queryitem.buzz Open in urlscan Pro
190.115.18.246 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://politra.site/
Effective URL:
https://queryitem.buzz/banking/
Submission: On September 18 via api (September 18th 2020, 3:34:07 am UTC) from DE

Summary HTTP 46 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 6 domains to perform 46 HTTP transactions. The main IP is 190.115.18.246, located in Belize and belongs to DDOS-GUARD CORP., BZ. The main domain is queryitem.buzz.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 17th 2020. Valid for: 3 months.

This is the only time queryitem.buzz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Banking (Banking)

Domain & IP information

	IP Address	AS Autonomous System
19	151.248.117.71 151.248.117.71	197695 (AS-REG) (AS-REG)
1	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a05:d014:286... 2a05:d014:286:3502:280f:5c03:88aa:6d81	16509 (AMAZON-02) (AMAZON-02)
1 1	176.119.30.22 176.119.30.22	30860 (YURTEH-AS) (YURTEH-AS)
1 25	190.115.18.246 190.115.18.246	262254 (DDOS-GUAR...) (DDOS-GUARD CORP.)
46	4

19 151.248.117.71 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: 151-248-117-71.ovz.vps.regruhosting.ru

politra.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d014:286:3502:280f:5c03:88aa:6d81 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

dd3.gertruda.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 176.119.30.22 (Ukraine) 1 redirects

ASN30860 (YURTEH-AS, UA)
PTR: dedicated.vsys.host

paymentcassa.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 190.115.18.246 (Belize) 1 redirects

ASN262254 (DDOS-GUARD CORP., BZ)
PTR: owner.bityoung.net

queryitem.buzz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	queryitem.buzz 1 redirects queryitem.buzz	325 KB
19	politra.site politra.site	751 KB
2	gstatic.com fonts.gstatic.com	49 KB
1	paymentcassa.xyz 1 redirects paymentcassa.xyz	570 B
1	gertruda.site 1 redirects dd3.gertruda.site	783 B
1	googleapis.com fonts.googleapis.com	1 KB
46	6

	Domain	Requested by
25	queryitem.buzz	1 redirects queryitem.buzz
19	politra.site	politra.site
2	fonts.gstatic.com	fonts.googleapis.com
1	paymentcassa.xyz	1 redirects
1	dd3.gertruda.site	1 redirects
1	fonts.googleapis.com	politra.site
46	6

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
queryitem.buzz Let's Encrypt Authority X3	`2020-09-17` - `2020-12-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://queryitem.buzz/banking/
Frame ID: 0274A37666D88EA002C32A6954561DDF
Requests: 46 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://politra.site/ Page URL
https://dd3.gertruda.site/go/30f0fb7c-86f0-4f98-ae08-0dd56f99b70c HTTP 302
https://paymentcassa.xyz/catalog?userId=15976556664206856&productId=15954098002106839 HTTP 301
https://queryitem.buzz/banking HTTP 301
http://queryitem.buzz/banking/ HTTP 307
https://queryitem.buzz/banking/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

46
Requests

59 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

4
IPs

4
Countries

1126 kB
Transfer

1235 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://politra.site/ Page URL
https://dd3.gertruda.site/go/30f0fb7c-86f0-4f98-ae08-0dd56f99b70c HTTP 302
https://paymentcassa.xyz/catalog?userId=15976556664206856&productId=15954098002106839 HTTP 301
https://queryitem.buzz/banking HTTP 301
http://queryitem.buzz/banking/ HTTP 307
https://queryitem.buzz/banking/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

46 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
politra.site/ 3 KB
4 KB 238ms
156ms Document
text/html 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: 0a182b0790b037a9ed7c583c022360c9255820a5772e27e4b721a6d9b25aa609

Request headers

Host: politra.site
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx/1.16.1
Date: Fri, 18 Sep 2020 03:33:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK mbr-additional.css
politra.site/assets/mobirise/css/ 27 KB
27 KB 91ms
91ms Stylesheet
text/css 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/mobirise/css/mbr-additional.css
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: e84dba9f108d29641144d828657344f1f21998fe917d97c1193c9e0ddb48c607

