Report - 4421c3ztest3.sorphiromond.tk/q3bCCwDV?keyword=johnmurphy@weiss-ins.com&sub1=clear&sub3=wanadoo.fr

Report Overview

Submitted URL
4421c3ztest3.sorphiromond.tk/q3bCCwDV?keyword=johnmurphy@weiss-ins.com&sub1=clear&sub3=wanadoo.fr
IP
104.21.32.5
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-11 19:17:04
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
dateexotic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.2 kB	216.119.156.49
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
humadecure.gq	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	239 kB	160.20.147.80
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.3
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.88.220.109
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	924 B	48 kB	142.250.74.163
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	95.101.11.115
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
4421c3ztest3.sorphiromond.tk	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416 B	1.4 kB	172.67.181.230
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
svntrk.com	105291	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	722 B	104.21.82.62
alexatracker.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	612 B	510 B	51.68.197.173
146.190.228.148	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	362 B	803 B	146.190.228.148
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	23.33.119.27
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	454 B	746 B	142.250.74.10
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	64 kB	34.120.237.76
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	347 B	1.4 kB	104.18.20.226
mc.yandex.ru	2672	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	76 kB	77.88.21.119

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-11	medium	humadecure.gq	Sinkholed
2022-09-11	medium	humadecure.gq	Sinkholed
2022-09-11	medium	humadecure.gq	Sinkholed
2022-09-11	medium	humadecure.gq	Sinkholed
2022-09-11	medium	humadecure.gq	Sinkholed

JavaScript (6)

	URL	Size	First Seen	Last Seen
	humadecure.gq/?s1=mqmq&s3=el	392 B	2023-03-07	2023-03-17
Pretty URL humadecure.gq/?s1=mqmq&s3=el IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:50:47 Last Seen2023-03-17 12:43:15 Times Seen1 Hash 81cee85f03882de3fca9830307cb1688 659c60f401b89723b6ee5931537d826aeb5ee696 8c80011b8bdf021ed63b5007f9a4e09195d5c374d141e9baf26a2a4f1235e43b Loading...

	humadecure.gq/?s1=mqmq&s3=el	695 B	2023-03-07	2023-03-17
Pretty URL humadecure.gq/?s1=mqmq&s3=el IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:50:47 Last Seen2023-03-17 12:43:15 Times Seen1 Hash 417acc5a4c50188c153c5943d0d24edb 0bdcc7eeb8b8692b61f40f643731fe51fc653972 2f02820ef267e584fd4b32ce7cd8f2a59cf1be75e049090a7f7d13719876c333 Loading...

	humadecure.gq/landings/53/js/vendor.js	107 kB	2023-03-07	2023-03-17
Pretty URL humadecure.gq/landings/53/js/vendor.js IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:16 Last Seen2023-03-17 12:43:15 Times Seen1 Hash 014d2c9660b58f8ecd46d621d290d6e3 474df4e024473ff5364da1e92739d18be91ed010 7fcc75d12eab9010a04c6d92f415b1b78124ca3e37f4c385f4cda69cf9a1c014 Loading...

	humadecure.gq/?s1=mqmq&s3=el	505 B	2023-03-07	2023-03-17
Pretty URL humadecure.gq/?s1=mqmq&s3=el IP 160.20.147.80 ASN #30823 combahton GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:01 Last Seen2023-03-17 12:48:05 Times Seen1 Hash a4bdf73d6c7cffc574d06bd074029acc 4d594f31e6c4bfcbb278cb4989a316293666b665 b1539b6b56f3239fc24b36f63e7e433e01df8c8d864e461c7a209debda8df2c4 Loading...

	mc.yandex.ru/metrika/tag.js	211 kB	2023-03-07	2023-03-17
Pretty URL mc.yandex.ru/metrika/tag.js IP 77.88.21.119 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:23:15 Last Seen2023-03-17 11:41:37 Times Seen1 Hash edee098e47e8168e31eb8689ad6b9cec b043258b73e2d89c0104ebed2ca8cad4bfe732d7 6760b266bef4409ce02ecdbb4f9e82fcd7ad8f249efa475558e88cfdd7d9e91e Loading...

	svntrk.com/assets/mqmq_631e3426ec895.js	0 B	2023-03-07	2024-04-19
Pretty URL svntrk.com/assets/mqmq_631e3426ec895.js IP 104.21.82.62 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 21:12:05 Times Seen36967419 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (44)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9114
Expires: Sun, 11 Sep 2022 21:48:47 GMT
Date: Sun, 11 Sep 2022 19:16:53 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 19:07:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3iCbE0gsSBp4cEOHzlj21LbsTHZzc-n2NwTwb7vCijxEOHCyOb2cpA==
Age: 545

