Report - 146.190.228.148/gGsS7C?click

Report Overview

Submitted URL
146.190.228.148/gGsS7C?click_id=3l9o1omg5c9
IP
146.190.228.148
ASN
#0
Submitted
2022-09-14 20:27:38
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.86.38.2
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	79 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
humadecure.gq	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	167 kB	160.20.147.80
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	23.36.76.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	347 B	1.4 kB	104.18.21.226
mc.yandex.ru	2672	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	76 kB	93.158.134.119
146.190.228.148	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	362 B	804 B	146.190.228.148
svntrk.com	105291	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	718 B	172.67.197.110

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-14	medium	humadecure.gq	Sinkholed
2022-09-14	medium	humadecure.gq	Sinkholed
2022-09-14	medium	humadecure.gq	Sinkholed
2022-09-14	medium	humadecure.gq	Sinkholed
2022-09-14	medium	humadecure.gq	Sinkholed

JavaScript (6)

	URL	Size	First Seen	Last Seen
	humadecure.gq/?s1=mqmq&s3=el	505 B	2023-03-07	2023-03-17
Pretty URL humadecure.gq/?s1=mqmq&s3=el IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:01 Last Seen2023-03-17 12:48:05 Times Seen1 Hash a4bdf73d6c7cffc574d06bd074029acc 4d594f31e6c4bfcbb278cb4989a316293666b665 b1539b6b56f3239fc24b36f63e7e433e01df8c8d864e461c7a209debda8df2c4 Loading...

	mc.yandex.ru/metrika/tag.js	210 kB	2023-03-07	2023-06-09
Pretty URL mc.yandex.ru/metrika/tag.js IP 93.158.134.119 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2023-06-09 03:58:24 Times Seen15 Hash c55e9c553440071325733dd0021e9157 6e16274257eab27a3c38e759ba7200c9e0faff45 4325463d5c17aebbc147fb20c300203304a6d06cbe4d8bfbff402ef6a9a5c8cc Loading...

	svntrk.com/assets/mqmq_6322392f506ec.js	0 B	2023-03-07	2024-04-23
Pretty URL svntrk.com/assets/mqmq_6322392f506ec.js IP 172.67.197.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 23:00:06 Times Seen37026380 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	humadecure.gq/?s1=mqmq&s3=el	392 B	2023-03-07	2023-03-10
Pretty URL humadecure.gq/?s1=mqmq&s3=el IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:41:45 Last Seen2023-03-10 20:16:06 Times Seen1 Hash 4540806d70d19f5f724b75652fab46de 21df3531b50c5f86dbae293afcf05163ecf8dcd2 2b1b73c4a8bb2d6d60c734f56962a24f4da85bf98299517953de5a161ff0e6b4 Loading...

	humadecure.gq/landings/32/js/vendor.js	99 kB	2023-03-07	2023-03-17
Pretty URL humadecure.gq/landings/32/js/vendor.js IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:01 Last Seen2023-03-17 12:46:23 Times Seen1 Hash 8ce8d4894185981072382b7da89a6703 396a0d229712335e96c2a66f8ebcf67dfca9fc7e 0cf2a33968a1f3efec0c5c9163a95ffdf0e86f5d4d0a919344f4f7834023a565 Loading...

	humadecure.gq/?s1=mqmq&s3=el	695 B	2023-03-07	2023-03-10
Pretty URL humadecure.gq/?s1=mqmq&s3=el IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:41:45 Last Seen2023-03-10 20:16:06 Times Seen1 Hash 887fb10c0dfd6a568187c2788a8585fc 335d8c673349030ac38f737802896fda6760e586 8d76a66e72e5330a6110de7d377690a5a694668a6102aa434d4450a37209de09 Loading...

HTTP Transactions (33)