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Tue, 02 Jun 2020 02:33:42 GMT
Server: nginx/1.16.1
ETag: "5ed5ba86-6b83"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27523

GET
H/1.1 200
OK mobirise-icons.css
politra.site/assets/web/assets/mobirise-icons/ 7 KB
8 KB 199ms
171ms Stylesheet
text/css 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/web/assets/mobirise-icons/mobirise-icons.css
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: b0cf918213747e59ed554a87d5e821487bc728f2cbb3460d4a2f08735391c44d

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-1dbd"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7613

GET
H/1.1 200
OK bootstrap.min.css
politra.site/assets/bootstrap/css/ 150 KB
150 KB 194ms
166ms Stylesheet
text/css 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/bootstrap/css/bootstrap.min.css
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: 6b3bef53dc4a96ec07149d02a60b5fd026332bbce0b4ece79f3c55e3ddb85f5c

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-2565e"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 153182

GET
H/1.1 200
OK bootstrap-grid.min.css
politra.site/assets/bootstrap/css/ 47 KB
48 KB 199ms
171ms Stylesheet
text/css 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/bootstrap/css/bootstrap-grid.min.css
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: e6d573b7daafdee530dc4204ffb40f9bd192b3f65ed11a0bf02b18b909bca8a8

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-bd68"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 48488

GET
H/1.1 200
OK bootstrap-reboot.min.css
politra.site/assets/bootstrap/css/ 4 KB
4 KB 185ms
158ms Stylesheet
text/css 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/bootstrap/css/bootstrap-reboot.min.css
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: e9493663951399b6e85a64aae34b39277c0d0ede93cc852fb1ee540179160a32

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-efc"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3836

GET
H/1.1 200
OK tether.min.css
politra.site/assets/tether/ 237 B
473 B 190ms
163ms Stylesheet
text/css 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/tether/tether.min.css
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: cb84c37000f8fe3e68e24799be081febdf02afd39cec967e80631ac76dea9950

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-ed"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 237

GET
H/1.1 200
OK style.css
politra.site/assets/dropdown/css/ 8 KB
8 KB 254ms
91ms Stylesheet
text/css 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/dropdown/css/style.css
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: 38892acc026f0badcbb38eb0b148470f4e57821ae04c892a2cee50b5e0968d35

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-1f2e"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7982

GET
H/1.1 200
OK style.css
politra.site/assets/theme/css/ 23 KB
23 KB 277ms
92ms Stylesheet
text/css 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/theme/css/style.css
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: c85ed882b96aeda4e35852af334388ac4845daf0c0f5fd9142b0fe564ff37c76

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-5b39"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23353

GET
H/1.1 200
OK jquery.min.js Show response
politra.site/assets/web/assets/jquery/ 94 KB
94 KB 284ms
94ms Script
application/javascript 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/web/assets/jquery/jquery.min.js
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-176bb"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 95931

GET
H/1.1 200
OK popper.min.js Show response
politra.site/assets/popper/ 19 KB
19 KB 297ms
98ms Script
application/javascript 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/popper/popper.min.js
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: 3675f226f985b64eea6ae8544d5496a32d19993aae1ac4a3fa101263ef3206f7

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-4a32"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18994

GET
H/1.1 200
OK bootstrap.min.js Show response
politra.site/assets/bootstrap/js/ 54 KB
55 KB 347ms
90ms Script
application/javascript 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/bootstrap/js/bootstrap.min.js
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: eb795deda8983fa5310627c9584cf3f3b95d272567113500059018b3941cb267

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-d9df"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 55775

GET
H/1.1 200
OK tether.min.js Show response
politra.site/assets/tether/ 23 KB
23 KB 405ms
98ms Script
application/javascript 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/tether/tether.min.js
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: 0a0416e386e436583f5f49242104677e6b16b1aa693d86f32d76845e26081f96

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-5ab1"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23217

GET
H/1.1 200
OK smooth-scroll.js Show response
politra.site/assets/smoothscroll/ 25 KB
25 KB 443ms
98ms Script
application/javascript 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/smoothscroll/smooth-scroll.js
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: c91f338f6adfb67bcf0ef83e714b8ab54799f47111d589e380590d063b8bf273

