Report - alexatracker.com/?r=aHR0cHM6Ly9kYXRlZXhvdGljLmNvbS9hZ0VBP3VzaWQ9MTlodW83cm1iM3ZxJmVtYWlsPWlzb2NpYXMlNDBwYWxtZXR0bzU3LmNvbSZzdWIxPWNsZWFyJnByaWQ9MTlodW83cm1iM3Zx&h=6863e0b451cf81ac6435291d3985f34d

Report Overview

Submitted URL
alexatracker.com/?r=aHR0cHM6Ly9kYXRlZXhvdGljLmNvbS9hZ0VBP3VzaWQ9MTlodW83cm1iM3ZxJmVtYWlsPWlzb2NpYXMlNDBwYWxtZXR0bzU3LmNvbSZzdWIxPWNsZWFyJnByaWQ9MTlodW83cm1iM3Zx&h=6863e0b451cf81ac6435291d3985f34d
IP
51.68.197.173
ASN
#16276 OVH SAS
Submitted
2022-09-13 19:44:52
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
alexatracker.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	514 B	511 B	51.68.197.173
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
mc.yandex.ru	2672	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.0 kB	76 kB	93.158.134.119
svntrk.com	105291	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	718 B	172.67.197.110
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.189.157.130
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	23.33.119.10
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	72 kB	34.120.237.76
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
146.190.228.148	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	363 B	801 B	146.190.228.148
humadecure.gq	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	216 kB	160.20.147.80
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	347 B	1.4 kB	104.18.20.226
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.33.119.10
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
dateexotic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	557 B	1.3 kB	216.119.156.49

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-13	medium	humadecure.gq	Sinkholed
2022-09-13	medium	humadecure.gq	Sinkholed
2022-09-13	medium	humadecure.gq	Sinkholed
2022-09-13	medium	humadecure.gq	Sinkholed
2022-09-13	medium	humadecure.gq	Sinkholed

JavaScript (6)

	URL	Size	First Seen	Last Seen
	humadecure.gq/?s1=mqmq&s3=el	392 B	2023-03-07	2023-03-11
Pretty URL humadecure.gq/?s1=mqmq&s3=el IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:58:01 Last Seen2023-03-11 08:38:26 Times Seen1 Hash 3ec81bb5f0050aa7cec25332a83a3acb 16f26fb6c1f9a178bd050df08969253026f6f73f 88593fcfdb08f4f3833efbaed6e31df62f579117a453fe8ea4bea943f06eb61a Loading...

	humadecure.gq/?s1=mqmq&s3=el	695 B	2023-03-07	2023-03-11
Pretty URL humadecure.gq/?s1=mqmq&s3=el IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:58:01 Last Seen2023-03-11 08:38:26 Times Seen1 Hash 324b854d09db1927d1d7e3a5bd7edb8b 4ea391c662fb061b579eec6a4b1973e7d124e2f4 3e7a36279a84d9348da5be08fc87d2e09c9b6ebf0705a943bb2534b5ffeeb9cd Loading...

	humadecure.gq/?s1=mqmq&s3=el	505 B	2023-03-07	2023-03-17
Pretty URL humadecure.gq/?s1=mqmq&s3=el IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:01 Last Seen2023-03-17 12:48:05 Times Seen1 Hash a4bdf73d6c7cffc574d06bd074029acc 4d594f31e6c4bfcbb278cb4989a316293666b665 b1539b6b56f3239fc24b36f63e7e433e01df8c8d864e461c7a209debda8df2c4 Loading...

	mc.yandex.ru/metrika/tag.js	210 kB	2023-03-07	2023-06-09
Pretty URL mc.yandex.ru/metrika/tag.js IP 93.158.134.119 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2023-06-09 03:58:24 Times Seen15 Hash c55e9c553440071325733dd0021e9157 6e16274257eab27a3c38e759ba7200c9e0faff45 4325463d5c17aebbc147fb20c300203304a6d06cbe4d8bfbff402ef6a9a5c8cc Loading...

	humadecure.gq/landings/40/js/vendor.js	99 kB	2023-03-07	2023-03-17
Pretty URL humadecure.gq/landings/40/js/vendor.js IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:01 Last Seen2023-03-17 12:46:23 Times Seen1 Hash 8ce8d4894185981072382b7da89a6703 396a0d229712335e96c2a66f8ebcf67dfca9fc7e 0cf2a33968a1f3efec0c5c9163a95ffdf0e86f5d4d0a919344f4f7834023a565 Loading...

