-S7F6YJVLPS&gtm=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-S7F6YJVLPS&gtm=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-S7F6YJVLPS&gtm=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://lurkmore.wtf
date: Tue, 31 Jan 2023 12:37:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-ECRM93CDBX&gtm=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-ECRM93CDBX&gtm=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-ECRM93CDBX&gtm=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: https://lurkmore.wtf
date: Tue, 31 Jan 2023 12:37:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-0EFNHM40WN&gtm=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-0EFNHM40WN&gtm=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-0EFNHM40WN&gtm=2oe1p0&_p=1060657243&cid=1996508158.1675168689&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675168689&sct=1&seg=0&dl=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&dt=winlogon.exe%20%E2%80%94%20Lurkmore&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://lurkmore.wtf
date: Tue, 31 Jan 2023 12:37:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2211
Expires: Tue, 31 Jan 2023 13:14:44 GMT
Date: Tue, 31 Jan 2023 12:37:53 GMT
Connection: keep-alive

mc.yandex.ru/watch/91155547?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)

77.88.21.119

302 Found

503 B

URL HTTP/2
mc.yandex.ru/watch/91155547?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

GET /watch/91155547?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lurkmore.wtf
Connection: keep-alive
Referer: https://lurkmore.wtf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
location: /watch/91155547/1?wmode=7&page-url=https%3A%2F%2Flurkmore.wtf%2FWinlogon.exe&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A923%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1653637464761%3Ahid%3A473820103%3Az%3A0%3Ai%3A20230131123809%3Aet%3A1675168690%3Ac%3A1%3Arn%3A811560147%3Arqn%3A1%3Au%3A1675168690805555117%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C45%2C91%2C0%2C323%2C0%2C%2C255%2C2%2C%2C%2C%2C918%3Aco%3A0%3Ans%3A1675168688015%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675168690%3At%3Awinlogon.exe%20%E2%80%94%20Lurkmore&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Tue, 31 Jan 2023 12:37:52 GMT
access-control-allow-origin: https://lurkmore.wtf
set-cookie: yabs-sid=2074902601675168672; Path=/; SameSite=None; Secure
i=3H3TpDzAdi0o7wRRDKI0951OfXXeKvP/a1ZQuCtBuvDde3GPUEan+3hPklm7i0KEVvBITzmUBx/bO3/LIgtIGk+l+Jw=; Expires=Fri, 28-Jan-2033 12:37:48 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=7237426881675168672; Expires=Wed, 31-Jan-2024 12:37:52 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7237426881675168672; Expires=Wed, 31-Jan-2024 12:37:52 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706704672.yc.1675168672#1706704672.yrts.1675168672#1706704672.yrtsi.1675168672; Expires=Wed, 31-Jan-2024 12:37:52 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 12:37:52 GMT
last-modified: Tue, 31-Jan-2023 12:37:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2211
Expires: Tue, 31 Jan 2023 13:14:44 GMT
Date: Tue, 31 Jan 2023 12:37:53 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8558 bytes)
Hash
e6f9ffb8f9e99229b45ca5fdb84ce7d5
04577ad69ee9749b14382254eb5bbf0e1edcd7fa
6111acf3f363123b39d13cd3d23ab39b8c8d00379874f19231d1cd3da17c52c2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8558
x-amzn-requestid: 2841cd36-22e6-4ecb-b56a-bfadce3197c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_BFA8IAMFyvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e393-3fd03bd14de762b0738a3b0a;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R29JYq4Z8V_Xuq2no0bKxk1K6h2PmTO5OSxzMa4zppDVk3j9rO9aTw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:24:36 GMT
age: 33197
etag: "04577ad69ee9749b14382254eb5bbf0e1edcd7fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11129 bytes)
Hash
2797bfd35b7ec24888de84be14f7f2ec
8e315ac5856967286eaa8769e081d827fb4ca39e
b99f3bd73eb4395194bc7bb6a1b801750182239e5b70f3207f99e494b60b72ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11129
x-amzn-requestid: 74f2a4dd-7d5d-4839-90a8-d2e74f6d785d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffDBZGRPoAMFedg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e53b-3de444596550bb41188ada5b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:17:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9Fga247EZZqiGmdMJ72resdBZR2KLgflGDBPESmuw9cFVs4hSzMzTw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:50:52 GMT
age: 31621
etag: "8e315ac5856967286eaa8769e081d827fb4ca39e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9987 bytes)
Hash
2c4934be94898028e2ab696561b51462
6cf734e2d29938688913daacfb75506d8e004a94
239adcbb538b7a6d1483c65c7694d4a9f9fa9cadf456ab5681c4b764185e3596