URL IP Response Size

146.190.228.148/gGsS7C?click_id=3l9o1omg5c9

146.190.228.148

302 Found

0 B

URL HTTP/1.1
146.190.228.148/gGsS7C?click_id=3l9o1omg5c9
IP
146.190.228.148:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gGsS7C?click_id=3l9o1omg5c9 HTTP/1.1
Host: 146.190.228.148
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Wed, 14 Sep 2022 20:27:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 14 Sep 2022 20:27:26 GMT
Location: http://humadecure.gq?s1=mqmq&s3=el
Pragma: no-cache
Set-Cookie: _subid=376l60jmg5ev;Expires=Saturday, 15-Oct-2022 20:27:26 GMT;Max-Age=2678400;Path=/
b15e4=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0NFwiOjE2NjMxODcyNDZ9LFwiY2FtcGFpZ25zXCI6e1wiNDJcIjoxNjYzMTg3MjQ2fSxcInRpbWVcIjoxNjYzMTg3MjQ2fSJ9.OxLbWYaiKJ24TMpZQjZC0DZxFmZvVHMAnBuF3BIJLPY;Expires=Thursday, 30-May-2075 16:54:52 GMT;Max-Age=1663273646;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14013
Expires: Thu, 15 Sep 2022 00:21:00 GMT
Date: Wed, 14 Sep 2022 20:27:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 14 Sep 2022 20:09:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: E3ZV-DiTPZkkobJrqwvAWxmcd2042SyK3kQ--njjnxpmntdHv8DcWw==
Age: 1064

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 14 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Fc2Q1zkeRNRH9QF4gVE1H6V3FQSiZRaCLagBIygAlP6GZUmp3C3rAA==
age: 57132
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 14 Sep 2022 20:27:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

humadecure.gq/?s1=mqmq&s3=el

160.20.147.80

200 OK

4.1 kB

URL HTTP/1.1
humadecure.gq/?s1=mqmq&s3=el
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
4.1 kB (4067 bytes)
Hash
ad76b40fc875241320cc71b61e03f7c6
7a8419e5be7eb76d66c77d67c17b6fbe1582fba5
77fd77d820f5d7c9f5c7fccc1d9344b002d40445eed980a963a5f6076767c889

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?s1=mqmq&s3=el HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 14 Sep 2022 20:27:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlZXaUZRVmpwZVNBWW01eTVrMG9rcXc9PSIsInZhbHVlIjoiVmtFaDFycmlMbUFSZlVadEtZRnJEU1kxQS9CTjM5bnFlMXJ5VUZDRDF4ejhzZkZoZXNIUC9JbnJyQkw2NlJXTyIsIm1hYyI6IjFmZGQ5ZGExNGUyOTQyYzljNDM4NzQ1YjEwOWM0NjQ3OGE0YWQ0M2YyNDMwYmYxY2VmOTk3ZThkOGM5ZDIxYmQifQ%3D%3D; expires=Wed, 14-Sep-2022 22:27:27 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6Ik9VbFhpQ1RtVEZ0UmkvaS8vczNlR1E9PSIsInZhbHVlIjoiVklBMHp0eEY5MGVrSXpZb1p4WFNJbXBaZzZyVmZQa0NTN0RKMnlwNE9LOXJZeGxJMC91eDZRWVZCaGIveFJaVSIsIm1hYyI6ImM4OGFiOWIxOWVjYzEwMDQ4YTUyZDcwMmUyNzVkNWVkMzljZjY4MDNjM2YxNWU0NzA3MjY5MTA3ZGE3MmYyZmMifQ%3D%3D; expires=Wed, 14-Sep-2022 22:27:27 GMT; Max-Age=7200; path=/; httponly; samesite=lax
SRVNAME=w2; path=/

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
e72bb49efa7bc859bdcc87ca9df1027b
0a3a23ba645c3db69311830613dfb82d7ffb8b70
6c95afc60160e40891d62d9d3403b2bc9959f780c3cc6f88d92183d7893967a0

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6C95AFC60160E40891D62D9D3403B2BC9959F780C3CC6F88D92183D7893967A0"
Last-Modified: Mon, 12 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3953
Expires: Wed, 14 Sep 2022 21:33:20 GMT
Date: Wed, 14 Sep 2022 20:27:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 14 Sep 2022 20:03:22 GMT
Expires: Wed, 14 Sep 2022 20:10:45 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0rEdIN5I6Qxb6ELxaBBC1LvnZZ7uJrfs_6WFM0sazpMMWkmOeDFJsw==
Age: 1445

humadecure.gq/landings/32/fonts/vendor.css

160.20.147.80

200 OK

8.0 kB

URL HTTP/1.1
humadecure.gq/landings/32/fonts/vendor.css
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
ASCII text, with very long lines (7950), with no line terminators
Size
8.0 kB (7950 bytes)
Hash
cb4582e86d97c62ebd0dfb8bba2d0b32
162458e0bd1b8e1c6c118e13c7641acedb2eab30
484783c57ccc3df9d2a9b6997b5082b2be12dab206be2d8c0bb4f01d8d4b3d42

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /landings/32/fonts/vendor.css HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/?s1=mqmq&s3=el
Cookie: XSRF-TOKEN=eyJpdiI6IlZXaUZRVmpwZVNBWW01eTVrMG9rcXc9PSIsInZhbHVlIjoiVmtFaDFycmlMbUFSZlVadEtZRnJEU1kxQS9CTjM5bnFlMXJ5VUZDRDF4ejhzZkZoZXNIUC9JbnJyQkw2NlJXTyIsIm1hYyI6IjFmZGQ5ZGExNGUyOTQyYzljNDM4NzQ1YjEwOWM0NjQ3OGE0YWQ0M2YyNDMwYmYxY2VmOTk3ZThkOGM5ZDIxYmQifQ%3D%3D; laravel_session=eyJpdiI6Ik9VbFhpQ1RtVEZ0UmkvaS8vczNlR1E9PSIsInZhbHVlIjoiVklBMHp0eEY5MGVrSXpZb1p4WFNJbXBaZzZyVmZQa0NTN0RKMnlwNE9LOXJZeGxJMC91eDZRWVZCaGIveFJaVSIsIm1hYyI6ImM4OGFiOWIxOWVjYzEwMDQ4YTUyZDcwMmUyNzVkNWVkMzljZjY4MDNjM2YxNWU0NzA3MjY5MTA3ZGE3MmYyZmMifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 14 Sep 2022 20:27:27 GMT
Content-Type: text/css
Content-Length: 7950
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:11 GMT
etag: "62e3c71b-1f0e"
accept-ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d3ac56507d17ffff5e8b486406985d68
17d26336cd8ea65af3f23db166945f1b3fbbfbab
e7e321340eed681c1269f715b0214e1511d5762fffbe930e7c157b800afa9a39

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4567
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 20:27:27 GMT
Last-Modified: Wed, 14 Sep 2022 19:11:20 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
e72bb49efa7bc859bdcc87ca9df1027b
0a3a23ba645c3db69311830613dfb82d7ffb8b70
6c95afc60160e40891d62d9d3403b2bc9959f780c3cc6f88d92183d7893967a0

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6C95AFC60160E40891D62D9D3403B2BC9959F780C3CC6F88D92183D7893967A0"
Last-Modified: Mon, 12 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3953
Expires: Wed, 14 Sep 2022 21:33:20 GMT
Date: Wed, 14 Sep 2022 20:27:27 GMT
Connection: keep-alive

humadecure.gq/landings/32/js/vendor.js

160.20.147.80

200 OK

99 kB

URL HTTP/1.1
humadecure.gq/landings/32/js/vendor.js
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
99 kB (99445 bytes)
Hash
8ce8d4894185981072382b7da89a6703
396a0d229712335e96c2a66f8ebcf67dfca9fc7e
0cf2a33968a1f3efec0c5c9163a95ffdf0e86f5d4d0a919344f4f7834023a565

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /landings/32/js/vendor.js HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/?s1=mqmq&s3=el
Cookie: XSRF-TOKEN=eyJpdiI6IlZXaUZRVmpwZVNBWW01eTVrMG9rcXc9PSIsInZhbHVlIjoiVmtFaDFycmlMbUFSZlVadEtZRnJEU1kxQS9CTjM5bnFlMXJ5VUZDRDF4ejhzZkZoZXNIUC9JbnJyQkw2NlJXTyIsIm1hYyI6IjFmZGQ5ZGExNGUyOTQyYzljNDM4NzQ1YjEwOWM0NjQ3OGE0YWQ0M2YyNDMwYmYxY2VmOTk3ZThkOGM5ZDIxYmQifQ%3D%3D; laravel_session=eyJpdiI6Ik9VbFhpQ1RtVEZ0UmkvaS8vczNlR1E9PSIsInZhbHVlIjoiVklBMHp0eEY5MGVrSXpZb1p4WFNJbXBaZzZyVmZQa0NTN0RKMnlwNE9LOXJZeGxJMC91eDZRWVZCaGIveFJaVSIsIm1hYyI6ImM4OGFiOWIxOWVjYzEwMDQ4YTUyZDcwMmUyNzVkNWVkMzljZjY4MDNjM2YxNWU0NzA3MjY5MTA3ZGE3MmYyZmMifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 14 Sep 2022 20:27:27 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 99445
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:11 GMT
etag: "62e3c71b-18475"
accept-ranges: bytes

push.services.mozilla.com/

35.86.38.2

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.86.38.2:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AFzo+lqrDWHxyLnwc1qaAg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BKOVN5lYDAGBnn6P3LV+AH8i7zs=

ocsp.globalsign.com/gseccovsslca2018

104.18.21.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
026365b372d558b173ba66d897098019
f0880188dabed7f2ec941d5dd16a1d3076debedd
442ddcf022677c1d12ca846b9dd05589ab285e5840179550add7cd48f1d36354

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 14 Sep 2022 20:27:28 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sun, 18 Sep 2022 18:19:32 GMT
ETag: "f0880188dabed7f2ec941d5dd16a1d3076debedd"
Last-Modified: Wed, 14 Sep 2022 18:19:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 941
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74abdd0d7ccfb524-OSL

humadecure.gq/landings/32/img/bg2.webp

160.20.147.80

200 OK

53 kB

URL HTTP/1.1
humadecure.gq/landings/32/img/bg2.webp
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1366x1232, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
53 kB (53404 bytes)
Hash
df261bf4967ec0a72e8b656afbd40728
a0ff4eea777ef0ae7196fe9451a4e73f2f8d4129
0347c56a9cba3df0bf37665d0aafb7b50ae396d262786c191326a73e8489c67f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /landings/32/img/bg2.webp HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/landings/32/fonts/vendor.css
Cookie: XSRF-TOKEN=eyJpdiI6IlZXaUZRVmpwZVNBWW01eTVrMG9rcXc9PSIsInZhbHVlIjoiVmtFaDFycmlMbUFSZlVadEtZRnJEU1kxQS9CTjM5bnFlMXJ5VUZDRDF4ejhzZkZoZXNIUC9JbnJyQkw2NlJXTyIsIm1hYyI6IjFmZGQ5ZGExNGUyOTQyYzljNDM4NzQ1YjEwOWM0NjQ3OGE0YWQ0M2YyNDMwYmYxY2VmOTk3ZThkOGM5ZDIxYmQifQ%3D%3D; laravel_session=eyJpdiI6Ik9VbFhpQ1RtVEZ0UmkvaS8vczNlR1E9PSIsInZhbHVlIjoiVklBMHp0eEY5MGVrSXpZb1p4WFNJbXBaZzZyVmZQa0NTN0RKMnlwNE9LOXJZeGxJMC91eDZRWVZCaGIveFJaVSIsIm1hYyI6ImM4OGFiOWIxOWVjYzEwMDQ4YTUyZDcwMmUyNzVkNWVkMzljZjY4MDNjM2YxNWU0NzA3MjY5MTA3ZGE3MmYyZmMifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 14 Sep 2022 20:27:28 GMT
Content-Type: image/webp
Content-Length: 53404
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:11 GMT
etag: "62e3c71b-d09c"
accept-ranges: bytes

humadecure.gq/favicon.ico

160.20.147.80

200 OK

0 B

URL HTTP/1.1
humadecure.gq/favicon.ico
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/?s1=mqmq&s3=el
Cookie: XSRF-TOKEN=eyJpdiI6IlZXaUZRVmpwZVNBWW01eTVrMG9rcXc9PSIsInZhbHVlIjoiVmtFaDFycmlMbUFSZlVadEtZRnJEU1kxQS9CTjM5bnFlMXJ5VUZDRDF4ejhzZkZoZXNIUC9JbnJyQkw2NlJXTyIsIm1hYyI6IjFmZGQ5ZGExNGUyOTQyYzljNDM4NzQ1YjEwOWM0NjQ3OGE0YWQ0M2YyNDMwYmYxY2VmOTk3ZThkOGM5ZDIxYmQifQ%3D%3D; laravel_session=eyJpdiI6Ik9VbFhpQ1RtVEZ0UmkvaS8vczNlR1E9PSIsInZhbHVlIjoiVklBMHp0eEY5MGVrSXpZb1p4WFNJbXBaZzZyVmZQa0NTN0RKMnlwNE9LOXJZeGxJMC91eDZRWVZCaGIveFJaVSIsIm1hYyI6ImM4OGFiOWIxOWVjYzEwMDQ4YTUyZDcwMmUyNzVkNWVkMzljZjY4MDNjM2YxNWU0NzA3MjY5MTA3ZGE3MmYyZmMifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 14 Sep 2022 20:27:28 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:09 GMT
etag: "62e3c719-0"
accept-ranges: bytes

mc.yandex.ru/metrika/tag.js

93.158.134.119

200 OK

72 kB

URL HTTP/2
mc.yandex.ru/metrika/tag.js
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (681)
Size
72 kB (71985 bytes)
Hash
034d4604beaddff5783b9878fadfaee6
64d5e1e0dbbbd62d6a64349dd964763b7ab4cbea
f8a957ee3468693f465da61d899438a2b674369b80c9d5c9ffff1111a7091290