	svntrk.com/assets/mqmq_6320ddaaf0618.js	0 B	2023-03-07	2024-04-26
Pretty URL svntrk.com/assets/mqmq_6320ddaaf0618.js IP 172.67.197.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 11:32:49 Times Seen37090628 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (36)

URL IP Response Size

alexatracker.com/?r=aHR0cHM6Ly9kYXRlZXhvdGljLmNvbS9hZ0VBP3VzaWQ9MTlodW83cm1iM3ZxJmVtYWlsPWlzb2NpYXMlNDBwYWxtZXR0bzU3LmNvbSZzdWIxPWNsZWFyJnByaWQ9MTlodW83cm1iM3Zx&h=6863e0b451cf81ac6435291d3985f34d

51.68.197.173

302 Found

0 B

URL HTTP/1.1
alexatracker.com/?r=aHR0cHM6Ly9kYXRlZXhvdGljLmNvbS9hZ0VBP3VzaWQ9MTlodW83cm1iM3ZxJmVtYWlsPWlzb2NpYXMlNDBwYWxtZXR0bzU3LmNvbSZzdWIxPWNsZWFyJnByaWQ9MTlodW83cm1iM3Zx&h=6863e0b451cf81ac6435291d3985f34d
IP
51.68.197.173:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?r=aHR0cHM6Ly9kYXRlZXhvdGljLmNvbS9hZ0VBP3VzaWQ9MTlodW83cm1iM3ZxJmVtYWlsPWlzb2NpYXMlNDBwYWxtZXR0bzU3LmNvbSZzdWIxPWNsZWFyJnByaWQ9MTlodW83cm1iM3Zx&h=6863e0b451cf81ac6435291d3985f34d HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 13 Sep 2022 19:44:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: trbarid=5663276202369015209; expires=Thu, 12-Sep-2024 19:44:41 GMT; Max-Age=63072000; path=/; secure; HttpOnly; SameSite=None
Location: https://dateexotic.com/agEA?usid=19huo7rmb3vq&email=isocias%40palmetto57.com&sub1=clear&prid=19huo7rmb3vq&tbsession=5663276202369015209&c=1448962727
Access-Control-Allow-Origin: *

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 13 Sep 2022 19:08:52 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7cRabKfiMF1czM8IKMUonIirMoy8c3tc6DlAYQsstq81DtvmAAHNZQ==
Age: 2149

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2868
Expires: Tue, 13 Sep 2022 20:32:29 GMT
Date: Tue, 13 Sep 2022 19:44:41 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 13 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fYnk-FnNTd29oNFWviLqqkhJ-kmCXopgw9Bk-atvmdjmwMOz4LCLqg==
age: 54567
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 19:44:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8385640d01e65aacebfd5a475cba64db
9ec5a9cdab6029326a378e5f38623f6db3b3eb18
6639cdf6a82cc7d4fef798119c2f13dbf1d407e82a3e0b3c6f278e71e58789c9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6639CDF6A82CC7D4FEF798119C2F13DBF1D407E82A3E0B3C6F278E71E58789C9"
Last-Modified: Mon, 12 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4926
Expires: Tue, 13 Sep 2022 21:06:48 GMT
Date: Tue, 13 Sep 2022 19:44:42 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 13 Sep 2022 19:03:22 GMT
Cache-Control: max-age=3600
Expires: Tue, 13 Sep 2022 19:15:42 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EbO8XzLb2odVTpMapHoJlUvmRwnyto7Ni-d36Z6FOEX8bqkxfJvr-g==
Age: 2480

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e96dbe1b54932c8f447bbbfc9d31cfb0
b15d4a54fbdf95b0af8bd34b6f8ef03055eef0cd
427326963ac1ef6ddeeaf52ab07807c694b82effa6111671ada8270b1faecdae

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5216
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 19:44:42 GMT
Last-Modified: Tue, 13 Sep 2022 18:17:46 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