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 67109f87-6073-4991-b540-cdeedc2d7b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flYlPF9uIAMFXMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86e21-60ac2c7b37c72e6e54a5c69d;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:25:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Gif_csWkacU59D_hnOrJpK6u2aPI8Ylf2JyQEJZ2RLNMCrXSmmMa9w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:56:35 GMT
age: 38478
etag: "6cf734e2d29938688913daacfb75506d8e004a94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13853 bytes)
Hash
d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUGjUSIkoacdmaO1jnMwIuNMONhjyVfAIcTQ3B5d5da_g9eEnCtW7g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:17 GMT
age: 53376
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10898 bytes)
Hash
4a2d26da68a313cc65958fc2692351c2
798c3538f3147ca77d317676ddd1bf040bd0f93b
76ce30224803d680c0115e987a712ce5552b2760beadf796a96b17439fb20797

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10898
x-amzn-requestid: e29f8dfc-07d4-4136-afaf-e1e067eea2ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxGshIAMFw5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-5e87d2a44722af9e4e86c3d4;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XYo_QvM8GWDyulOtUb5nVjS9PxOinaRJ3lYvCreeqd_9tHI5yv5xcQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:21 GMT
age: 53372
etag: "798c3538f3147ca77d317676ddd1bf040bd0f93b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

lurkmore.wtf/load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42

65.109.86.69

200 OK

32 kB

URL HTTP/2
lurkmore.wtf/load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
32 kB (31540 bytes)
Hash
b5b83160bf1e95c33abe2b11003e788d
c7c62f242b6d2d306c6f4627437d1a671e54069e
3761d55aad8bbdef466cb987db44f1ad629a1227e5ce623abf6d412531159546

HTTP Headers

GET /load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1; _ga_S7F6YJVLPS=GS1.1.1675168689.1.0.1675168689.0.0.0; _ga=GA1.1.1996508158.1675168689; _ga_0EFNHM40WN=GS1.1.1675168689.1.0.1675168689.0.0.0; _ga_ECRM93CDBX=GS1.1.1675168689.1.0.1675168689.0.0.0; _ym_uid=1675168690805555117; _ym_d=1675168690
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
etag: W/"1sd42"
cache-control: public, max-age=2592000, s-maxage=2592000
expires: Thu, 02 Mar 2023 12:37:51 GMT
x-request-id: a348eb23888ff2e8d459e20a
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=ext.popups.icons%2Cimages%2Cmain%7Cmediawiki.Uri%2Cexperiments%7Cmediawiki.ui.checkbox&skin=vector&version=1sd42
content-encoding: gzip
X-Firefox-Spdy: h2

lurkmore.wtf/load.php?lang=ru&modules=UC.ajaxed%2Ccollapsiblesidebar%2Cgallerymodify%2Cmorphobjects%2Cprettyphotify%2Cqueue%2Csectionmenus%2Cslimscroll%7Cext.popups%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Coojs-router%2Csite%7Cjquery.client%2Ccookie%7Cmediawiki.String%2CTitle%2Capi%2Cbase%2Ccldr%2Ccookie%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.ui.button%2Cicon%7Cmmv.bootstrap%2Chead%7Cmmv.bootstrap.autostart%7Cskins.vector.legacy.js&skin=vector&version=85a3e

65.109.86.69

200 OK

0 B

URL HTTP/2
lurkmore.wtf/load.php?lang=ru&modules=UC.ajaxed%2Ccollapsiblesidebar%2Cgallerymodify%2Cmorphobjects%2Cprettyphotify%2Cqueue%2Csectionmenus%2Cslimscroll%7Cext.popups%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Coojs-router%2Csite%7Cjquery.client%2Ccookie%7Cmediawiki.String%2CTitle%2Capi%2Cbase%2Ccldr%2Ccookie%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.ui.button%2Cicon%7Cmmv.bootstrap%2Chead%7Cmmv.bootstrap.autostart%7Cskins.vector.legacy.js&skin=vector&version=85a3e
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /load.php?lang=ru&modules=UC.ajaxed%2Ccollapsiblesidebar%2Cgallerymodify%2Cmorphobjects%2Cprettyphotify%2Cqueue%2Csectionmenus%2Cslimscroll%7Cext.popups%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Coojs-router%2Csite%7Cjquery.client%2Ccookie%7Cmediawiki.String%2CTitle%2Capi%2Cbase%2Ccldr%2Ccookie%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.ui.button%2Cicon%7Cmmv.bootstrap%2Chead%7Cmmv.bootstrap.autostart%7Cskins.vector.legacy.js&skin=vector&version=85a3e HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
etag: W/"85a3e"
cache-control: public, max-age=2592000, s-maxage=2592000
expires: Thu, 02 Mar 2023 12:37:51 GMT
x-request-id: cfc42b3520393914aa00038b
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=UC.ajaxed%2Ccollapsiblesidebar%2Cgallerymodify%2Cmorphobjects%2Cprettyphotify%2Cqueue%2Csectionmenus%2Cslimscroll%7Cext.popups%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Coojs-router%2Csite%7Cjquery.client%2Ccookie%7Cmediawiki.String%2CTitle%2Capi%2Cbase%2Ccldr%2Ccookie%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.ui.button%2Cicon%7Cmmv.bootstrap%2Chead%7Cmmv.bootstrap.autostart%7Cskins.vector.legacy.js&skin=vector&version=85a3e
content-encoding: gzip
X-Firefox-Spdy: h2

lurkmore.wtf/load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector

65.109.86.69

200 OK

0 B

URL HTTP/2
lurkmore.wtf/load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
etag: W/"1bzfh"
cache-control: public, max-age=300, s-maxage=300
expires: Tue, 31 Jan 2023 12:42:50 GMT
x-request-id: fba8b433260ce20de026d0b4
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=startup&only=scripts&raw=1&skin=vector
content-encoding: gzip
X-Firefox-Spdy: h2

lurkmore.wtf/load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67

65.109.86.69

200 OK

0 B

URL HTTP/2
lurkmore.wtf/load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67 HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lurkmore.wtf/Winlogon.exe
Cookie: _pk_id.1.0078=1a294521202f9d56.1675168689.; _pk_ses.1.0078=1; _ga_S7F6YJVLPS=GS1.1.1675168689.1.0.1675168689.0.0.0; _ga=GA1.1.1996508158.1675168689; _ga_0EFNHM40WN=GS1.1.1675168689.1.0.1675168689.0.0.0; _ga_ECRM93CDBX=GS1.1.1675168689.1.0.1675168689.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-content-type-options: nosniff
etag: W/"j6c67"
cache-control: public, max-age=2592000, s-maxage=2592000
expires: Thu, 02 Mar 2023 12:37:51 GMT
x-request-id: db9b726e1c4ef0b0589cb28c
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/load.php?lang=ru&modules=UC.tablecollapsers&skin=vector&version=j6c67
content-encoding: gzip
X-Firefox-Spdy: h2

lurkmore.wtf/Winlogon.exe

65.109.86.69

200 OK

0 B

URL HTTP/2
lurkmore.wtf/Winlogon.exe
IP
65.109.86.69:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious winlogin.exe in URI

HTTP Headers

GET /Winlogon.exe HTTP/1.1
Host: lurkmore.wtf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 12:37:50 GMT
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-language: ru
vary: Accept-Encoding, Accept-Encoding, Cookie
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: private, must-revalidate, max-age=0
last-modified: Mon, 30 Jan 2023 12:37:50 GMT
x-request-id: 7def6fa7fb2b163343de539a
onion-location: http://p4ki2fawgxocgnulzu2kzn7xa7txnjyc4ybhqriz3hte5t5v3vec23yd.onion/Winlogon.exe
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML