Report - umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019

Report Overview

Submitted URL
umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019
IP
68.65.122.97
ASN
#22612 NAMECHEAP-NET
Submitted
2022-11-06 22:22:39
Access
Website Title
Final URL
Tags
None
urlquery detections
Scam / Fake AntiVirus

Detections

urlquery
1
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-10T11:39:59Z	1.0 kB	2.2 kB	23.36.77.32
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	35.162.125.72
ios-protection.com	unknown	2020-11-18T11:16:10Z	2023-03-09T03:04:20Z	844 B	7.6 kB	172.67.163.136
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.4 kB	3.5 kB	23.36.77.32
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	337 B	1.5 kB	34.102.187.140
umbra.lol	unknown	2022-09-19T15:01:11Z	2022-11-13T00:56:06Z	3.0 kB	7.9 kB	68.65.122.97
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-10T14:35:32Z	340 B	963 B	172.64.155.188
track.umbra.lol	unknown	2022-09-19T14:52:05Z	2022-11-17T13:45:25Z	904 B	3.2 kB	18.195.30.247
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	66 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-06	medium	ios-protection.com/en/imitatenobr/en/sounds/alert.mp3	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019	238 B	2023-03-07	2024-04-25
Pretty URL umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019 IP 68.65.122.97 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:17 Last Seen2024-04-25 08:18:13 Times Seen522 Hash 22f13f5105f47f008d9ed8b92e4fb3de fc8379d3582793c045134fdd9b284fbc2e74e6c1 1bc052f19111f4bc87f69f615af33efd4418e9b091994449594e363c52ea78b1 Loading...

	umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019	271 B	2023-03-07	2024-04-25
Pretty URL umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019 IP 68.65.122.97 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:17 Last Seen2024-04-25 08:18:13 Times Seen677 Hash 426d981faf3564a38cb9c8ec790e44c9 eae89cff5dbbe29dc7d381b45c4825b6087a7ea7 cd93f6d6fed9ae49dfc3e2941c86602a56d63e0e035fce5ef8308837e58040d3 Loading...

	umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019	1.6 kB	2023-03-08	2023-03-11
Pretty URL umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019 IP 68.65.122.97 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:07:12 Last Seen2023-03-11 10:30:15 Times Seen1 Hash 94fb72bff1c0166bffd2f70b81b1795a a5228d806b421111a5eba87b692b74727b7b35fe 4e33b6e49489c70dc4f3322257e664311b8fd24454ba6462bef778d91f123a13 Loading...

	track.umbra.lol/d/.js?lpref=&lpurl=https%3A%2F%2Fumbra.lol%2Fland2%2F671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html%3Fcep%3DG-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F%26lptoken%3D1615673a774051203019%23&lpt=Attention!&vtm=1667773346906	2.9 kB	2023-03-10	2023-03-10
Pretty URL track.umbra.lol/d/.js?lpref=&lpurl=https%3A%2F%2Fumbra.lol%2Fland2%2F671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html%3Fcep%3DG-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F%26lptoken%3D1615673a774051203019%23&lpt=Attention!&vtm=1667773346906 IP 18.195.30.247 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 22:46:40 Last Seen2023-03-10 22:46:40 Times Seen1 Hash 7dff778b938b3ab219ff3cb5da637893 3d2c1c3dc4f11d288a5bb7acaa2850ed5a12960a 829471c924cc9a5ce4535b2810b1114c72bb270fe10a24ce342d6d551b6e94a2 Loading...

	umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019	601 B	2023-03-07	2024-04-25
Pretty URL umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019 IP 68.65.122.97 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:17 Last Seen2024-04-25 08:18:13 Times Seen676 Hash b738e4a94342c9029a68af1bca744dec b79c34bf921ac3691e66d8e6ddfb7f0b99b24328 6baab8412a05e092ca9fbe0b79c0f52d2c726bd5159e319fddcf37283058fcae Loading...

	umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019	52 B	2023-03-07	2024-04-25
Pretty URL umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019 IP 68.65.122.97 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:17 Last Seen2024-04-25 08:18:13 Times Seen676 Hash 0250139e98226bca995f9d23b2c3aa68 3657b84800b258d962c74f0db32405d385fe4c83 5f2a71f64ae7702734962d9d4a297cb5bf6034a170e4d368bb8a292e6044e167 Loading...

		Size	First Seen	Last Seen
	#1 Write - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 16:24:51 Times Seen37066615 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (26)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c7a8ba48383a0e56baca8c8c41b81a04
b04c1f1e730a71f17ff639c9db697c532d4e5421
7860552382285e6eddddc5226c6f6400caa3f6fc3cb4b8a2d550c6fc653f78bb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7860552382285E6EDDDDC5226C6F6400CAA3F6FC3CB4B8A2D550C6FC653F78BB"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7183
Expires: Mon, 07 Nov 2022 00:22:11 GMT
Date: Sun, 06 Nov 2022 22:22:28 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4834
Cache-Control: max-age=134949
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:22:28 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 11:51:37 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 06 Nov 2022 21:43:20 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2348
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d8c32b2fb818533a5b3fe5c69157bde9
93594fd3fc50d9d444c28660eabba1edbe4f0588
df8b8ce7a83d11fbe075c8780103c509654f288b5d757d64b696d861a11f3c7f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF8B8CE7A83D11FBE075C8780103C509654F288B5D757D64B696D861A11F3C7F"
Last-Modified: Sun, 06 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4962
Expires: Sun, 06 Nov 2022 23:45:10 GMT
Date: Sun, 06 Nov 2022 22:22:28 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: OKA1vIZ0FiDaBDUcCnf3h8U6WwS/jIKEiZffrenmV2oZ7QuvNMOn+ANrVCrMA71hz2RhYpz8oWY=
x-amz-request-id: X3RQT72YD51GH3A9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 06 Nov 2022 21:47:47 GMT
age: 2081
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019

68.65.122.97

301 Moved Permanently

707 B

URL HTTP/1.1
umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019
IP
68.65.122.97:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019 HTTP/1.1
Host: umbra.lol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 06 Nov 2022 22:22:28 GMT
server: LiteSpeed
location: https://umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019
x-turbo-charged-by: LiteSpeed

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 22:22:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
54cddd432c7d2f00e488a3bf9b0f0a74
c5c945a7a8e2155d219e32879292fc990c354b89
9bb04eb66771fe0a76a4482e64d7c54a11bf8ef45a8b3d72903e51594202def7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 06 Nov 2022 22:22:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 05 Nov 2022 17:11:13 GMT
Expires: Sat, 12 Nov 2022 17:11:12 GMT
Etag: "c5c945a7a8e2155d219e32879292fc990c354b89"
Cache-Control: max-age=499123,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76613a651a0cb4ff-OSL

68.65.122.97

200 OK

4.7 kB

URL HTTP/2
umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019
IP
68.65.122.97:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (514)
Size
4.7 kB (4704 bytes)
Hash
39e04879e2064788c963f8e15b9455cc
c79748533772ebfb1b38b20fadccb824e536bc09
c5bea4d7e61c32f44a93a9be996805c059f4d02fa69d1156212836a7f894af9f

HTTP Headers

GET /land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019 HTTP/1.1
Host: umbra.lol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 28 Sep 2022 10:33:24 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4704
date: Sun, 06 Nov 2022 22:22:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d862f992e9902530594e7aca425f129b
25b414fe833d30b52928535d659a1ee281b82e3a
0c6286152fe8bb5fdf1505f2001d530a65ee53aa6d9601bbb1eecb683036071d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4599
Cache-Control: max-age=129662
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:22:28 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 10:23:30 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
0b1c0ce71472c4771ec26b3c0b6caa3f
a490d46b533f616556669a93116fc05993ce2128
872472dcc46f3e472fb5c7556a7d3c145b1beb3ded88ffdfa1c456a3ded65ea1

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "872472DCC46F3E472FB5C7556A7D3C145B1BEB3DED88FFDFA1C456A3DED65EA1"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21535
Expires: Mon, 07 Nov 2022 04:21:24 GMT
Date: Sun, 06 Nov 2022 22:22:29 GMT
Connection: keep-alive

track.umbra.lol/d/.js?lpref=&lpurl=https%3A%2F%2Fumbra.lol%2Fland2%2F671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html%3Fcep%3DG-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F%26lptoken%3D1615673a774051203019%23&lpt=Attention!&vtm=1667773346906

18.195.30.247

200 OK

2.9 kB

URL HTTP/2
track.umbra.lol/d/.js?lpref=&lpurl=https%3A%2F%2Fumbra.lol%2Fland2%2F671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html%3Fcep%3DG-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F%26lptoken%3D1615673a774051203019%23&lpt=Attention!&vtm=1667773346906
IP
18.195.30.247:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (874)
Size
2.9 kB (2902 bytes)
Hash
7dff778b938b3ab219ff3cb5da637893
3d2c1c3dc4f11d288a5bb7acaa2850ed5a12960a
829471c924cc9a5ce4535b2810b1114c72bb270fe10a24ce342d6d551b6e94a2

HTTP Headers

GET /d/.js?lpref=&lpurl=https%3A%2F%2Fumbra.lol%2Fland2%2F671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html%3Fcep%3DG-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F%26lptoken%3D1615673a774051203019%23&lpt=Attention!&vtm=1667773346906 HTTP/1.1
Host: track.umbra.lol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://umbra.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 22:22:29 GMT
content-type: application/javascript;charset=UTF-8
content-length: 2902
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.162.125.72

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.125.72:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ntbptpoyio8OTigQS5AJzw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2uBlONMxj9ML5H8/gW9Z/vYxTuk=

e1.o.lencr.org/

23.36.77.32

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
dfaf6e9c3b61921732955af1fb21c2ab
3747df6876b7ff05383b0c6f9bb25a6b5fcc799e
fa6e2ded205fdef89ef8084d26e5ebdfcf4297f15d91609bfbf103e2d078fb23

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "FA6E2DED205FDEF89EF8084D26E5EBDFCF4297F15D91609BFBF103E2D078FB23"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21544
Expires: Mon, 07 Nov 2022 04:21:33 GMT
Date: Sun, 06 Nov 2022 22:22:29 GMT
Connection: keep-alive

ios-protection.com/en/imitatenobr/en/icon.png

172.67.163.136

200 OK

6.0 kB

URL HTTP/2
ios-protection.com/en/imitatenobr/en/icon.png
IP
172.67.163.136:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 60 x 60, 8-bit/color RGB, non-interlaced\012- data
Size
6.0 kB (5993 bytes)
Hash
f3bd4c11560fd617cabaddc46c090032
6e6c962e561af2b30f374c480a70f6571023dd40
ae5f00ff823451639b66cb0ea59c4e62f89ca43ab299e978bfdae02a163abfba

HTTP Headers

GET /en/imitatenobr/en/icon.png HTTP/1.1
Host: ios-protection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://umbra.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:22:29 GMT
content-type: image/png
content-length: 5993
last-modified: Thu, 08 Sep 2022 08:48:24 GMT
etag: "6319ac58-1769"
expires: Sat, 05 Nov 2022 21:48:07 GMT
cache-control: max-age=86400
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
referrer-policy: strict-origin
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kARdiFzkVT1qrvM43pIGMZYSerQNehjpOZVhg3Zlo37vSiTU7%2F0Mlnvyn%2Bvrad5z0TPMHYT01AEhfqglZdfBeVSrwcMEKZwh5Lc1tpim0Z%2FJVzXzTukh2R7CZ6r0LL1K8dtP42c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76613a68fb19b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
dfaf6e9c3b61921732955af1fb21c2ab
3747df6876b7ff05383b0c6f9bb25a6b5fcc799e
fa6e2ded205fdef89ef8084d26e5ebdfcf4297f15d91609bfbf103e2d078fb23