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zQRVYMxsvRHSBdp1yRJ_rp9SZZkueuitKbsujqJ8doDKxv_dtBiNHQ==
age: 43181
X-Firefox-Spdy: h2

4421c3ztest3.sorphiromond.tk/q3bCCwDV?keyword=johnmurphy@weiss-ins.com&sub1=clear&sub3=wanadoo.fr

172.67.181.230

302 Found

0 B

URL HTTP/1.1
4421c3ztest3.sorphiromond.tk/q3bCCwDV?keyword=johnmurphy@weiss-ins.com&sub1=clear&sub3=wanadoo.fr
IP
172.67.181.230:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /q3bCCwDV?keyword=johnmurphy@weiss-ins.com&sub1=clear&sub3=wanadoo.fr HTTP/1.1
Host: 4421c3ztest3.sorphiromond.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Sun, 11 Sep 2022 19:16:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Sun, 11 Sep 2022 19:16:53 GMT
Location: https://dateexotic.com/agEA?usid=qqicj4lueau&email=johnmurphy%40weiss-ins.com&sub1=clear&prid=qqicj4lueau
Pragma: no-cache
Set-Cookie: _subid=qqicj4lueau;Expires=Wednesday, 12-Oct-2022 19:16:53 GMT;Max-Age=2678400;Path=/
_token=uuid_qqicj4lueau_qqicj4lueau631e34250e2fa3.90507055;Expires=Wednesday, 12-Oct-2022 19:16:53 GMT;Max-Age=2678400;Path=/
b15e4=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjExOVwiOjE2NjI5MjM4MTN9LFwiY2FtcGFpZ25zXCI6e1wiMzJcIjoxNjYyOTIzODEzfSxcInRpbWVcIjoxNjYyOTIzODEzfSJ9.tpF6X_G_ktuyVPGBgp4FcJzKmC4SKGRpsXadt4gDvvk;Expires=Friday, 24-May-2075 14:33:46 GMT;Max-Age=1663010213;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNuehmCp6dW5hi4sb6O9xBSBqLveCt2dvTE9uvH3dIzahC6XK6dYFkPC%2FhL2Sg%2BZvzfNoF%2Bm%2FZ1jWBb0jb5hgYStdBa%2BwR8szieF6u%2FJpElesYv%2FS4goXaOtYKloTJFD9%2BFIEvNU8BqXyHLJgxfr"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7492bd869fdbb51e-OSL
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:16:53 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 11 Sep 2022 18:56:07 GMT
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 19:19:38 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pSut62vxKVs-ISRT4zR4uEZ6_PnbnwzwuLWe5Ulw9clsu344-Jnh4Q==
Age: 1246

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc3ae1a0d536582a75d35bdfe0ab6d19
4b0360d8de74670fd93b0e69a82c81275d2eea3b
63675432db17ef2634cfba6e666a6c4fe745ddd8145df54701f00552fe8326b7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63675432DB17EF2634CFBA6E666A6C4FE745DDD8145DF54701F00552FE8326B7"
Last-Modified: Fri, 09 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 12 Sep 2022 01:16:53 GMT
Date: Sun, 11 Sep 2022 19:16:53 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2416
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:16:53 GMT
Last-Modified: Sun, 11 Sep 2022 18:36:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.88.220.109

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.88.220.109:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: w9GlJGqgjJOm1YbwL+diwg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: MVjEpdsHLZa1KGY9B0dq0aG7+58=

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfcca9393af0f8e8bb902fbb8e49ae49
c26dc3a72f05c0e10be5f29c78b1685bd2fb29ad
64c11e757b42a5c82a19cf437843934edefbe8e654581bc31045db2149dc90fd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64C11E757B42A5C82A19CF437843934EDEFBE8E654581BC31045DB2149DC90FD"
Last-Modified: Sat, 10 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9695
Expires: Sun, 11 Sep 2022 21:58:29 GMT
Date: Sun, 11 Sep 2022 19:16:54 GMT
Connection: keep-alive

alexatracker.com/?r=aHR0cHM6Ly9kYXRlZXhvdGljLmNvbS9hZ0VBP3VzaWQ9cXFpY2o0bHVlYXUmZW1haWw9am9obm11cnBoeSU0MHdlaXNzLWlucy5jb20mc3ViMT1jbGVhciZwcmlkPXFxaWNqNGx1ZWF1&h=caa4f92e034ce5e183b077887f5ce630

51.68.197.173

302 Found

0 B

URL HTTP/1.1
alexatracker.com/?r=aHR0cHM6Ly9kYXRlZXhvdGljLmNvbS9hZ0VBP3VzaWQ9cXFpY2o0bHVlYXUmZW1haWw9am9obm11cnBoeSU0MHdlaXNzLWlucy5jb20mc3ViMT1jbGVhciZwcmlkPXFxaWNqNGx1ZWF1&h=caa4f92e034ce5e183b077887f5ce630
IP
51.68.197.173:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?r=aHR0cHM6Ly9kYXRlZXhvdGljLmNvbS9hZ0VBP3VzaWQ9cXFpY2o0bHVlYXUmZW1haWw9am9obm11cnBoeSU0MHdlaXNzLWlucy5jb20mc3ViMT1jbGVhciZwcmlkPXFxaWNqNGx1ZWF1&h=caa4f92e034ce5e183b077887f5ce630 HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 11 Sep 2022 19:16:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: trbarid=8240031674006385702; expires=Tue, 10-Sep-2024 19:16:54 GMT; Max-Age=63072000; path=/; secure; HttpOnly; SameSite=None
Location: https://dateexotic.com/agEA?usid=qqicj4lueau&email=johnmurphy%40weiss-ins.com&sub1=clear&prid=qqicj4lueau&tbsession=8240031674006385702&c=459880907
Access-Control-Allow-Origin: *

146.190.228.148/gGsS7C?click_id=qqicj4lueau

146.190.228.148

302 Found

0 B

URL HTTP/1.1
146.190.228.148/gGsS7C?click_id=qqicj4lueau
IP
146.190.228.148:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gGsS7C?click_id=qqicj4lueau HTTP/1.1
Host: 146.190.228.148
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Sun, 11 Sep 2022 19:16:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Sun, 11 Sep 2022 19:16:54 GMT
Location: http://humadecure.gq?s1=mqmq&s3=el
Pragma: no-cache
Set-Cookie: _subid=376l60jlueb7;Expires=Wednesday, 12-Oct-2022 19:16:54 GMT;Max-Age=2678400;Path=/
b15e4=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0NFwiOjE2NjI5MjM4MTR9LFwiY2FtcGFpZ25zXCI6e1wiNDJcIjoxNjYyOTIzODE0fSxcInRpbWVcIjoxNjYyOTIzODE0fSJ9.B-Km63HHORzJ6RZYnk_qwjhbBvznehbiTH5YvIt0B0I;Expires=Friday, 24-May-2075 14:33:48 GMT;Max-Age=1663010214;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

humadecure.gq/?s1=mqmq&s3=el

160.20.147.80

200 OK

4.3 kB

URL HTTP/1.1
humadecure.gq/?s1=mqmq&s3=el
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
4.3 kB (4348 bytes)
Hash
cc701876d2221c540ea6735c5bb7865a
94637d0b9e444405a5e6825137adbaf47505b844
69f3c87cea32b75854b0c2bc4793976e36e8ecde969f287ba62e4eb36c0d2223

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?s1=mqmq&s3=el HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 19:16:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IldlVkxIeHBQNUQzMC96dEZYc2ltNlE9PSIsInZhbHVlIjoiR293aTQzQ1RNRTQ3cDBjMlB2L0lpMGU4RUFHVU5GdFZTMGtqRi9xMXlIN011a1pQL3NUaFgyVXpDaDVkaEY1SiIsIm1hYyI6ImUyOTU5Y2IyMzM3Yzc5NTc3YzFhOTM3YzM4MDUzOTE4MWY2YThjOThlZDRjNDZiZDI2NzFiMTM2MWM3NDgwZDIifQ%3D%3D; expires=Sun, 11-Sep-2022 21:16:54 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImVFcHRzanhxN3hXSzRYa1lsWWZCd2c9PSIsInZhbHVlIjoiQVRFSGRrV2NEVDQvVFhIcFloSmlldTNSdWFQaElHbjl5eVplemNkV2RwTGJTV0JWRE5SY0wxeThSUXdBbUF6UiIsIm1hYyI6IjlmNTBlMmM1NjY2MjhmNTM5Nzc2M2RkMjZkMDQ1ZmYxZDk0NWY2MjhjMzNjZWZhOTBjYTNkMzM5YjcxOGUzNjAifQ%3D%3D; expires=Sun, 11-Sep-2022 21:16:54 GMT; Max-Age=7200; path=/; httponly; samesite=lax
SRVNAME=w2; path=/

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6419
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:16:55 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
9965bb65b80e407627b161d745eba342
a025a04e78e8fdd80d751ea09dcc6059f5e02a53
1bcc314b5b89991c7cff5d208c74416f700f3f746d70db8c638b4ab528bd5b5c

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1BCC314B5B89991C7CFF5D208C74416F700F3F746D70DB8C638B4AB528BD5B5C"
Last-Modified: Sat, 10 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20160
Expires: Mon, 12 Sep 2022 00:52:55 GMT
Date: Sun, 11 Sep 2022 19:16:55 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6419
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:16:55 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13568 bytes)
Hash
8625e0707046e7a3715a8dbb40b1cae2
0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13568
x-amzn-requestid: a2fadcbe-350b-4a06-9f9c-ee2da40bb285
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEESeHA_oAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317e742-4740aa3f4ebd479e7a4886ed;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 00:35:14 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: jbF2ZaJUhIoJV-o4f6iviFyUnoDW4R0KHTfC5NySmITnsLbD5iJrPQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:11 GMT
age: 77804
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8485 bytes)
Hash
e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 22:14:30 GMT
age: 75745
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7017 bytes)
Hash
fea5dfc4a6a5093fd81899ee4a79d446
c893d7475856809a59486e0bcebd6d662d1fc56f
915fb97690be97d97cb298fc60ceb4cf7c3ed8fb437836beb2d590a8e238363c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7017
x-amzn-requestid: df5e57d7-e54c-4b5a-aa1b-a9aee889842e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_Et0oAMFSjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-50d15bba03579a935342e22f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LsqH-LbjMGWrhYB93Qkvq2qVhqNs-3MWgrrOFzC8qPcY3fF5ujSD_g==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:54:44 GMT
age: 76931
etag: "c893d7475856809a59486e0bcebd6d662d1fc56f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7635 bytes)
Hash
4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ILut4hEDJbs6jNr3wpPST1HgAYMabIT7cdZebRFETn8lL_QfS92KBA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 77781
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6889 bytes)
Hash
57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mNvNO0HJjZ1zwPKcjfqiVOnCL0CYXc8BPDSFbV6MXVW71IVt-2K3mQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:54 GMT
age: 77401
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7519 bytes)
Hash
bb1a86dcf94db0a29a6ebe21866766d4
b3491a6f12c97c8e1848a206a185fae29213c1e5
d05619e519fed6c0b6c0616cf540908006a68f127b25e38fb9d041dfe2546df4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7519
x-amzn-requestid: 8d8a8df6-abf5-45dd-8d78-de5ae715a9d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_UNEoWoAMFRLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631845b4-0101ca7a09e432f305aa7066;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:18:12 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Z0Z4IozbbythqWA7mNaqtO4NWbLi1zL2G6HmMGP0c9VqIzMugvVh_Q==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 00:00:49 GMT
age: 69366
etag: "b3491a6f12c97c8e1848a206a185fae29213c1e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:16:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:16:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

humadecure.gq/landings/53/fonts/vendor.css

160.20.147.80

200 OK

9.9 kB

URL HTTP/1.1
humadecure.gq/landings/53/fonts/vendor.css
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
ASCII text, with very long lines (9943), with no line terminators
Size
9.9 kB (9943 bytes)
Hash
82fc48ec92c19a151f3e4f53c1c27a2e
2f2236d3724ea0b52d59b02643ca38e4710e08f4
398f5603a88a8c085043797b49ad092081e9cab1374486f8005aca2bbe655db6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /landings/53/fonts/vendor.css HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/?s1=mqmq&s3=el
Cookie: XSRF-TOKEN=eyJpdiI6IldlVkxIeHBQNUQzMC96dEZYc2ltNlE9PSIsInZhbHVlIjoiR293aTQzQ1RNRTQ3cDBjMlB2L0lpMGU4RUFHVU5GdFZTMGtqRi9xMXlIN011a1pQL3NUaFgyVXpDaDVkaEY1SiIsIm1hYyI6ImUyOTU5Y2IyMzM3Yzc5NTc3YzFhOTM3YzM4MDUzOTE4MWY2YThjOThlZDRjNDZiZDI2NzFiMTM2MWM3NDgwZDIifQ%3D%3D; laravel_session=eyJpdiI6ImVFcHRzanhxN3hXSzRYa1lsWWZCd2c9PSIsInZhbHVlIjoiQVRFSGRrV2NEVDQvVFhIcFloSmlldTNSdWFQaElHbjl5eVplemNkV2RwTGJTV0JWRE5SY0wxeThSUXdBbUF6UiIsIm1hYyI6IjlmNTBlMmM1NjY2MjhmNTM5Nzc2M2RkMjZkMDQ1ZmYxZDk0NWY2MjhjMzNjZWZhOTBjYTNkMzM5YjcxOGUzNjAifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 19:16:55 GMT
Content-Type: text/css
Content-Length: 9943
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:12 GMT
etag: "62e3c71c-26d7"
accept-ranges: bytes

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
9965bb65b80e407627b161d745eba342
a025a04e78e8fdd80d751ea09dcc6059f5e02a53
1bcc314b5b89991c7cff5d208c74416f700f3f746d70db8c638b4ab528bd5b5c

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1BCC314B5B89991C7CFF5D208C74416F700F3F746D70DB8C638B4AB528BD5B5C"
Last-Modified: Sat, 10 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20160
Expires: Mon, 12 Sep 2022 00:52:55 GMT
Date: Sun, 11 Sep 2022 19:16:55 GMT
Connection: keep-alive

humadecure.gq/landings/53/js/vendor.js

160.20.147.80

200 OK

107 kB

URL HTTP/1.1
humadecure.gq/landings/53/js/vendor.js
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107387 bytes)
Hash
014d2c9660b58f8ecd46d621d290d6e3
474df4e024473ff5364da1e92739d18be91ed010
7fcc75d12eab9010a04c6d92f415b1b78124ca3e37f4c385f4cda69cf9a1c014

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /landings/53/js/vendor.js HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/?s1=mqmq&s3=el
Cookie: XSRF-TOKEN=eyJpdiI6IldlVkxIeHBQNUQzMC96dEZYc2ltNlE9PSIsInZhbHVlIjoiR293aTQzQ1RNRTQ3cDBjMlB2L0lpMGU4RUFHVU5GdFZTMGtqRi9xMXlIN011a1pQL3NUaFgyVXpDaDVkaEY1SiIsIm1hYyI6ImUyOTU5Y2IyMzM3Yzc5NTc3YzFhOTM3YzM4MDUzOTE4MWY2YThjOThlZDRjNDZiZDI2NzFiMTM2MWM3NDgwZDIifQ%3D%3D; laravel_session=eyJpdiI6ImVFcHRzanhxN3hXSzRYa1lsWWZCd2c9PSIsInZhbHVlIjoiQVRFSGRrV2NEVDQvVFhIcFloSmlldTNSdWFQaElHbjl5eVplemNkV2RwTGJTV0JWRE5SY0wxeThSUXdBbUF6UiIsIm1hYyI6IjlmNTBlMmM1NjY2MjhmNTM5Nzc2M2RkMjZkMDQ1ZmYxZDk0NWY2MjhjMzNjZWZhOTBjYTNkMzM5YjcxOGUzNjAifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 19:16:55 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 107387
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:12 GMT
etag: "62e3c71c-1a37b"
accept-ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:16:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:16:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

142.250.74.163

200 OK

24 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://humadecure.gq
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:10:21 GMT
expires: Wed, 06 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 439594
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2

142.250.74.163

200 OK

22 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Size
22 kB (22504 bytes)
Hash
1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92

HTTP Headers

GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://humadecure.gq
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:15:31 GMT
expires: Wed, 06 Sep 2023 17:15:31 GMT
cache-control: public, max-age=31536000
age: 439284
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:16:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.globalsign.com/gseccovsslca2018

104.18.20.226

200 OK

938 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
938 B (938 bytes)
Hash
f19b763a0b3b7984ada9f2fe59637c7c
591744624bb6f3d63aa9dec78822c2bf4a7382d0
1cd2ebb593c98fbf1e01620e00e329d9600aebed843e40af04ca775dd48a0dd0

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 19:16:55 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Thu, 15 Sep 2022 18:18:13 GMT
ETag: "591744624bb6f3d63aa9dec78822c2bf4a7382d0"
Last-Modified: Sun, 11 Sep 2022 18:18:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 770
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7492bd99ce991c12-OSL

humadecure.gq/favicon.ico

160.20.147.80

200 OK

0 B

URL HTTP/1.1
humadecure.gq/favicon.ico
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/?s1=mqmq&s3=el
Cookie: XSRF-TOKEN=eyJpdiI6IldlVkxIeHBQNUQzMC96dEZYc2ltNlE9PSIsInZhbHVlIjoiR293aTQzQ1RNRTQ3cDBjMlB2L0lpMGU4RUFHVU5GdFZTMGtqRi9xMXlIN011a1pQL3NUaFgyVXpDaDVkaEY1SiIsIm1hYyI6ImUyOTU5Y2IyMzM3Yzc5NTc3YzFhOTM3YzM4MDUzOTE4MWY2YThjOThlZDRjNDZiZDI2NzFiMTM2MWM3NDgwZDIifQ%3D%3D; laravel_session=eyJpdiI6ImVFcHRzanhxN3hXSzRYa1lsWWZCd2c9PSIsInZhbHVlIjoiQVRFSGRrV2NEVDQvVFhIcFloSmlldTNSdWFQaElHbjl5eVplemNkV2RwTGJTV0JWRE5SY0wxeThSUXdBbUF6UiIsIm1hYyI6IjlmNTBlMmM1NjY2MjhmNTM5Nzc2M2RkMjZkMDQ1ZmYxZDk0NWY2MjhjMzNjZWZhOTBjYTNkMzM5YjcxOGUzNjAifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 19:16:55 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:09 GMT
etag: "62e3c719-0"
accept-ranges: bytes

humadecure.gq/landings/53/images/2.jpg

160.20.147.80

200 OK

116 kB

URL HTTP/1.1
humadecure.gq/landings/53/images/2.jpg
IP
160.20.147.80:0
ASN
#30823 combahton GmbH

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size
116 kB (115563 bytes)
Hash
de1a69a82fdda1cbda50cb1057b39e73
20afa80d035e14cb5e24f73a0292caf033e0e562
10d3c6b7672d3ff60a5cf2140c5a62fe686bae024e2eb1ce9442c15def2958ec

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /landings/53/images/2.jpg HTTP/1.1
Host: humadecure.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://humadecure.gq/landings/53/fonts/vendor.css
Cookie: XSRF-TOKEN=eyJpdiI6IldlVkxIeHBQNUQzMC96dEZYc2ltNlE9PSIsInZhbHVlIjoiR293aTQzQ1RNRTQ3cDBjMlB2L0lpMGU4RUFHVU5GdFZTMGtqRi9xMXlIN011a1pQL3NUaFgyVXpDaDVkaEY1SiIsIm1hYyI6ImUyOTU5Y2IyMzM3Yzc5NTc3YzFhOTM3YzM4MDUzOTE4MWY2YThjOThlZDRjNDZiZDI2NzFiMTM2MWM3NDgwZDIifQ%3D%3D; laravel_session=eyJpdiI6ImVFcHRzanhxN3hXSzRYa1lsWWZCd2c9PSIsInZhbHVlIjoiQVRFSGRrV2NEVDQvVFhIcFloSmlldTNSdWFQaElHbjl5eVplemNkV2RwTGJTV0JWRE5SY0wxeThSUXdBbUF6UiIsIm1hYyI6IjlmNTBlMmM1NjY2MjhmNTM5Nzc2M2RkMjZkMDQ1ZmYxZDk0NWY2MjhjMzNjZWZhOTBjYTNkMzM5YjcxOGUzNjAifQ%3D%3D; SRVNAME=w2

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 19:16:55 GMT
Content-Type: image/jpeg
Content-Length: 115563
Connection: keep-alive
last-modified: Fri, 29 Jul 2022 11:40:12 GMT
etag: "62e3c71c-1c36b"
accept-ranges: bytes

mc.yandex.ru/metrika/tag.js

77.88.21.119

200 OK

72 kB

URL HTTP/2
mc.yandex.ru/metrika/tag.js
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (674)
Size
72 kB (72380 bytes)
Hash
f948ad97d8bcc64c1eee91e4e703f3f5
b5c35b5c139ddec32fe96bf89863fcf0845262bf
0d2dc3bdec9010c5375ac3fab62d3f33c2a3f961c6c974f2c0da8d584ed441e1

HTTP Headers

GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 72380
date: Sun, 11 Sep 2022 19:16:56 GMT
access-control-allow-origin: *
etag: "63186565-11abc"
expires: Sun, 11 Sep 2022 20:16:56 GMT
last-modified: Wed, 07 Sep 2022 12:33:25 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/metrika/advert.gif

77.88.21.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/metrika/advert.gif
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Sun, 11 Sep 2022 19:16:56 GMT
access-control-allow-origin: *
etag: "63186565-2b"
expires: Sun, 11 Sep 2022 20:16:56 GMT
accept-ranges: bytes
last-modified: Wed, 07 Sep 2022 12:33:25 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/54239065?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hjjpdks93ktul5nsnaw%3Afp%3A2847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A964612531438%3Ahid%3A771626295%3Az%3A0%3Ai%3A20220911191645%3Aet%3A1662923805%3Ac%3A1%3Arn%3A657355722%3Arqn%3A1%3Au%3A1662923805486355022%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662923801725%3Aco%3A0%3Awv%3A2%3Ads%3A37%2C26%2C208%2C0%2C1909%2C0%2C%2C600%2C39%2C%2C%2C%2C2809%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662923805%3At%3ATaste%20my%20buns&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)

77.88.21.119

302 Found

419 B

URL HTTP/2
mc.yandex.ru/watch/54239065?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hjjpdks93ktul5nsnaw%3Afp%3A2847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A964612531438%3Ahid%3A771626295%3Az%3A0%3Ai%3A20220911191645%3Aet%3A1662923805%3Ac%3A1%3Arn%3A657355722%3Arqn%3A1%3Au%3A1662923805486355022%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662923801725%3Aco%3A0%3Awv%3A2%3Ads%3A37%2C26%2C208%2C0%2C1909%2C0%2C%2C600%2C39%2C%2C%2C%2C2809%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662923805%3At%3ATaste%20my%20buns&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Size
419 B (419 bytes)
Hash
864c63f7720409d02ba4c78b6d634246
28d1648820a2d106fd8ccf9bac338c0d7b877cc7
3ffae493d416e0662e7c269127364a5571c96925f273601212e5a7ff937bc32a

HTTP Headers

GET /watch/54239065?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hjjpdks93ktul5nsnaw%3Afp%3A2847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A964612531438%3Ahid%3A771626295%3Az%3A0%3Ai%3A20220911191645%3Aet%3A1662923805%3Ac%3A1%3Arn%3A657355722%3Arqn%3A1%3Au%3A1662923805486355022%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662923801725%3Aco%3A0%3Awv%3A2%3Ads%3A37%2C26%2C208%2C0%2C1909%2C0%2C%2C600%2C39%2C%2C%2C%2C2809%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662923805%3At%3ATaste%20my%20buns&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://humadecure.gq
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
location: /watch/54239065/1?wmode=7&page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hjjpdks93ktul5nsnaw%3Afp%3A2847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A964612531438%3Ahid%3A771626295%3Az%3A0%3Ai%3A20220911191645%3Aet%3A1662923805%3Ac%3A1%3Arn%3A657355722%3Arqn%3A1%3Au%3A1662923805486355022%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662923801725%3Aco%3A0%3Awv%3A2%3Ads%3A37%2C26%2C208%2C0%2C1909%2C0%2C%2C600%2C39%2C%2C%2C%2C2809%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662923805%3At%3ATaste%20my%20buns&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sun, 11 Sep 2022 19:16:56 GMT
access-control-allow-origin: http://humadecure.gq
set-cookie: yandexuid=5705951291662923816; Expires=Mon, 11-Sep-2023 19:16:56 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5705951291662923816; Expires=Mon, 11-Sep-2023 19:16:56 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=591481231662923816; Path=/; SameSite=None; Secure
i=7yHL7qFIJ6Vm15lksMcLDtLQZLDnbd7SyFfGxySY7QiBKDcMTzVYXL8o8tg+hi/qAGfiLA4b1bk7P7fHyRRwTr+DA+0=; Expires=Wed, 08-Sep-2032 19:16:55 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1694459816.yrts.1662923816#1694459816.yrtsi.1662923816; Expires=Mon, 11-Sep-2023 19:16:56 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 11-Sep-2022 19:16:56 GMT
last-modified: Sun, 11-Sep-2022 19:16:56 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/54239065/1?page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&hittoken=1662923816_c4b720d9e7321f13bb85b774f02d21c8620ad2f8fe2c93cbfb5cde2ce001acfc&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A62hjjpdks93ktul5nsnaw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A964612531438%3Ahid%3A771626295%3Az%3A0%3Ai%3A20220911191645%3Aet%3A1662923805%3Ac%3A1%3Arn%3A36717086%3Arqn%3A2%3Au%3A1662923805486355022%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662923801725%3Aco%3A0%3Apri%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3559%2C3559%2C0%2C%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662923805&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)

77.88.21.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/54239065/1?page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&hittoken=1662923816_c4b720d9e7321f13bb85b774f02d21c8620ad2f8fe2c93cbfb5cde2ce001acfc&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A62hjjpdks93ktul5nsnaw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A964612531438%3Ahid%3A771626295%3Az%3A0%3Ai%3A20220911191645%3Aet%3A1662923805%3Ac%3A1%3Arn%3A36717086%3Arqn%3A2%3Au%3A1662923805486355022%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662923801725%3Aco%3A0%3Apri%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3559%2C3559%2C0%2C%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662923805&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/54239065/1?page-url=http%3A%2F%2Fhumadecure.gq%2F%3Fs1%3Dmqmq%26s3%3Del&charset=utf-8&hittoken=1662923816_c4b720d9e7321f13bb85b774f02d21c8620ad2f8fe2c93cbfb5cde2ce001acfc&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A62hjjpdks93ktul5nsnaw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A964612531438%3Ahid%3A771626295%3Az%3A0%3Ai%3A20220911191645%3Aet%3A1662923805%3Ac%3A1%3Arn%3A36717086%3Arqn%3A2%3Au%3A1662923805486355022%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662923801725%3Aco%3A0%3Apri%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3559%2C3559%2C0%2C%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662923805&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 142
Origin: http://humadecure.gq
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Sun, 11 Sep 2022 19:16:56 GMT
access-control-allow-origin: http://humadecure.gq
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 11-Sep-2022 19:16:56 GMT
last-modified: Sun, 11-Sep-2022 19:16:56 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5752 bytes)
Hash
12666d69f9af3ceb23fdfc2100bd3226
c4d17e3ea44ef6dee9819c1586424e5f056f149c
054236a4d1f88a486f48b8f3a8ac01d21ec2179d5b1f3fc9791d0982d07a88a2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 5752
x-amzn-requestid: 622ffff0-1bd5-4eb4-a9ff-eb54c5ae44a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBrqiFiToAMF0tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f310-49efdcc572b4fad3543f857d;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:13:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VKsU4S6tKOso216JLUWn7b1bKDyfruIVukt98JooNCjwaXDT9bkPYQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:44:02 GMT
age: 77579
etag: "c4d17e3ea44ef6dee9819c1586424e5f056f149c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

dateexotic.com/agEA?usid=qqicj4lueau&email=johnmurphy%40weiss-ins.com&sub1=clear&prid=qqicj4lueau

216.119.156.49

302 Found

0 B

URL HTTP/2
dateexotic.com/agEA?usid=qqicj4lueau&email=johnmurphy%40weiss-ins.com&sub1=clear&prid=qqicj4lueau
IP
216.119.156.49:0
ASN
#46562 PERFORMIVE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /agEA?usid=qqicj4lueau&email=johnmurphy%40weiss-ins.com&sub1=clear&prid=qqicj4lueau HTTP/1.1
Host: dateexotic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx/1.18.0 (Ubuntu)
date: Sun, 11 Sep 2022 19:16:53 GMT
content-type: text/html; charset=UTF-8
location: https://alexatracker.com/?r=aHR0cHM6Ly9kYXRlZXhvdGljLmNvbS9hZ0VBP3VzaWQ9cXFpY2o0bHVlYXUmZW1haWw9am9obm11cnBoeSU0MHdlaXNzLWlucy5jb20mc3ViMT1jbGVhciZwcmlkPXFxaWNqNGx1ZWF1&h=caa4f92e034ce5e183b077887f5ce630
access-control-allow-origin: *
X-Firefox-Spdy: h2

dateexotic.com/agEA?usid=qqicj4lueau&email=johnmurphy%40weiss-ins.com&sub1=clear&prid=qqicj4lueau&tbsession=8240031674006385702&c=459880907

216.119.156.49

302 Found

0 B

URL HTTP/2
dateexotic.com/agEA?usid=qqicj4lueau&email=johnmurphy%40weiss-ins.com&sub1=clear&prid=qqicj4lueau&tbsession=8240031674006385702&c=459880907
IP
216.119.156.49:0
ASN
#46562 PERFORMIVE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /agEA?usid=qqicj4lueau&email=johnmurphy%40weiss-ins.com&sub1=clear&prid=qqicj4lueau&tbsession=8240031674006385702&c=459880907 HTTP/1.1
Host: dateexotic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 302 Found
server: nginx/1.18.0 (Ubuntu)
date: Sun, 11 Sep 2022 19:16:54 GMT
content-type: text/html; charset=UTF-8
location: http://146.190.228.148/gGsS7C?click_id=qqicj4lueau
set-cookie: trbarid=dc734a1eee4e7449e5f3dda0b7f9a5c1d504d584f7af45354a2ad1e88ddfb6a4a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bs%3A19%3A%228240031674006385702%22%3B%7D; expires=Sun, 15-Sep-2024 19:16:54 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
tbar_uc1=5628ec3f7055a76388fef45b9371c3c0ab870ef9dd580d24053db862bcb17eeea%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22tbar_uc1%22%3Bi%3A1%3Bs%3A32%3A%22am9obm11cnBoeUB3ZWlzcy1pbnMuY29t%22%3B%7D; expires=Sun, 15-Sep-2024 19:16:54 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Sep 2022 19:16:55 GMT
date: Sun, 11 Sep 2022 19:16:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

svntrk.com/assets/mqmq_631e3426ec895.js

104.21.82.62

200 OK

0 B

URL HTTP/2
svntrk.com/assets/mqmq_631e3426ec895.js
IP
104.21.82.62:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/mqmq_631e3426ec895.js HTTP/1.1
Host: svntrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://humadecure.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 11 Sep 2022 19:16:55 GMT
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: BYPASS
set-cookie: svnimp=631e342751966; path=/; secure; httponly; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kH4iBmzbtdbV7JWqm03w4muCnqw7dKdlSgfCQV0aPkuhbC%2Br%2BcQFV3JO49d%2Bqidx8OS%2BhcUV%2F156LyF2HJM9Qh%2BWJjU6yi2W2YwUbl27Cdr5Q0SaIZh2XyCO25TG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7492bd94ca6fb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (44)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size