146.190.228.148/gGsS7C?click_id=19huo7rmb3vq

146.190.228.148

302 Found

0 B

URL HTTP/1.1
146.190.228.148/gGsS7C?click_id=19huo7rmb3vq
IP
146.190.228.148:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gGsS7C?click_id=19huo7rmb3vq HTTP/1.1
Host: 146.190.228.148
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Tue, 13 Sep 2022 19:44:42 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Tue, 13 Sep 2022 19:44:42 GMT
Location: http://humadecure.gq?s1=mqmq&s3=el
Pragma: no-cache
Set-Cookie: _subid=376l60jmb42s;Expires=Friday, 14-Oct-2022 19:44:42 GMT;Max-Age=2678400;Path=/
b15e4=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0NFwiOjE2NjMwOTgyODJ9LFwiY2FtcGFpZ25zXCI6e1wiNDJcIjoxNjYzMDk4MjgyfSxcInRpbWVcIjoxNjYzMDk4MjgyfSJ9.Y9c30BMwIa5M-uUVkbLDqWw3HjTCH5-Cq3hNGEh21eo;Expires=Tuesday, 28-May-2075 15:29:24 GMT;Max-Age=1663184682;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

push.services.mozilla.com/

54.189.157.130

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.157.130:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Az2pQVba13tQmqJ3hVBEJg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Wtuzyqe5VDvxMZsI2Wcyicmxi/A=

humadecure.gq/?s1=mqmq&s3=el

160.20.147.80

200 OK

4.0 kB

URL HTTP/1.1
humadecure.gq/?s1=mqmq&s3=el
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
4.0 kB (4047 bytes)
Hash
8ef6a6851e23aa12bcac0fb43ded152a
65dae5e35df6773e57057158ba327a4179897877
97d92208fca8e09580e090a68b813c5ceb0f37ad7e775c3543f22748f5ff8864

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?s1=mqmq&s3=el HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 13 Sep 2022 19:44:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlErNmFnUDQ4NzFiTi9DYmNVOTI2Wnc9PSIsInZhbHVlIjoiQWxJdk1aYTFOQjdkUVFWM2tWclpwdWxUUlJWRDBlUUNJSUV0b1VyU05UdG5OcUVoY0dENUlDdFp1MTh2T1FJVSIsIm1hYyI6IjM2N2FjNGY2YjNjYmRlYjlkMzU4YTliMGNiZGMzY2FkZWMyM2VhNjQyOTk0ZjhjZjE1NGY4ODNlMjIyOTA1OTUifQ%3D%3D; expires=Tue, 13-Sep-2022 21:44:42 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImxRK2F1RG5YWkRCejBDRXJyWm1PK0E9PSIsInZhbHVlIjoidEkyOTFtenZnM2RiZHY1eVBNSHRDOGl2UGVTcmwyOXovN3VFYjRlTGx4MmdoRTRxcmxUZEZjWVB1R1lndG9QaCIsIm1hYyI6IjFiY2ZjMGRhNDkyYTUwNGI0ZjAyYzM4NTI0MTBmNzVlMzg2NDRiZDVhYmJiNzJmYmQxNmYxYTEwNGMxZDNhZjQifQ%3D%3D; expires=Tue, 13-Sep-2022 21:44:42 GMT; Max-Age=7200; path=/; httponly; samesite=lax
SRVNAME=w2; path=/

e1.o.lencr.org/

23.33.119.10

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
e72bb49efa7bc859bdcc87ca9df1027b
0a3a23ba645c3db69311830613dfb82d7ffb8b70
6c95afc60160e40891d62d9d3403b2bc9959f780c3cc6f88d92183d7893967a0

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6C95AFC60160E40891D62D9D3403B2BC9959F780C3CC6F88D92183D7893967A0"
Last-Modified: Mon, 12 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2807
Expires: Tue, 13 Sep 2022 20:31:30 GMT
Date: Tue, 13 Sep 2022 19:44:43 GMT
Connection: keep-alive

humadecure.gq/landings/40/fonts/vendor.css

160.20.147.80

200 OK

8.3 kB

URL HTTP/1.1
humadecure.gq/landings/40/fonts/vendor.css
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
ASCII text, with very long lines (8320), with no line terminators
Size
8.3 kB (8320 bytes)
Hash
a15feb4aaa93222f087460579291802e
31da5ec06c508cad5cca1b30f5d36eb948dea4ff
fdb2461df2c1a366aa4936ff52ef1e36bf54a07ac1ea90b577b7226e161bea68

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /landings/40/fonts/vendor.css HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/?s1=mqmq&s3=el
Cookie: XSRF-TOKEN=eyJpdiI6IlErNmFnUDQ4NzFiTi9DYmNVOTI2Wnc9PSIsInZhbHVlIjoiQWxJdk1aYTFOQjdkUVFWM2tWclpwdWxUUlJWRDBlUUNJSUV0b1VyU05UdG5OcUVoY0dENUlDdFp1MTh2T1FJVSIsIm1hYyI6IjM2N2FjNGY2YjNjYmRlYjlkMzU4YTliMGNiZGMzY2FkZWMyM2VhNjQyOTk0ZjhjZjE1NGY4ODNlMjIyOTA1OTUifQ%3D%3D; laravel_session=eyJpdiI6ImxRK2F1RG5YWkRCejBDRXJyWm1PK0E9PSIsInZhbHVlIjoidEkyOTFtenZnM2RiZHY1eVBNSHRDOGl2UGVTcmwyOXovN3VFYjRlTGx4MmdoRTRxcmxUZEZjWVB1R1lndG9QaCIsIm1hYyI6IjFiY2ZjMGRhNDkyYTUwNGI0ZjAyYzM4NTI0MTBmNzVlMzg2NDRiZDVhYmJiNzJmYmQxNmYxYTEwNGMxZDNhZjQifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 13 Sep 2022 19:44:43 GMT
Content-Type: text/css
Content-Length: 8320
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:11 GMT
etag: "62e3c71b-2080"
accept-ranges: bytes

humadecure.gq/landings/40/js/vendor.js

160.20.147.80

200 OK

99 kB

URL HTTP/1.1
humadecure.gq/landings/40/js/vendor.js
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
99 kB (99445 bytes)
Hash
8ce8d4894185981072382b7da89a6703
396a0d229712335e96c2a66f8ebcf67dfca9fc7e
0cf2a33968a1f3efec0c5c9163a95ffdf0e86f5d4d0a919344f4f7834023a565

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /landings/40/js/vendor.js HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/?s1=mqmq&s3=el
Cookie: XSRF-TOKEN=eyJpdiI6IlErNmFnUDQ4NzFiTi9DYmNVOTI2Wnc9PSIsInZhbHVlIjoiQWxJdk1aYTFOQjdkUVFWM2tWclpwdWxUUlJWRDBlUUNJSUV0b1VyU05UdG5OcUVoY0dENUlDdFp1MTh2T1FJVSIsIm1hYyI6IjM2N2FjNGY2YjNjYmRlYjlkMzU4YTliMGNiZGMzY2FkZWMyM2VhNjQyOTk0ZjhjZjE1NGY4ODNlMjIyOTA1OTUifQ%3D%3D; laravel_session=eyJpdiI6ImxRK2F1RG5YWkRCejBDRXJyWm1PK0E9PSIsInZhbHVlIjoidEkyOTFtenZnM2RiZHY1eVBNSHRDOGl2UGVTcmwyOXovN3VFYjRlTGx4MmdoRTRxcmxUZEZjWVB1R1lndG9QaCIsIm1hYyI6IjFiY2ZjMGRhNDkyYTUwNGI0ZjAyYzM4NTI0MTBmNzVlMzg2NDRiZDVhYmJiNzJmYmQxNmYxYTEwNGMxZDNhZjQifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 13 Sep 2022 19:44:43 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 99445
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:11 GMT
etag: "62e3c71b-18475"
accept-ranges: bytes

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11503
Expires: Tue, 13 Sep 2022 22:56:26 GMT
Date: Tue, 13 Sep 2022 19:44:43 GMT
Connection: keep-alive

dateexotic.com/agEA?usid=19huo7rmb3vq&email=isocias%40palmetto57.com&sub1=clear&prid=19huo7rmb3vq&tbsession=5663276202369015209&c=1448962727

216.119.156.49

302 Found

503 B

URL HTTP/2
dateexotic.com/agEA?usid=19huo7rmb3vq&email=isocias%40palmetto57.com&sub1=clear&prid=19huo7rmb3vq&tbsession=5663276202369015209&c=1448962727
IP
216.119.156.49:0
ASN
#46562 PERFORMIVE

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

GET /agEA?usid=19huo7rmb3vq&email=isocias%40palmetto57.com&sub1=clear&prid=19huo7rmb3vq&tbsession=5663276202369015209&c=1448962727 HTTP/1.1
Host: dateexotic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx/1.18.0 (Ubuntu)
date: Tue, 13 Sep 2022 19:44:42 GMT
content-type: text/html; charset=UTF-8
location: http://146.190.228.148/gGsS7C?click_id=19huo7rmb3vq
set-cookie: trbarid=ad4389d3cbd13fa4d11be69eb55464ce342f4b8833244c8a894142a4e7300f73a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bs%3A19%3A%225663276202369015209%22%3B%7D; expires=Tue, 17-Sep-2024 19:44:42 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
tbar_uc1=21214fda77eea4377a26d2c926733a79f478f212fe21c10927f5956e2539b2dca%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22tbar_uc1%22%3Bi%3A1%3Bs%3A32%3A%22aXNvY2lhc0BwYWxtZXR0bzU3LmNvbQ%3D%3D%22%3B%7D; expires=Tue, 17-Sep-2024 19:44:42 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11503
Expires: Tue, 13 Sep 2022 22:56:26 GMT
Date: Tue, 13 Sep 2022 19:44:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11503
Expires: Tue, 13 Sep 2022 22:56:26 GMT
Date: Tue, 13 Sep 2022 19:44:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11503
Expires: Tue, 13 Sep 2022 22:56:26 GMT
Date: Tue, 13 Sep 2022 19:44:43 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9466 bytes)
Hash
6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -SwaUjMInlOaGpH6yK1W1a57QCQMgY-l43RdUfKVtZA1zJzMrLzC6g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 04:49:30 GMT
age: 53713
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8171 bytes)
Hash
eee5b4d617dab6f10d7053f5c4f4e98e
6c728c56797ba921e8001919df4d36e56dd37e54
76a53e2c81ec8da2bc469760b2c57098d587c6a36fa70e5b7c743a224a47d362

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8171
x-amzn-requestid: a3eb931f-cd71-4738-acb1-4398fc09f453
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOa7QGqoIAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c0b7b-2a6ed8ca00a0a0640110cf5d;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:58:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QuUPVSWCQk9z9xI03trHifaWzOi5TqBZHLena93lrxhjlAG1PICKKA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 14:15:42 GMT
age: 19741
etag: "6c728c56797ba921e8001919df4d36e56dd37e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10849 bytes)
Hash
838f709437b2dfbede4ee15307afe217
2ab2ee20e720b78be6deb55f967ac0d8b7dad048
a3b47ce595b475f2aab6f7378888d15ba3e98453d6c8a3d88946efc5d65eedba

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10849
x-amzn-requestid: 722d8d75-0911-4b59-af65-2b408bc09d80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXbx6E9-oAMFT8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa672-74ea9343619d4a1865e34818;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:36:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4rpwcrZLDlgcwBtH7wpoHMOb8hhFbKbZSQpjWqUqbt_Sl4ud3dm9Vg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:42:18 GMT
age: 79345
etag: "2ab2ee20e720b78be6deb55f967ac0d8b7dad048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9945 bytes)
Hash
c9ab2ec10c79b91d15edb1d1e3dc763c
744fee4a0baa22ba3aa352d60620a916972b47dd
f7bb66f5bb572d73f936fc74823f51ede1f2c4e309a939b39d9529ff8f757fbe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9945
x-amzn-requestid: a347749f-a63a-4533-a274-7151b9f235ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXcX8HAKoAMF5EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa765-56cff18515b2a5b3397231df;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:40:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lZ3FmD1gM8YBgZNt97kuYSol1kj0GQqRjyLT_7715VtH9GR1WpMDxA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:42:20 GMT
age: 79343
etag: "744fee4a0baa22ba3aa352d60620a916972b47dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9815 bytes)
Hash
239262b6ab17cb19414c35cd4f761092
48eddcf9838e980e67cc8f9cbb05b475df2f0331
cd27cbce632d769288d9c33c5c8e887ba02df5677f10f7a6d03139b590ba24b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9815
x-amzn-requestid: 89243e57-94eb-4c6b-903f-aa01df030ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxnEAjoAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-199403e2695b214711f5117f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gUhO_jZ9W_10cAK-2lOVSmQ9r1DIZvNDaqpJs5oc6lt85qAkWbBcXg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:48:14 GMT
age: 78989
etag: "48eddcf9838e980e67cc8f9cbb05b475df2f0331"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8799 bytes)
Hash
c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:41:55 GMT
age: 79368
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.33.119.10

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
e72bb49efa7bc859bdcc87ca9df1027b
0a3a23ba645c3db69311830613dfb82d7ffb8b70
6c95afc60160e40891d62d9d3403b2bc9959f780c3cc6f88d92183d7893967a0

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6C95AFC60160E40891D62D9D3403B2BC9959F780C3CC6F88D92183D7893967A0"
Last-Modified: Mon, 12 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2806
Expires: Tue, 13 Sep 2022 20:31:30 GMT
Date: Tue, 13 Sep 2022 19:44:44 GMT
Connection: keep-alive

ocsp.globalsign.com/gseccovsslca2018

104.18.20.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
357f75c1c8722e3404aeff22050af76b
03e17ac0f3d1a68a2e7744502caa29cec73a3c0a
a3d51c88f070e8ab5b3317c9adf165880cce1c1c3a7319e9b515bdcb3d56dec3

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 19:44:44 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sat, 17 Sep 2022 18:17:14 GMT
ETag: "03e17ac0f3d1a68a2e7744502caa29cec73a3c0a"
Last-Modified: Tue, 13 Sep 2022 18:17:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2137
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74a361182e22b521-OSL

humadecure.gq/favicon.ico

160.20.147.80

200 OK

0 B

URL HTTP/1.1
humadecure.gq/favicon.ico
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/?s1=mqmq&s3=el
Cookie: XSRF-TOKEN=eyJpdiI6IlErNmFnUDQ4NzFiTi9DYmNVOTI2Wnc9PSIsInZhbHVlIjoiQWxJdk1aYTFOQjdkUVFWM2tWclpwdWxUUlJWRDBlUUNJSUV0b1VyU05UdG5OcUVoY0dENUlDdFp1MTh2T1FJVSIsIm1hYyI6IjM2N2FjNGY2YjNjYmRlYjlkMzU4YTliMGNiZGMzY2FkZWMyM2VhNjQyOTk0ZjhjZjE1NGY4ODNlMjIyOTA1OTUifQ%3D%3D; laravel_session=eyJpdiI6ImxRK2F1RG5YWkRCejBDRXJyWm1PK0E9PSIsInZhbHVlIjoidEkyOTFtenZnM2RiZHY1eVBNSHRDOGl2UGVTcmwyOXovN3VFYjRlTGx4MmdoRTRxcmxUZEZjWVB1R1lndG9QaCIsIm1hYyI6IjFiY2ZjMGRhNDkyYTUwNGI0ZjAyYzM4NTI0MTBmNzVlMzg2NDRiZDVhYmJiNzJmYmQxNmYxYTEwNGMxZDNhZjQifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 13 Sep 2022 19:44:44 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:09 GMT
etag: "62e3c719-0"
accept-ranges: bytes

humadecure.gq/landings/40/img/bg.png

160.20.147.80

200 OK

102 kB

URL HTTP/1.1
humadecure.gq/landings/40/img/bg.png
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
PNG image data, 1454 x 818, 4-bit colormap, non-interlaced\012- data
Size
102 kB (102058 bytes)
Hash
3e103765bd6d40d47d519b012942fed7
f38f53b42d6eb31b400cfd8c8b8ae53d257adeca
4c859fdb2de5846dda7b657bf61fb078adfd3df013ee25a163125c6f493955eb

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /landings/40/img/bg.png HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/landings/40/fonts/vendor.css
Cookie: XSRF-TOKEN=eyJpdiI6IlErNmFnUDQ4NzFiTi9DYmNVOTI2Wnc9PSIsInZhbHVlIjoiQWxJdk1aYTFOQjdkUVFWM2tWclpwdWxUUlJWRDBlUUNJSUV0b1VyU05UdG5OcUVoY0dENUlDdFp1MTh2T1FJVSIsIm1hYyI6IjM2N2FjNGY2YjNjYmRlYjlkMzU4YTliMGNiZGMzY2FkZWMyM2VhNjQyOTk0ZjhjZjE1NGY4ODNlMjIyOTA1OTUifQ%3D%3D; laravel_session=eyJpdiI6ImxRK2F1RG5YWkRCejBDRXJyWm1PK0E9PSIsInZhbHVlIjoidEkyOTFtenZnM2RiZHY1eVBNSHRDOGl2UGVTcmwyOXovN3VFYjRlTGx4MmdoRTRxcmxUZEZjWVB1R1lndG9QaCIsIm1hYyI6IjFiY2ZjMGRhNDkyYTUwNGI0ZjAyYzM4NTI0MTBmNzVlMzg2NDRiZDVhYmJiNzJmYmQxNmYxYTEwNGMxZDNhZjQifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 13 Sep 2022 19:44:44 GMT
Content-Type: image/png
Content-Length: 102058
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:11 GMT
etag: "62e3c71b-18eaa"
accept-ranges: bytes

mc.yandex.ru/metrika/tag.js

93.158.134.119

200 OK

72 kB

URL HTTP/2
mc.yandex.ru/metrika/tag.js
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (681)
Size
72 kB (71985 bytes)
Hash
034d4604beaddff5783b9878fadfaee6
64d5e1e0dbbbd62d6a64349dd964763b7ab4cbea
f8a957ee3468693f465da61d899438a2b674369b80c9d5c9ffff1111a7091290

HTTP Headers

GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 71985
date: Tue, 13 Sep 2022 19:44:44 GMT
access-control-allow-origin: *
etag: "63076de4-11931"
expires: Tue, 13 Sep 2022 20:44:44 GMT
last-modified: Thu, 25 Aug 2022 15:41:08 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/metrika/advert.gif

93.158.134.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/metrika/advert.gif
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Tue, 13 Sep 2022 19:44:45 GMT
access-control-allow-origin: *
etag: "63076e51-2b"
expires: Tue, 13 Sep 2022 20:44:45 GMT
accept-ranges: bytes
last-modified: Thu, 25 Aug 2022 15:42:57 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/54239065/1?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A3062%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194431%3Aet%3A1663098272%3Ac%3A1%3Arn%3A339566778%3Arqn%3A1%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663098268239%3Ads%3A1%2C25%2C203%2C0%2C1305%2C0%2C%2C1490%2C3%2C%2C%2C%2C3057%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272%3At%3AGirl&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29

93.158.134.119

200 OK

419 B

URL HTTP/2
mc.yandex.ru/watch/54239065/1?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A3062%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194431%3Aet%3A1663098272%3Ac%3A1%3Arn%3A339566778%3Arqn%3A1%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663098268239%3Ads%3A1%2C25%2C203%2C0%2C1305%2C0%2C%2C1490%2C3%2C%2C%2C%2C3057%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272%3At%3AGirl&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Size
419 B (419 bytes)
Hash
8fdb4dcf7e2d4297a0e741cad65d81ba
baaa664f388054212ffa1ca8494fb4410b343f9f
437ab3f28ad3224d40b131f6009c46f526ca709023998853d5ef1020c9d19a3d

HTTP Headers

GET /watch/54239065/1?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A3062%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194431%3Aet%3A1663098272%3Ac%3A1%3Arn%3A339566778%3Arqn%3A1%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663098268239%3Ads%3A1%2C25%2C203%2C0%2C1305%2C0%2C%2C1490%2C3%2C%2C%2C%2C3057%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272%3At%3AGirl&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://humadecure.gq
Referer: http://humadecure.gq/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 419
date: Tue, 13 Sep 2022 19:44:45 GMT
x-content-type-options: nosniff
access-control-allow-origin: http://humadecure.gq
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 13-Sep-2022 19:44:45 GMT
last-modified: Tue, 13-Sep-2022 19:44:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/54239065/1?page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&hittoken=1663098285_1d0ec83204b98b7b8791ab95a3daea1c0044250009874df3c60b11820f419c91&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194432%3Aet%3A1663098272%3Ac%3A1%3Arn%3A977180728%3Arqn%3A2%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Apri%3A1%3Aeu%3A1%3Ans%3A1663098268239%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3719%2C3719%2C0%2C%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)