HTTP Headers

GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 71985
date: Wed, 14 Sep 2022 20:27:28 GMT
access-control-allow-origin: *
etag: "63216d10-11931"
expires: Wed, 14 Sep 2022 21:27:28 GMT
last-modified: Wed, 14 Sep 2022 08:56:32 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/metrika/advert.gif

93.158.134.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/metrika/advert.gif
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Wed, 14 Sep 2022 20:27:28 GMT
access-control-allow-origin: *
etag: "63216d10-2b"
expires: Wed, 14 Sep 2022 21:27:28 GMT
accept-ranges: bytes
last-modified: Wed, 14 Sep 2022 08:56:32 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/54239065?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1202%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A129016346626%3Ahid%3A790674331%3Az%3A0%3Ai%3A20220914202714%3Aet%3A1663187234%3Ac%3A1%3Arn%3A690175311%3Arqn%3A1%3Au%3A1663187234667878766%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663187232411%3Ads%3A25%2C25%2C240%2C1%2C312%2C0%2C%2C553%2C2%2C%2C%2C%2C1201%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663187234%3At%3AGirl&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)

93.158.134.119

302 Found

419 B

URL HTTP/2
mc.yandex.ru/watch/54239065?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1202%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A129016346626%3Ahid%3A790674331%3Az%3A0%3Ai%3A20220914202714%3Aet%3A1663187234%3Ac%3A1%3Arn%3A690175311%3Arqn%3A1%3Au%3A1663187234667878766%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663187232411%3Ads%3A25%2C25%2C240%2C1%2C312%2C0%2C%2C553%2C2%2C%2C%2C%2C1201%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663187234%3At%3AGirl&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Size
419 B (419 bytes)
Hash
b110962710a0ee1815180d38567063bb
4031971dc5394fb8427715a9e6daa14d31144a8e
93b1d4b8d54442b612c6625aa0b4a0c4e5994213b48d6d40dfcf36e0d84c4561

HTTP Headers

GET /watch/54239065?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1202%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A129016346626%3Ahid%3A790674331%3Az%3A0%3Ai%3A20220914202714%3Aet%3A1663187234%3Ac%3A1%3Arn%3A690175311%3Arqn%3A1%3Au%3A1663187234667878766%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663187232411%3Ads%3A25%2C25%2C240%2C1%2C312%2C0%2C%2C553%2C2%2C%2C%2C%2C1201%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663187234%3At%3AGirl&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://humadecure.gq
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
location: /watch/54239065/1?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1202%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A129016346626%3Ahid%3A790674331%3Az%3A0%3Ai%3A20220914202714%3Aet%3A1663187234%3Ac%3A1%3Arn%3A690175311%3Arqn%3A1%3Au%3A1663187234667878766%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663187232411%3Ads%3A25%2C25%2C240%2C1%2C312%2C0%2C%2C553%2C2%2C%2C%2C%2C1201%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663187234%3At%3AGirl&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 14 Sep 2022 20:27:28 GMT
access-control-allow-origin: http://humadecure.gq
set-cookie: yandexuid=6862169531663187248; Expires=Thu, 14-Sep-2023 20:27:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6862169531663187248; Expires=Thu, 14-Sep-2023 20:27:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1232133051663187248; Path=/; SameSite=None; Secure
i=3NQcRqhlm722LN0xiWXqMxaMNnDxUq2+B6mao5x29uQlWeKu/wxFneeELwAF6rz/YapfrbD6tlWhW5zYKWaJRzqCboE=; Expires=Sat, 11-Sep-2032 20:27:25 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1694723248.yrts.1663187248#1694723248.yrtsi.1663187248; Expires=Thu, 14-Sep-2023 20:27:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 20:27:28 GMT
last-modified: Wed, 14-Sep-2022 20:27:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/54239065/1?page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&hittoken=1663187248_20d4ff4a72a545259f6dd67a28e3b057646199d7b085325d18bdb7360ab87ff3&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A129016346626%3Ahid%3A790674331%3Az%3A0%3Ai%3A20220914202714%3Aet%3A1663187234%3Ac%3A1%3Arn%3A1039903921%3Arqn%3A2%3Au%3A1663187234667878766%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Apri%3A1%3Aeu%3A1%3Ans%3A1663187232411%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1876%2C1876%2C0%2C%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663187234&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)

93.158.134.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/54239065/1?page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&hittoken=1663187248_20d4ff4a72a545259f6dd67a28e3b057646199d7b085325d18bdb7360ab87ff3&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A129016346626%3Ahid%3A790674331%3Az%3A0%3Ai%3A20220914202714%3Aet%3A1663187234%3Ac%3A1%3Arn%3A1039903921%3Arqn%3A2%3Au%3A1663187234667878766%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Apri%3A1%3Aeu%3A1%3Ans%3A1663187232411%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1876%2C1876%2C0%2C%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663187234&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/54239065/1?page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&hittoken=1663187248_20d4ff4a72a545259f6dd67a28e3b057646199d7b085325d18bdb7360ab87ff3&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A129016346626%3Ahid%3A790674331%3Az%3A0%3Ai%3A20220914202714%3Aet%3A1663187234%3Ac%3A1%3Arn%3A1039903921%3Arqn%3A2%3Au%3A1663187234667878766%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Apri%3A1%3Aeu%3A1%3Ans%3A1663187232411%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1876%2C1876%2C0%2C%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663187234&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 142
Origin: http://humadecure.gq
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Wed, 14 Sep 2022 20:27:28 GMT
access-control-allow-origin: http://humadecure.gq
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 20:27:28 GMT
last-modified: Wed, 14-Sep-2022 20:27:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3049
Expires: Wed, 14 Sep 2022 21:18:18 GMT
Date: Wed, 14 Sep 2022 20:27:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3049
Expires: Wed, 14 Sep 2022 21:18:18 GMT
Date: Wed, 14 Sep 2022 20:27:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3049
Expires: Wed, 14 Sep 2022 21:18:18 GMT
Date: Wed, 14 Sep 2022 20:27:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3049
Expires: Wed, 14 Sep 2022 21:18:18 GMT
Date: Wed, 14 Sep 2022 20:27:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3049
Expires: Wed, 14 Sep 2022 21:18:18 GMT
Date: Wed, 14 Sep 2022 20:27:29 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6078 bytes)
Hash
f2157f7cfbdeb607f28ae51eb090f2c3
33d0dcadaa42179b2eae914c8ad16c9c088afbc9
135cd89c2c82f0f5e53d2612d5eac868c175b28a567a07e63a2073942e36a066

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6078
x-amzn-requestid: e09c099f-5a2d-49d7-b6ab-e16f09c28bd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YavJEEM5IAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f8a0-0fbb7b3d0cd6fbfa04f5a5d2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:39:44 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Rx8KX_QI5I2x7q0gcvxcJX7QzZUe2KkfqAUVR64lEujF4xDEWWDhZQ==
via: 1.1 9b21fd56256eda6d1379e32829c4c446.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:10 GMT
age: 379
etag: "33d0dcadaa42179b2eae914c8ad16c9c088afbc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bb76515-eb77-4f38-aae2-75a885833991.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10407 bytes)
Hash
557695ec8ffeebb0272c099542a14ace
ad627b434e1c3b693d8636675bcea0f8794e0dc2
4d79c7830caa73b921d6abaa97771ab1f4dc8fd709597f01ba04c268c03b6157

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bb76515-eb77-4f38-aae2-75a885833991.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10407
x-amzn-requestid: 4be17f61-3fd7-4a4d-b289-85333fd0da0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YRP82HoHoAMFrQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d2d1e-5dca7660663d099a6dce9099;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 00:34:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: R6dNfVnVRo9WSmdaSYQ1Eo8swZGz1LDTuzBP3_dISBFf70G-nRKQIg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:21 GMT
etag: "ad627b434e1c3b693d8636675bcea0f8794e0dc2"
content-type: image/jpeg
age: 368
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5988 bytes)
Hash
f5befd5bb8e6d5dad2465be69d5a33e4
e5b46c3ca439a09950290cada1af5e27cede10f2
4dc0a3373fb4c1830c4e2420dddbcbe8dceecf10e969cbe8d02368e41207832c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5988
x-amzn-requestid: a0d81c7a-14e3-443d-8fb7-19241f06d3c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yaux0H77IAMF2_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f80b-0fe6fbbe75e891b925f88dc2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sXVy7OFoVpLgfEUTqNaYBESwKOhqP9mG-uOb80Ye6bFb518BB-Panw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:11 GMT
age: 533
etag: "e5b46c3ca439a09950290cada1af5e27cede10f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15547 bytes)
Hash
56811a1a20a467464e1f3da171ef8b14
366b2090d409d694b72b4b4131df46dd65d69c5a
4c208fb88884166adf4ecc5882f75948b4a87d85c76ad6e7137e8edbd125c996

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15547
x-amzn-requestid: a78f7d90-84c3-4198-88bf-1d722c37f09f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv4EUDoAMF13A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-49535e5525606250306488ba;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CWzE6n2U7hSFcSIHX5z76DPIid9pvbOqM6ikOlegBxzbuRThMeLKZA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:11 GMT
age: 378
etag: "366b2090d409d694b72b4b4131df46dd65d69c5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10138 bytes)
Hash
0789404fdbe3613d465d8fa89a63d7b8
0617d2e513097ca415a1d07cd39b1cb64d832ecf
80e55e383f354113c3694bbcc00fd1c544a97079bd3c462f1b90e952c0634bac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10138
x-amzn-requestid: bdf798d9-6729-4363-a900-f32c4041d0c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YU5qsGZ-oAMFQ1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ea311-7b146c0620a83d5c00446f87;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 03:10:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qXiu9j6ht1_T8fMsK5WXU-t7EQGF8tqVDO-wcl4QoFmCQEpdU5mjug==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:10 GMT
age: 379
etag: "0617d2e513097ca415a1d07cd39b1cb64d832ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16b1b829-b672-479c-964a-2f636f65f91e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14151 bytes)
Hash
fef8234ab83f6f8f8b29665f592cbc9f
a3e706d6309e4a9d7b293f2b9255f1550ba5e9b7
569c8c9736026fc310e148d4d74081e96a86245baaa1f784280d44a1cbd25ed0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16b1b829-b672-479c-964a-2f636f65f91e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14151
x-amzn-requestid: d5bc9be4-af3a-40fd-bfc9-1ac4769d2d3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv4GhboAMF2dA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-375df72d2d67582635b9e4ae;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CZRpgjU_AxNYoyeSTOwhJhONl2DS4pvCLJ62RgAFp0flw-kPz3GkpQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 19:32:55 GMT
age: 3274
etag: "a3e706d6309e4a9d7b293f2b9255f1550ba5e9b7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c86775f-a6ef-49b2-85ad-4272db5b9f42.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9467 bytes)
Hash
80786e640acccfa61ef2aaa27a2a95fa
94663318844e6567f2d160d620eb9ed777fba2a3
686348c1aa038c5109c39c3491524a98bcfc5b1559568391ba7fb240a285a064

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c86775f-a6ef-49b2-85ad-4272db5b9f42.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 9467
x-amzn-requestid: d14b460e-2aa5-41c8-9a8b-4da671156014
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv3HJJoAMFWgg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7fe-0643dea6458034ab51d840d5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bpaoKS9MpDIEnACyamR-jJJD_abgkQtbgKLoWB_XsD5j59_z0xDhwg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:01 GMT
age: 395
etag: "94663318844e6567f2d160d620eb9ed777fba2a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

svntrk.com/assets/mqmq_6322392f506ec.js

172.67.197.110

200 OK

0 B

URL HTTP/2
svntrk.com/assets/mqmq_6322392f506ec.js
IP
172.67.197.110:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/mqmq_6322392f506ec.js HTTP/1.1
Host: svntrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 14 Sep 2022 20:27:27 GMT
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: BYPASS
set-cookie: svnimp=6322392fb3534; path=/; secure; httponly; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0L1VcTnegwdvIRTh12W4xAU9HVxb5l7W4LQeYxghtYVLkJwyEOA3l1liV4c5ivIr6wfqA1%2BNn1PIgeUc%2F3xIyWRHwo%2Bi%2FqHeH2GYHo6DFN771nqKfaC0R0afRiMQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74abdd08fe56fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (33)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size