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-63e1"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25569

GET
H/1.1 200
OK nav-dropdown.js Show response
politra.site/assets/dropdown/js/ 18 KB
19 KB 439ms
92ms Script
application/javascript 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/dropdown/js/nav-dropdown.js
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: d9e800dab50c202621225b605347fedc067286e5fce53a90523f5e4fa404f331

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-49e1"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18913

GET
H/1.1 200
OK navbar-dropdown.js Show response
politra.site/assets/dropdown/js/ 3 KB
4 KB 513ms
98ms Script
application/javascript 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/dropdown/js/navbar-dropdown.js
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: 37234ac494ee7d7ffc1ac3f66c44a41ef041c1cc373d07ff2e059dc7f820a2f8

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-db3"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3507

GET
H/1.1 200
OK jquery.touch-swipe.min.js Show response
politra.site/assets/touchswipe/ 20 KB
20 KB 506ms
91ms Script
application/javascript 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/touchswipe/jquery.touch-swipe.min.js
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: a10d7edb8fd307f469beaaa75a725e4bdae24a1b867f5bc7960f01e25c99d8e1

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Thu, 06 Feb 2020 11:26:44 GMT
Server: nginx/1.16.1
ETag: "5e3bf7f4-4fbc"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20412

GET
H/1.1 200
OK script.js Show response
politra.site/assets/theme/js/ 48 KB
49 KB 511ms
95ms Script
application/javascript 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://politra.site/assets/theme/js/script.js
Requested by: Host: politra.site
URL: http://politra.site/
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: 696ed8dbb81def0d7d7dca1a37e2d12503f02812cc4eee32c111b74b5fbf928c

Request headers

Referer: http://politra.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Tue, 02 Jun 2020 02:33:42 GMT
Server: nginx/1.16.1
ETag: "5ed5ba86-c125"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 49445

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 35ms
16ms Stylesheet
text/css 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Requested by

Host: politra.site
URL: http://politra.site/assets/mobirise/css/mbr-additional.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3e54661f037005c924f84dec44667c035230ca2e6aa2189f876cdd164e63497f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://politra.site/assets/mobirise/css/mbr-additional.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Sep 2020 03:33:51 GMT
server: ESF
date: Fri, 18 Sep 2020 03:33:51 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Sep 2020 03:33:51 GMT

GET
H/1.1 200
OK mbr-2-1920x1280.jpg
politra.site/assets/images/ 173 KB
173 KB 99ms
98ms Image
image/jpeg 151.248.117.71
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://politra.site/assets/images/mbr-2-1920x1280.jpg
Requested by: Host: politra.site
URL: http://politra.site/assets/mobirise/css/mbr-additional.css
Protocol: HTTP/1.1
Server: 151.248.117.71 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 151-248-117-71.ovz.vps.regruhosting.ru
Software: nginx/1.16.1 /
Resource Hash: 001fbefba92198b95cba822cb3e9a8d327091edfa506f8567eae13a8dc63cae6

Request headers

Referer: http://politra.site/assets/mobirise/css/mbr-additional.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 03:33:51 GMT
Last-Modified: Tue, 02 Jun 2020 02:33:42 GMT
Server: nginx/1.16.1
ETag: "5ed5ba86-2b205"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 176645

GET
H2 200 iJWKBXyIfDnIV7nBrXyw023e.woff2
fonts.gstatic.com/s/rubik/v10/ 35 KB
35 KB 24ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v10/iJWKBXyIfDnIV7nBrXyw023e.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94a3e45058a7b47f7be41076681170ca8a88722541f96f0d6ebd7d97d5452225

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://politra.site
Referer: https://fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:07:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 Aug 2020 17:51:34 GMT
server: sffe
age: 325586
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35516
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:07:25 GMT

GET
H3-Q050 200 iJWKBXyIfDnIV7nFrXyw023e1Ik.woff2
fonts.gstatic.com/s/rubik/v10/ 14 KB
14 KB 26ms
13ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v10/iJWKBXyIfDnIV7nFrXyw023e1Ik.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3f83374b4ec7a38e2e21ad44f9c3bee9567a2e8003a8695d7de24ebf4f810f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://politra.site
Referer: https://fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:12:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 Aug 2020 17:48:48 GMT
server: sffe
age: 325293
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14180
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:12:18 GMT

GET
H2

200

Primary Request / Show response
queryitem.buzz/banking/
Redirect Chain

https://dd3.gertruda.site/go/30f0fb7c-86f0-4f98-ae08-0dd56f99b70c
https://paymentcassa.xyz/catalog?userId=15976556664206856&productId=15954098002106839
https://queryitem.buzz/banking
http://queryitem.buzz/banking/
https://queryitem.buzz/banking/

8 KB
3 KB

92ms
92ms

Document
text/html

190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to

Full URL

https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

e6cf9247eb9d4d2ca34a5b22a8011f740ba6d582d55f603bca1c4da45cbceee8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

:method: GET
:authority: queryitem.buzz
:scheme: https
:path: /banking/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: http://politra.site/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __ddg1=PYk23RL9CvjVsFW5eA52
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://politra.site/

Response headers

status: 200
server: ddos-guard
strict-transport-security: max-age=2628000
content-security-policy: upgrade-insecure-requests;
date: Fri, 18 Sep 2020 03:33:57 GMT
last-modified: Sun, 09 Aug 2020 00:09:36 GMT
etag: W/"1ebe-5ac66a73e4b52"
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding

Redirect headers

Location: https://queryitem.buzz/banking/
Non-Authoritative-Reason: HSTS

GET
H2 200 trustuniEPbnk.css
queryitem.buzz/banking/ 4 KB
774 B 92ms
92ms Stylesheet
text/css 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to

Full URL

https://queryitem.buzz/banking/trustuniEPbnk.css

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

f175f0beee2c45e190e07d8171e5bca9f96d14ea154440b3da82d4ba2a64fd91

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
content-encoding: br
last-modified: Sun, 09 Aug 2020 00:09:36 GMT
server: ddos-guard
etag: W/"e4f-5ac66a73e89d2"
vary: Accept-Encoding
content-type: text/css
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes

GET
H2 200 index.css
queryitem.buzz/banking/ 91 KB
8 KB 132ms
132ms Stylesheet
text/css 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to

Full URL

https://queryitem.buzz/banking/index.css

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

0ff0448cc3005328fd2365cf91c03b10f451e15f5718bebdae34c48174261bd3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
content-encoding: br
last-modified: Sun, 09 Aug 2020 00:09:36 GMT
server: ddos-guard
etag: W/"16c37-5ac66a73dda0a"
vary: Accept-Encoding
content-type: text/css
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes

GET
H2 200 11.png
queryitem.buzz/banking/images/ 33 KB
34 KB 136ms
132ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/11.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

0075174bdf083d22b69003025b3f6caeb9b3efe2526767c21d2ffb789bf48109

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "85a2-5ac66a73b3643"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 34210

GET
H2 200 n1.png
queryitem.buzz/banking/images/ 867 B
917 B 167ms
162ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/n1.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

7743b93bfe418d7c0daaf0911fb442de1e50ae11d8048864fa25db7a147edf6b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "363-5ac66a73ab943"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 867

GET
H2 200 ftr8899.png
queryitem.buzz/banking/images/ 9 KB
10 KB 924ms
920ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/ftr8899.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

41d82061b87b8339aaf1aef9dd32c3dbb8c1994bcaaf0716fdb8451b47b20a1f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "25db-5ac66a73d2272"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:33:58 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 9691

GET
H2 200 1291-201904181109032.gif
queryitem.buzz/banking/images/ 88 KB
88 KB 174ms
170ms Image
image/gif 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/1291-201904181109032.gif

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

01334268dcf9acf9cf06d013256802ac5ae71c8c8dd3102eb39bc1e89a307d29

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "160d2-5ac66a73a961b"
content-type: image/gif
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 90322

GET
H2 200 verified-by-visa-logo.svg
queryitem.buzz/banking/ 3 KB
2 KB 161ms
157ms Image
image/svg+xml 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/verified-by-visa-logo.svg

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

9212a8bed1938a6109be0258dfbcb60931d60b0259d399e249b6a34c13696bdd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
content-encoding: br
last-modified: Sun, 09 Aug 2020 00:09:36 GMT
server: ddos-guard
etag: W/"dc6-5ac66a73ed7f2"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes

GET
H2 200 mastercard-secure-code-2016.svg
queryitem.buzz/banking/ 13 KB
5 KB 166ms
163ms Image
image/svg+xml 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/mastercard-secure-code-2016.svg

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

2ce089b517a8559f8ed0aa90caea5e1707650add0f73f6a8154daa842d5d7ed6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
content-encoding: br
last-modified: Sun, 09 Aug 2020 00:09:36 GMT
server: ddos-guard
etag: W/"3586-5ac66a73dbeb2"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes

GET
H2 200 fca-regulated.png
queryitem.buzz/banking/images/ 3 KB
3 KB 1930ms
1926ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/fca-regulated.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

ea0b1c5dc1558c5461a8ea624ec765aeaaa940a9ab993511764482113046b517

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "db5-5ac66a73b45e3"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:33:59 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 3509

GET
H2 200 bltick.png
queryitem.buzz/banking/images/ 2 KB
2 KB 1930ms
1927ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/bltick.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

c5ebdf18386412cab54216d97a4b908d467b0710dccc137661030c5488795f04

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "6af-5ac66a73ca572"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:33:59 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 1711

GET
H2 200 img0009.png
queryitem.buzz/banking/images/ 282 B
330 B 3959ms
3955ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/img0009.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

5d436540aa29aff5d390c9835d4b567f2fb1592b6d6fe7617c773fa9932846e1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "11a-5ac66a73ccc82"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:01 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 282

GET
H2 200 113.png
queryitem.buzz/banking/images/ 5 KB
5 KB 3961ms
3958ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/113.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

4835f303e137faa6cabdfec2ce6528d277f5978e5a8928fac4630ecb909e59a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "13e0-5ac66a73bf992"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:01 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 5088

GET
H2 200 img0014.png
queryitem.buzz/banking/images/ 2 KB
2 KB 3959ms
3956ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/img0014.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

d3fb4bc8dc0f390a225e831b13eb87f1269cc6bc8a75f6faa488d629255a1701

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "6f7-5ac66a73ca18a"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:01 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 1783

GET
H2 200 logo_blue.png
queryitem.buzz/banking/images/ 605 B
655 B 2964ms
2962ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/logo_blue.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

c0620157eaca321164b33c0879a350c4fb38ed05f6857677a21f9fb4d28b202f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "25d-5ac66a73a4413"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:00 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 605

GET
H2 200 img0006.png
queryitem.buzz/banking/images/ 233 B
305 B 3955ms
3953ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/img0006.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

2b37a9cfae3aec838fd20b03d76ed964cd6690d7e2b07ea6e3c15ed042231b39

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "e9-5ac66a73bedda"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:01 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 233

GET
H2 200 img0001.png
queryitem.buzz/banking/images/ 2 KB
2 KB 2960ms
2957ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/img0001.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

7e32f5c5c2eac447529192b5eb32029283b2cb45f1f3ad6f54d2ea8342935b5a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "8d7-5ac66a73b1703"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:00 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 2263

GET
H2 200 img0013.png
queryitem.buzz/banking/images/ 3 KB
3 KB 3961ms
3959ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/img0013.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

4b3809a80be876bdefd4eb66252e55e193499c5c77aae1a4dd8e9c687448f1e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "a96-5ac66a73b4db3"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:01 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 2710

GET
H2 200 B7Qh_OGIgAMzeE9.png%20large.png
queryitem.buzz/banking/images/ 44 KB
44 KB 3965ms
3963ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/B7Qh_OGIgAMzeE9.png%20large.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

1a51271a2e4ed6f1022f323e14d7d254c6580485db901f26a30f3cfefbcdea9b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "afa6-5ac66a73a7ac3"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:01 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 44966

GET
H2 200 MSR-1110231784.png
queryitem.buzz/banking/images/ 39 KB
39 KB 2962ms
2960ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/MSR-1110231784.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

6d94ffea9556956578b07c893020c98cd5fc9d134c14f7f072c461eb94149f22

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "9a4a-5ac66a73d0332"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:00 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 39498

GET
H2 200 img0010.png
queryitem.buzz/banking/images/ 233 B
282 B 2961ms
2959ms Image
image/png 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://queryitem.buzz/banking/images/img0010.png

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

2b37a9cfae3aec838fd20b03d76ed964cd6690d7e2b07ea6e3c15ed042231b39

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://queryitem.buzz/banking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: "e9-5ac66a73c3bfa"
content-type: image/png
status: 200
date: Fri, 18 Sep 2020 03:34:00 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 233

GET
H2 200 GothamPro-Light.html
queryitem.buzz/banking/ 14 KB
14 KB 97ms
96ms Font
text/html 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to

Full URL

https://queryitem.buzz/banking/GothamPro-Light.html

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/trustuniEPbnk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

033429cef726a2bdb5d4220d3bb73e5623c5dda76af43a6779959f6bf83ee8b1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Origin: https://queryitem.buzz
Referer: https://queryitem.buzz/banking/trustuniEPbnk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
content-encoding: br
last-modified: Sun, 09 Aug 2020 00:09:36 GMT
server: ddos-guard
etag: W/"387c-5ac66a740898a"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes

GET
H2 200 MicraDi.html
queryitem.buzz/banking/ 10 KB
10 KB 94ms
94ms Font
text/html 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to

Full URL

https://queryitem.buzz/banking/MicraDi.html

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/trustuniEPbnk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

e7ac2871db7d8a7d1f925d66bed0d09ac0ec43103c827b8f51ca24afb71dd1c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Origin: https://queryitem.buzz
Referer: https://queryitem.buzz/banking/trustuniEPbnk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
content-encoding: br
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: W/"2758-5ac66a7396953"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes

GET
H2 200 DroidSans.html
queryitem.buzz/banking/ 49 KB
49 KB 95ms
94ms Font
text/html 190.115.18.246
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to

Full URL

https://queryitem.buzz/banking/DroidSans.html

Requested by

Host: queryitem.buzz
URL: https://queryitem.buzz/banking/trustuniEPbnk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

owner.bityoung.net

Software

ddos-guard /

Resource Hash

7346fa2af89b79704bbe3fb05d211b3150c9b67fa8ce8ac625cd4e68c12abc01

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2628000

Request headers

Origin: https://queryitem.buzz
Referer: https://queryitem.buzz/banking/trustuniEPbnk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=2628000
content-encoding: br
last-modified: Sun, 09 Aug 2020 00:09:35 GMT
server: ddos-guard
etag: W/"c378-5ac66a7394dfb"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 200
date: Fri, 18 Sep 2020 03:33:57 GMT
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Banking (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| get_cookie undefined| url function| noselect

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dd3.gertruda.site
fonts.googleapis.com
fonts.gstatic.com
paymentcassa.xyz
politra.site
queryitem.buzz
151.248.117.71
176.119.30.22
190.115.18.246
2a00:1450:4001:800::2003
2a00:1450:4001:819::200a
2a05:d014:286:3502:280f:5c03:88aa:6d81
001fbefba92198b95cba822cb3e9a8d327091edfa506f8567eae13a8dc63cae6
0075174bdf083d22b69003025b3f6caeb9b3efe2526767c21d2ffb789bf48109
01334268dcf9acf9cf06d013256802ac5ae71c8c8dd3102eb39bc1e89a307d29
033429cef726a2bdb5d4220d3bb73e5623c5dda76af43a6779959f6bf83ee8b1
0a0416e386e436583f5f49242104677e6b16b1aa693d86f32d76845e26081f96
0a182b0790b037a9ed7c583c022360c9255820a5772e27e4b721a6d9b25aa609
0ff0448cc3005328fd2365cf91c03b10f451e15f5718bebdae34c48174261bd3
1a51271a2e4ed6f1022f323e14d7d254c6580485db901f26a30f3cfefbcdea9b
2b37a9cfae3aec838fd20b03d76ed964cd6690d7e2b07ea6e3c15ed042231b39
2ce089b517a8559f8ed0aa90caea5e1707650add0f73f6a8154daa842d5d7ed6
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
3675f226f985b64eea6ae8544d5496a32d19993aae1ac4a3fa101263ef3206f7
37234ac494ee7d7ffc1ac3f66c44a41ef041c1cc373d07ff2e059dc7f820a2f8
38892acc026f0badcbb38eb0b148470f4e57821ae04c892a2cee50b5e0968d35
3e54661f037005c924f84dec44667c035230ca2e6aa2189f876cdd164e63497f
41d82061b87b8339aaf1aef9dd32c3dbb8c1994bcaaf0716fdb8451b47b20a1f
4835f303e137faa6cabdfec2ce6528d277f5978e5a8928fac4630ecb909e59a2
4b3809a80be876bdefd4eb66252e55e193499c5c77aae1a4dd8e9c687448f1e8
5d436540aa29aff5d390c9835d4b567f2fb1592b6d6fe7617c773fa9932846e1
696ed8dbb81def0d7d7dca1a37e2d12503f02812cc4eee32c111b74b5fbf928c
6b3bef53dc4a96ec07149d02a60b5fd026332bbce0b4ece79f3c55e3ddb85f5c
6d94ffea9556956578b07c893020c98cd5fc9d134c14f7f072c461eb94149f22
7346fa2af89b79704bbe3fb05d211b3150c9b67fa8ce8ac625cd4e68c12abc01
7743b93bfe418d7c0daaf0911fb442de1e50ae11d8048864fa25db7a147edf6b
7e32f5c5c2eac447529192b5eb32029283b2cb45f1f3ad6f54d2ea8342935b5a
9212a8bed1938a6109be0258dfbcb60931d60b0259d399e249b6a34c13696bdd
94a3e45058a7b47f7be41076681170ca8a88722541f96f0d6ebd7d97d5452225
a10d7edb8fd307f469beaaa75a725e4bdae24a1b867f5bc7960f01e25c99d8e1
b0cf918213747e59ed554a87d5e821487bc728f2cbb3460d4a2f08735391c44d
c0620157eaca321164b33c0879a350c4fb38ed05f6857677a21f9fb4d28b202f
c5ebdf18386412cab54216d97a4b908d467b0710dccc137661030c5488795f04
c85ed882b96aeda4e35852af334388ac4845daf0c0f5fd9142b0fe564ff37c76
c91f338f6adfb67bcf0ef83e714b8ab54799f47111d589e380590d063b8bf273
cb84c37000f8fe3e68e24799be081febdf02afd39cec967e80631ac76dea9950
d3fb4bc8dc0f390a225e831b13eb87f1269cc6bc8a75f6faa488d629255a1701
d9e800dab50c202621225b605347fedc067286e5fce53a90523f5e4fa404f331
e6cf9247eb9d4d2ca34a5b22a8011f740ba6d582d55f603bca1c4da45cbceee8
e6d573b7daafdee530dc4204ffb40f9bd192b3f65ed11a0bf02b18b909bca8a8
e7ac2871db7d8a7d1f925d66bed0d09ac0ec43103c827b8f51ca24afb71dd1c0
e84dba9f108d29641144d828657344f1f21998fe917d97c1193c9e0ddb48c607
e9493663951399b6e85a64aae34b39277c0d0ede93cc852fb1ee540179160a32
ea0b1c5dc1558c5461a8ea624ec765aeaaa940a9ab993511764482113046b517
eb795deda8983fa5310627c9584cf3f3b95d272567113500059018b3941cb267
f175f0beee2c45e190e07d8171e5bca9f96d14ea154440b3da82d4ba2a64fd91
f3f83374b4ec7a38e2e21ad44f9c3bee9567a2e8003a8695d7de24ebf4f810f7

queryitem.buzz Open in urlscan Pro 190.115.18.246 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

46 Requests

59 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

4 IPs

4 Countries

1126 kBTransfer

1235 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

46 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

queryitem.buzz Open in urlscan Pro
190.115.18.246 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

46
Requests

59 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

4
IPs

4
Countries

1126 kB
Transfer

1235 kB
Size

0
Cookies

46 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!