93.158.134.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/54239065/1?page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&hittoken=1663098285_1d0ec83204b98b7b8791ab95a3daea1c0044250009874df3c60b11820f419c91&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194432%3Aet%3A1663098272%3Ac%3A1%3Arn%3A977180728%3Arqn%3A2%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Apri%3A1%3Aeu%3A1%3Ans%3A1663098268239%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3719%2C3719%2C0%2C%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/54239065/1?page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&hittoken=1663098285_1d0ec83204b98b7b8791ab95a3daea1c0044250009874df3c60b11820f419c91&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194432%3Aet%3A1663098272%3Ac%3A1%3Arn%3A977180728%3Arqn%3A2%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Apri%3A1%3Aeu%3A1%3Ans%3A1663098268239%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3719%2C3719%2C0%2C%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 142
Origin: http://humadecure.gq
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Tue, 13 Sep 2022 19:44:45 GMT
access-control-allow-origin: http://humadecure.gq
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 13-Sep-2022 19:44:45 GMT
last-modified: Tue, 13-Sep-2022 19:44:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106eeeca-4365-4ffc-b701-f952d0b09dcb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7965 bytes)
Hash
47e1f64348aa12d707bf070f39877c7e
7a1f13d32de956fd50fccba0f813fb71bda79f63
9b3cee8039a2adb1291006a9ad55cd5032a2a6c10de3c5f57222692b02c0faac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106eeeca-4365-4ffc-b701-f952d0b09dcb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 7965
x-amzn-requestid: c0ddd7c6-9709-4251-8e7b-4a551f9a7d2f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBro8EjxIAMFi0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f305-26023e0714937dca063dcbfa;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:13:09 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: jj0LCxD4MdspTSEvLVsUaEbdNjjae7G-gogDBKtx1IE9VZauS4BblQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 23:11:59 GMT
age: 73971
etag: "7a1f13d32de956fd50fccba0f813fb71bda79f63"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

svntrk.com/assets/mqmq_6320ddaaf0618.js

172.67.197.110

200 OK

0 B

URL HTTP/2
svntrk.com/assets/mqmq_6320ddaaf0618.js
IP
172.67.197.110:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/mqmq_6320ddaaf0618.js HTTP/1.1
Host: svntrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 13 Sep 2022 19:44:44 GMT
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: BYPASS
set-cookie: svnimp=6320ddac6834e; path=/; secure; httponly; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nQ14iyUG8ebY0phHTyRbx6QeDosvH9bSnfBpvPScvGWFYZDDVzHGgoJQvG%2FB0Von1APniU27E2%2F1Un%2F8mkwLjyPD6SBTFdLGE9Q0mhakRf2NHGV2a%2Ft2l6r3MUB9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a3610daf40b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

mc.yandex.ru/watch/54239065?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A3062%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194431%3Aet%3A1663098272%3Ac%3A1%3Arn%3A339566778%3Arqn%3A1%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663098268239%3Ads%3A1%2C25%2C203%2C0%2C1305%2C0%2C%2C1490%2C3%2C%2C%2C%2C3057%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272%3At%3AGirl&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)

93.158.134.119

302 Found

0 B

URL HTTP/2
mc.yandex.ru/watch/54239065?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A3062%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194431%3Aet%3A1663098272%3Ac%3A1%3Arn%3A339566778%3Arqn%3A1%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663098268239%3Ads%3A1%2C25%2C203%2C0%2C1305%2C0%2C%2C1490%2C3%2C%2C%2C%2C3057%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272%3At%3AGirl&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /watch/54239065?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A3062%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194431%3Aet%3A1663098272%3Ac%3A1%3Arn%3A339566778%3Arqn%3A1%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663098268239%3Ads%3A1%2C25%2C203%2C0%2C1305%2C0%2C%2C1490%2C3%2C%2C%2C%2C3057%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272%3At%3AGirl&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://humadecure.gq
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
location: /watch/54239065/1?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A3062%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A590775629161%3Ahid%3A777407965%3Az%3A0%3Ai%3A20220913194431%3Aet%3A1663098272%3Ac%3A1%3Arn%3A339566778%3Arqn%3A1%3Au%3A1663098272276299652%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663098268239%3Ads%3A1%2C25%2C203%2C0%2C1305%2C0%2C%2C1490%2C3%2C%2C%2C%2C3057%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663098272%3At%3AGirl&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 13 Sep 2022 19:44:45 GMT
access-control-allow-origin: http://humadecure.gq
set-cookie: yandexuid=6323244501663098285; Expires=Wed, 13-Sep-2023 19:44:45 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6323244501663098285; Expires=Wed, 13-Sep-2023 19:44:45 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1751512691663098285; Path=/; SameSite=None; Secure
i=Uspb2cYh/02QyxoYtAFZI9AUjd/m0ChVzlYMs6zv53AYMN3jh+q2ygvnJZ2MnEdGbTpvvbSnyvx189t+JgYUx5wi2os=; Expires=Fri, 10-Sep-2032 19:44:38 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1694634285.yrts.1663098285#1694634285.yrtsi.1663098285; Expires=Wed, 13-Sep-2023 19:44:45 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 13-Sep-2022 19:44:45 GMT
last-modified: Tue, 13-Sep-2022 19:44:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (36)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size