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "FA6E2DED205FDEF89EF8084D26E5EBDFCF4297F15D91609BFBF103E2D078FB23"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21544
Expires: Mon, 07 Nov 2022 04:21:33 GMT
Date: Sun, 06 Nov 2022 22:22:29 GMT
Connection: keep-alive

umbra.lol/favicon.ico

68.65.122.97

404 Not Found

1.2 kB

URL HTTP/2
umbra.lol/favicon.ico
IP
68.65.122.97:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: umbra.lol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://umbra.lol/land2/671b7c6f53f2ee47457300ca369f1d5516e3a8c0.html?cep=G-XWGnl3GO9TxIDUCtzRH1LjAbdj29mchzFOARd1Dzt6Mq-qJIhHpf4EIvgw1auw49F0HZ3HEIsDydfQAkt3bnXoNqRHQJcsZNlVqwEbhzFijDTqx8wZmaBepGSVRLkUeyuLo3C4qTSYSuSNrbQexXhwwOmeSd6mE6TONf1lkoSnlQajRLWurLkUTsdgdwokZOy5NQOVuiguzkE_NNAAQBN0zxnjRnTF52jAB-Z-AYCPdGWRoSxI6CH4FGNU6stuEvE8O6_xl63KBtsdPEXLw7KEejJzd9JBKV8lxyaZX-bngcuHgFEbyd2A-vq0GmwBUr11UyKQwZooHerFKd2OZk8V825LGgheC5tPjXfVW_HpcBK-XyKG4msocdHALe1F&lptoken=1615673a774051203019
Cookie: vl-cep=cep=tQ_6w7NLp7SI2xo-RATpDfY3_d_nUjsFkkRdSGet58tqmzFam6X0bd5z2iK0EDbOJs5u96TbSQlmq4h2dWuvIiJStmfGqBG4HNuxpVrscDCgZ_aIdR04nXWi2qIillAwG7wsAh6Csd7zNrxoNnEF9vF_kdvBP-tBqgDzHenP5e7nwLajaVSkalE7gDQucDY512q5AEbUuIW2SWWyD9k1j0WCwGqb5ITKoCC0_ic_tQrdMYm4nDfnw5DF4dxI8WezTgsVT8ChsVpJ8BVxL2vGCDnaDEFlXQEBcbr6vAmRQfZLPscj6IwpV2A24s8kwPddcYWkScGBA5pYqF4_nSLvmlu-30nJVF8uVD9clAMoZh6moP5KDAkYjKJRMSjyk4_C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sun, 06 Nov 2022 22:22:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7979
Expires: Mon, 07 Nov 2022 00:35:29 GMT
Date: Sun, 06 Nov 2022 22:22:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7979
Expires: Mon, 07 Nov 2022 00:35:29 GMT
Date: Sun, 06 Nov 2022 22:22:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6db454c-443b-4ca6-982a-3856bcc96e03.jpeg

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6db454c-443b-4ca6-982a-3856bcc96e03.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6907 bytes)
Hash
261f11f1f3c32679559e7ca92868bca9
0cb101f9081261eaadc55593acedeae23a530114
15e6d3cb9b100bce9ebcc537939f56703f6a9018bcbcc76bebc2cdac1b92f363

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6db454c-443b-4ca6-982a-3856bcc96e03.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6907
x-amzn-requestid: b6f67609-796a-4beb-b51b-e241fb4f7b13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bMtWGE3yIAMF1FA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636828f3-6520fdac16744a3d237d0746;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 21:36:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uC3eqDqX2p4N8YJpNFjG1RZgd-seTCgcNrla3-hm66RDZPigEc2ubA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:51:00 GMT
etag: "0cb101f9081261eaadc55593acedeae23a530114"
content-type: image/jpeg
age: 1890
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13224 bytes)
Hash
7a5e060b41bd5313b1cf828c1d5ecbcc
e63e4bee84953491236a8261ef07b5a4743fa891
e8750b0156ed980f11682d92f5c60ce2783518b37f156e74340617a74d826813

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13224
x-amzn-requestid: d6c8a626-313d-4add-9467-eb946a38262a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a9iPHEkgoAMF1Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6362172d-1be7a03a1b288dec56281915;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 07:07:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: R2vHbrKm_n2kWK3bG4htWAIqi1YNjNjaX8LG5AWWHPlKnaWi6JAGzA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 20:12:14 GMT
age: 7816
etag: "e63e4bee84953491236a8261ef07b5a4743fa891"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10462 bytes)
Hash
4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3fDf4aoep5tTAusisXhIdAf0A6SbpM5fYtYaiXtNSb0-VRJo5nu8Vg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 09:11:34 GMT
age: 47456
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1257248e-fe28-4957-b9ab-69ac80322250.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9187 bytes)
Hash
247a287e6f9c64b82090a10f9dcc67ce
2920c3a58ecf25799069c33cf304edbb6bc03e90
3c4452c5e175ffdb68cf2ebe9dc83560eed52f11cd456fea4a4ad0001f950280

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1257248e-fe28-4957-b9ab-69ac80322250.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9187
x-amzn-requestid: 268dc5ff-71b7-4570-8104-0647250cef4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGXhrGsZoAMF4MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63659fa4-487e71380605f6e16bc05e28;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 23:26:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Kf6GV5vE8xIBFwFhV4WOYkEOMawiiKvcrB9XIAQWa-xo43PDlNYVCw==
via: 1.1 a4479a6315f90864adc6175b280f8f44.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 22:05:57 GMT
age: 993
etag: "2920c3a58ecf25799069c33cf304edbb6bc03e90"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F546ab5b1-f588-4ce7-97f3-29ce7fbebad3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10695 bytes)
Hash
200c49edab8c82958daf311146d431ba
7f52cb1318b16f59ca6df0d1c810b567a799073a
8870497d5784f369cef169b2dbd61f4b431e31853441ec8d4e739955acd9a6ec

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F546ab5b1-f588-4ce7-97f3-29ce7fbebad3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10695
x-amzn-requestid: 6fb6f603-98d6-40ee-9ed8-a247c8e14b2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bMtUrGX4IAMF-Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636828ea-538fda19613b37ef48bd05e9;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: cP5v3pe6hzAQ5UOrc4eFPv8n31kimd__XrXGdRxgyO8sZpCat727CQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:39:31 GMT
age: 2579
etag: "7f52cb1318b16f59ca6df0d1c810b567a799073a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9435 bytes)
Hash
c0a079a6dfb70fb2a2d6b5aff7103f73
55ffd5d6cb8074bdbdb8d06719119021bc81aeab
196ffd4e5245355c1c5d67f49b28200630ccfe1e4ebaa7280154b7adaf39b18f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9435
x-amzn-requestid: 7c39c00f-1362-44c1-9628-749045e542b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIU9G5gIAMFzZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364ba85-57fbfb872251c37f4137b262;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:08:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GaFmcnh2vF0lCj_QPQ7SAIT_UzHHyr8UaHa-R_ifuZsX7quU0mBJ9Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:50:59 GMT
age: 1891
etag: "55ffd5d6cb8074bdbdb8d06719119021bc81aeab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ios-protection.com/en/imitatenobr/en/sounds/alert.mp3

172.67.163.136

404 Not Found

0 B

URL HTTP/2
ios-protection.com/en/imitatenobr/en/sounds/alert.mp3
IP
172.67.163.136:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /en/imitatenobr/en/sounds/alert.mp3 HTTP/1.1
Host: ios-protection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://umbra.lol/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
date: Sun, 06 Nov 2022 22:22:29 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Npo3yN6xDKsWdOQRyVVVcKXavUNnKS7jkZSw1Iyiaz8QHiexRxGOss55YVCqvDEVzoTz96%2B0Qa2l87NqCryoP%2FYoBa6WCpUPuN0KwQISfnJsuJljZqeamn7asQve3qo2zUCluC8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76613a698bbcb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (26)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN