Report - bom.so/UyVCpl

Report Overview

Submitted URL
bom.so/UyVCpl
IP
104.26.6.214
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-09 19:41:47
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.7 kB	4.4 kB	23.36.76.226
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.4 kB	2.8 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	52.41.201.177
challenges.cloudflare.com	unknown	2021-10-20T07:02:03Z	2023-03-10T12:45:26Z	799 B	641 B	104.18.6.185
f1e5046d9.huyts.eu.org	unknown			452 B	626 B	172.67.73.53
bom.so	417517	2017-09-01T22:09:21Z	2023-03-10T05:10:40Z	5.1 kB	99 kB	104.26.7.214
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
cloudflare.hcaptcha.com	unknown	2022-02-23T16:28:14Z	2023-03-03T14:07:31Z	1.1 kB	83 kB	104.18.18.132
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	53 kB	34.120.237.76
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-10T11:39:59Z	676 B	1.5 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed
2022-11-09	medium	bom.so	Sinkholed

JavaScript (13)

	URL	Size	First Seen	Last Seen
	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=767906e5f846b4ed	61 kB	2023-03-11	2023-03-11
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=767906e5f846b4ed IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:53:46 Last Seen2023-03-11 09:53:46 Times Seen1 Hash cb6ccb6348c9cc400a61784b0a5c3a99 6eae93aca0a1fcc83c5c13a83f7527092aa21d2c 5d00aab540dd34aec2deb623cf4dc1248f2f03d929a7f23de1eaf2494ee3aacf Loading...

	bom.so/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=767906dbad62b4f4	55 kB	2023-03-11	2023-03-11
Pretty URL bom.so/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=767906dbad62b4f4 IP 104.26.7.214 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:53:46 Last Seen2023-03-11 09:53:46 Times Seen1 Hash a261e97bfdea7978ba3f53e3d3154aaf e0c0e1a1980b08b4756798f426061910c4238a62 12e304514086608b7c2a8b9d71ed282239e46c7af10ba7c150baf0ead3fa2dbb Loading...

	cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload	289 kB	2023-03-11	2023-03-11
Pretty URL cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload IP 104.18.18.132 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:39:33 Last Seen2023-03-11 15:13:48 Times Seen1 Hash d579718fa3b7aa5fa209e71fed26def7 cd743982e57eaa5f231baf0cbe2ae4594bc5403c ae1c9f90ed9742db748171f206278cfd92a4ce3e8a6ff6ac5f8214aa75d9fae1 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/turnstile/if/ov2/av0/idb1v/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	2.0 kB	2023-03-11	2023-03-11
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/turnstile/if/ov2/av0/idb1v/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:53:46 Last Seen2023-03-11 09:53:46 Times Seen1 Hash 3cf9b88070f3e3a6d69534d8d99b27bc 75bd7c7f0088b28e6f1b69cfd2ed3e42e89ddc79 39ce6ea365a74c024844ddf70e8c743b5a12e8fd4b4fe59287e3f2d200ffd38b Loading...

	bom.so/UyVCpl	3.0 kB	2023-03-11	2023-03-11
Pretty URL bom.so/UyVCpl IP 104.26.7.214 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:53:46 Last Seen2023-03-11 09:53:46 Times Seen1 Hash d8da370e174d7f1470a9b3b0ed74cc62 d48cf414dea05668d2a3f1c38bb4c3aadb2c4721 89dc1a45ce4bddd3d5ecc2699e4ef5c4b521f20a99c6d37ffffe2a8150d736bb Loading...

	bom.so/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=767906f05d49fabc	54 kB	2023-03-11	2023-03-11
Pretty URL bom.so/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=767906f05d49fabc IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:53:46 Last Seen2023-03-11 09:53:46 Times Seen1 Hash 5bbd12ba9ef36c9c9a8f35577a790b6e c53fcaf53724d91b021601ab00dde9823bf42eb3 afcd9271ef0a338a37963c6d1243ab9d1f96d45538a44edadf22f0ff42ad86e4 Loading...

	bom.so/UyVCpl	3.0 kB	2023-03-11	2023-03-11
Pretty URL bom.so/UyVCpl IP 104.26.7.214 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:53:46 Last Seen2023-03-11 09:53:46 Times Seen1 Hash 52177b31d106169bfc4b7be857be0979 45b7f72c979c74a455c542f2154a8effcd1691ec 37ed1757e862f3f16945b10faa77b4fc4300c7e40e67c58415b7288f8cd0a6d5 Loading...

	bom.so/UyVCpl	17 B	2023-03-07	2023-04-05
Pretty URL bom.so/UyVCpl IP 104.26.7.214 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2023-04-05 02:12:11 Times Seen1946 Hash 8ff8851cc2351b1ece0667fc38808aca 1948720040e391039821b5f1e0ffb994f42af529 39dc54b6b6d6d57f0d76b09b6e775fa9bf57418049cbb68c31fa4176a8b81175 Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit	8.7 kB	2023-03-10	2023-03-11
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:05:02 Last Seen2023-03-11 10:11:18 Times Seen1 Hash c3163da0dcfb2644e257c063f032cae1 f6da4b9888d2161a78c254a682f83b5cccccb0bc 209ece506ae4eaa0093fdb156599be8bc76fcc610b4242b120783a65c8cd04f9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 2c9caf979002bd6024c741253d4c48de	594 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 09:53:46 Last Seen2023-03-11 09:53:46 Times Seen1 Hash 2c9caf979002bd6024c741253d4c48de bd792248f48c9736ad65fa38e00e5351578c3f6d 449e68ca6363e8439db9f81294a3eaef0a9d46679a71d1ca18a652d8f2cf2836 Loading...

	#2 Eval - dd443d433afe7818eda2831c6ec94cba	587 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 09:53:46 Last Seen2023-03-11 09:53:46 Times Seen1 Hash dd443d433afe7818eda2831c6ec94cba 71c3d3662eed5cad6e38bfaf8755636a72e21bae 5ee8b8b96ea8668f4bbb0fc07ebe945d13017e9cab3a17576b65373248a43cd5 Loading...

	#3 Eval - 70efa725f660990cc6701727e98c360b	769 kB	2023-03-07	2023-07-11
Pretty Observations First Seen2023-03-07 01:07:04 Last Seen2023-07-11 03:19:46 Times Seen6035 Hash 70efa725f660990cc6701727e98c360b 04f4df4180629c6a1a8648630310794bfdb39eb8 cb2789441eb37a5d5520d68b778e5e1a0743c6d105076aa2e3be07147e0dc752 Loading...

		Size	First Seen	Last Seen
	#1 Write - 467d82ac802ebf5b672ecdb8e02505e6	3.6 kB	2023-03-07	2023-07-11
Pretty Observations First Seen2023-03-07 01:02:24 Last Seen2023-07-11 15:29:01 Times Seen16478 Hash 467d82ac802ebf5b672ecdb8e02505e6 b3df725dd3285fd4618d65c08e83b8f08c8e4798 36d48aeb87174dbf8b0ea333d2042d9e198797bd33c3f849597981eacd619515 Loading...

HTTP Transactions (37)

URL IP Response Size

bom.so/UyVCpl

104.26.7.214

403 Forbidden

3.7 kB

URL HTTP/1.1
bom.so/UyVCpl
IP
104.26.7.214:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (816)
Size
3.7 kB (3705 bytes)
Hash
25a8ac3e55e94e8e1a412e4eef93116a
1785f017985f47c74ff0e28af0f56ee3ffca0813
254b256036afc9b5cd5246e2a0a0e7427adede7a58b22403db9093da0c129cfb

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /UyVCpl HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 403 Forbidden
Date: Wed, 09 Nov 2022 19:41:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
CF-Chl-Bypass: 1
Referrer-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3w9XU%2BwBIhnuDuah3R0%2Fb03jMsffnisLXi0vBDPl5F3RN9NXbHQbE6vTIkzWxeP4c56StSnHYbiVSkxFRSYJKSP62VkL6Nw8hae9FKFnDPb%2BJ%2FHyf2Qv0ts%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 767906dbad62b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17821
Expires: Thu, 10 Nov 2022 00:38:37 GMT
Date: Wed, 09 Nov 2022 19:41:36 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4c6e4047ec266b87485610e26a85bb6f
cd543757597609d7309d02652318359078a965c2
d8aff7a24f3274782b4f41d6dbd181ba817f5a562d992a3a82966481c91f8a90

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5872
Cache-Control: max-age=145640
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 19:41:36 GMT
Etag: "636b8168-1d7"
Expires: Fri, 11 Nov 2022 12:08:56 GMT
Last-Modified: Wed, 09 Nov 2022 10:31:04 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2b57492bf85f4ae6abbd1641b17dc9ab
008e71ec05d47bf025ca64e17da2ea1bd8e71111
17894427c471f7fa02ca274795dc55df1bfc99d7bd83f9ee36249394035110fd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17894427C471F7FA02CA274795DC55DF1BFC99D7BD83F9EE36249394035110FD"
Last-Modified: Wed, 09 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3171
Expires: Wed, 09 Nov 2022 20:34:27 GMT
Date: Wed, 09 Nov 2022 19:41:36 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: U1DIU7/l0Rp9gu0aUyQ/4dHgP4du6kaUTCyVYF459NURyOFHvpdCuQOUEaXZZytzSjPKkfO3Lq0=
x-amz-request-id: ECGYF51G6CFFV0Q0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 09 Nov 2022 19:11:50 GMT
age: 1786
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

bom.so/cdn-cgi/styles/challenges.css

104.26.7.214

200 OK

2.6 kB

URL HTTP/1.1
bom.so/cdn-cgi/styles/challenges.css
IP
104.26.7.214:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6294), with no line terminators
Size
2.6 kB (2604 bytes)
Hash
ba2d8534d208d2a5b158507e004d7150
ab81307634698ea304a68783fa38937f562009a2
63b366fdbfea7cbec639f9a5f24714a831e171570625def9462d724b5c8fdc59

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bom.so/UyVCpl
Connection: keep-alive

HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 19:41:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 08 Nov 2022 13:16:22 GMT
ETag: W/"636a56a6-1896"
Server: cloudflare
CF-RAY: 767906dd6f6cb4fa-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Wed, 09 Nov 2022 21:41:36 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip

bom.so/favicon.ico

104.26.7.214

403 Forbidden

3.7 kB

URL HTTP/1.1
bom.so/favicon.ico
IP
104.26.7.214:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (792)
Size
3.7 kB (3697 bytes)
Hash
145386c5b946087a06e236381998d561
189f8f681401c030fb374514399c69409a16d710
57da929445fbc273da98c2306d7fe0d7e6d8dd4cd05e5f1a1950d2ebf3987d36

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bom.so/UyVCpl
Connection: keep-alive

HTTP/1.1 403 Forbidden
Date: Wed, 09 Nov 2022 19:41:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
CF-Chl-Bypass: 1
Referrer-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIvDUKTNEGLKYJ7bbup1CUD9Eaws%2BKndFsYZbERpHFWzA%2FxvsxEJ9a%2FPg3RSm1%2BHii6X91Sir5SL17ludr971S1kdZPK5EMo8wnbjERQ1CweV1tyccmXBTA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 767906dd795f0b3d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 19:41:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

bom.so/cdn-cgi/images/trace/managed/js/transparent.gif?ray=767906dbad62b4f4

104.26.7.214

200 OK

42 B

URL HTTP/1.1
bom.so/cdn-cgi/images/trace/managed/js/transparent.gif?ray=767906dbad62b4f4
IP
104.26.7.214:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=767906dbad62b4f4 HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bom.so/UyVCpl
Connection: keep-alive

HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 19:41:36 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Tue, 08 Nov 2022 13:16:22 GMT
ETag: "636a56a6-2a"
Server: cloudflare
CF-RAY: 767906de1882b4fa-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Wed, 09 Nov 2022 21:41:36 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

bom.so/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=767906dbad62b4f4

104.26.7.214

200 OK

24 kB

URL HTTP/1.1
bom.so/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=767906dbad62b4f4
IP
104.26.7.214:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (55221), with no line terminators
Size
24 kB (23937 bytes)
Hash
97edef858d045121b41e89e7decadbb3
dbe5ee06c6f46654893e0fa8c1b4329417e8c10d
02e47f775f0d8a9968733937df6d2c39639abea6089b511f2cc91610c759c421

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=767906dbad62b4f4 HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bom.so/UyVCpl?__cf_chl_rt_tk=MfrWdReXJ6N.1lfp0bZPJHMdkN0z04wZMjSMDxzBb5Y-1668022895-0-gaNycGzNAv0
Connection: keep-alive

HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 19:41:36 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uQledsc53wMki99tjK5AZ4Pnbx8CLKGlTJtIipSTnAHnh85lvff1GlWyhYbOntHki73LqNZWT0tWOyvdqq7kkXEhN5%2Bmq9Ff5jSib2k4cFrL%2FdXEmUUbBE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 767906de1812b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
f2adf898c3d642a0452be7ec6ae24609
a50e41d3c1d3a38e6bb7f05da1adec21cd772039
39f3dd16035aa2cbdd8b73ee583a0786ec8b48675108f0e3af37216355e24592

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2611
Cache-Control: max-age=143106
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 19:41:36 GMT
Etag: "636b843f-117"
Expires: Fri, 11 Nov 2022 11:26:42 GMT
Last-Modified: Wed, 09 Nov 2022 10:43:11 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279

bom.so/cdn-cgi/challenge-platform/h/b/flow/ov1/0.1600510198807631:1668020887:nkt45WJyPeS_-FKVz5-f-pRNVh9P-XjdgHfD2D8Jmc4/767906dbad62b4f4/39335e48089af47

104.26.7.214

200 OK

50 kB

URL HTTP/1.1
bom.so/cdn-cgi/challenge-platform/h/b/flow/ov1/0.1600510198807631:1668020887:nkt45WJyPeS_-FKVz5-f-pRNVh9P-XjdgHfD2D8Jmc4/767906dbad62b4f4/39335e48089af47
IP
104.26.7.214:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
50 kB (50348 bytes)
Hash
cb266bfbd88e7b833b319e7995eb3259
25f0d7aa6b9e44e4ccad6df03eff9708d26cf6ea
40abdfc922e7c6c702c64b2edb19144cc294e7e695e891c196ea320ec968310a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.1600510198807631:1668020887:nkt45WJyPeS_-FKVz5-f-pRNVh9P-XjdgHfD2D8Jmc4/767906dbad62b4f4/39335e48089af47 HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bom.so/UyVCpl
Content-type: application/x-www-form-urlencoded
CF-Challenge: 39335e48089af47
Content-Length: 1724
Origin: http://bom.so
Connection: keep-alive
Cookie: cf_chl_prog=e

HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 19:41:36 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: zV5AXtMPfZSCKr3eLL07HcqZ9VrZZIvFpkfeGh2JBRg6gylcWzwjGONRi7KaYljTtOoGCqoB16qLzyGXP9ARH7C+pu7nZC4+MrriAnTa7CgtWLd9c+2POEUBirdKsewlXZWrZv0LSQbvRqnFjrHpsKmb0M4mANq6HwivJ3bEZaYWiwypK3xIxIA7pK7syv+yC2ThAkBjW+kVc9XScxdYFp9hBhCa8s1b9tF1fuKNXiO8sDhOIiVL6PkI2hKf6/9aeeBpzhMuQV0ub2ru7OOl+ueV8E63p+5/r7kjSaUiJFg=$tXxCjpwSmH635MrqMdnCNg==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B6DjePQEKoGWVg4qiRZbVOwq2VmWg%2Fx190DkJbs5ArzX1Ylr92mkdTR39ebfd%2BzkewK%2Fu4hzOtRQzpTfODwnVxzBIaH0tnyWeSdZCsghdSULrtkxp7opZ%2FY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 767906df5a63b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload

104.18.18.132

200 OK

81 kB

URL HTTP/2
cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
IP
104.18.18.132:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
81 kB (81261 bytes)
Hash
4966c90fd48135d240a8bfc55e726c9a
131edc1c981f382f3567a10c66f19f227cfaadbb
c9f07de989588eb499e2f05ccfb7e47e8c2a9db495efb0288a939f4e4e0a0588

HTTP Headers

GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1
Host: cloudflare.hcaptcha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 09 Nov 2022 19:41:36 GMT
content-type: application/javascript
cf-ray: 767906df39111c0e-OSL
access-control-allow-origin: *
age: 0
cache-control: max-age=120
etag: W/"cba895d710939d3f383adf1461af832f"
last-modified: Wed, 09 Nov 2022 04:14:07 GMT
strict-transport-security: max-age=0
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-id: b0DWrfx-9Xmfx9tD5_IswWM-ZQ9LflMhUFcFaZINOdiXLtDV7udH6w==
x-amz-cf-pop: OSL50-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c59d06092401e375df491b06ee8e6dbc
2e27b8ff7c08a5349e27969bc2a08e5e19d0c1da
23ee4ab633fcf67dc5d4d1931450e365cec8d436ef1f9ba5f46b6bab974724c4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5919
Cache-Control: max-age=140631
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 19:41:37 GMT
Etag: "636b6da9-1d7"
Expires: Fri, 11 Nov 2022 10:45:28 GMT
Last-Modified: Wed, 09 Nov 2022 09:06:49 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.41.201.177

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.201.177:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m2yRm7hX/yKYSplosiq0Jg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1+omYPzW61KSvf2ElH0WLEiULpY=

bom.so/cdn-cgi/challenge-platform/h/b/flow/ov1/0.1600510198807631:1668020887:nkt45WJyPeS_-FKVz5-f-pRNVh9P-XjdgHfD2D8Jmc4/767906dbad62b4f4/39335e48089af47

104.26.7.214

200 OK

3.3 kB

URL HTTP/1.1
bom.so/cdn-cgi/challenge-platform/h/b/flow/ov1/0.1600510198807631:1668020887:nkt45WJyPeS_-FKVz5-f-pRNVh9P-XjdgHfD2D8Jmc4/767906dbad62b4f4/39335e48089af47
IP
104.26.7.214:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4368), with no line terminators
Size
3.3 kB (3318 bytes)
Hash
dfa9dd47dd1f84e392a0f5972487c51b
981ab9571edaf64cf6fe3401413bad5aaa471298
822e7b44746b436c33392af2d7df8ad64ac25107f04fd314d0c337b7f2e77d92

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.1600510198807631:1668020887:nkt45WJyPeS_-FKVz5-f-pRNVh9P-XjdgHfD2D8Jmc4/767906dbad62b4f4/39335e48089af47 HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bom.so/UyVCpl
Content-type: application/x-www-form-urlencoded
CF-Challenge: 39335e48089af47
Content-Length: 15125
Origin: http://bom.so
Connection: keep-alive
Cookie: cf_chl_prog=b

HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 19:41:37 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: k7raXZpTHYrYvpttSfsGBrD2GM2+0Hya3+ivyKaNXlo=$Z4O87hiLndPP5z9xSywUUQ==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZTmJZ3ZTCn1gExHNkG5slXvkx0NEjvvXFJU4nW6OIpJ2NvEzPE98CmpSDbCtJ0Le%2Fq79LxKVtwtjuud2duzIvcVlaS71MzQ9bPKEzht8D1S3Ku0uHyw9fM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 767906e4fb5fb4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit

104.18.6.185

302 Found

0 B

URL HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP
104.18.6.185:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Wed, 09 Nov 2022 19:41:37 GMT
content-length: 0
location: /turnstile/v0/560b3cb7/api.js?onload=_cf_chl_turnstile_l&render=explicit
cache-control: max-age: 300
vary: Accept-Encoding
server: cloudflare
cf-ray: 767906e57c8f0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11482
Expires: Wed, 09 Nov 2022 22:53:00 GMT
Date: Wed, 09 Nov 2022 19:41:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11482
Expires: Wed, 09 Nov 2022 22:53:00 GMT
Date: Wed, 09 Nov 2022 19:41:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11482
Expires: Wed, 09 Nov 2022 22:53:00 GMT
Date: Wed, 09 Nov 2022 19:41:38 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc585a69-ebe7-4753-b2fd-ad259cd42072.jpeg

34.120.237.76

200 OK

2.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc585a69-ebe7-4753-b2fd-ad259cd42072.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.8 kB (2808 bytes)
Hash
547f07effeda1f7041b06fa3f10f90bf
d453f8017ebbbb8362f745a15c95acbddf55ac26
c4c4063cae55e4e2192ab2ac98543f4495a81879b8001fd2efb7989ca6eddba9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc585a69-ebe7-4753-b2fd-ad259cd42072.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2808
x-amzn-requestid: 7360c882-e191-456f-a3bd-a60b9521fa1c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTvFUXIAMFXHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-76c6b1c251a2bf7e56fd9ba2;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YjFB1BpcpATyMj0aZldTHb6xWSeTIzklGyc1WWT09DsrnYQ1bUiTkg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 22:12:57 GMT
age: 77321
etag: "d453f8017ebbbb8362f745a15c95acbddf55ac26"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9313 bytes)
Hash
29429581f8dc762c69c5916009f70080
9265cae98aa663a5498925b70079abdd8e7031fd
c3deee74c80905a1e92b84868b9987cb30ad7a210dca066b97c325cc2c83872e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9313
x-amzn-requestid: be3f6b0f-cf61-4bec-ad1a-87abdbc45d73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTwF5AoAMFZAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-5ca45b5b1065a4ea492f2ac6;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: SEA19-C3, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 9lVY7YgQQ0FAP3ItgCSWePY0Msd4RIyBz4eNPc-K51BtnWUjOObv6g==
via: 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:43:43 GMT
etag: "9265cae98aa663a5498925b70079abdd8e7031fd"
content-type: image/jpeg
age: 79075
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8154 bytes)
Hash
c69b19d2273c3ade32fd0797921c0459
8cafda5659f5b36c855a2bbcaeb03aa715ddeebd
d78b92e1175207b1179c85f9490f937e1647aeae3fe95cf8b3dc336db232945e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8154
x-amzn-requestid: 1d9d6e13-69a4-473d-af4b-ef3d4382f3ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTU2EyZoAMF94w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc1e-0dec203434f42df01d9a1182;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GWFybdPyZxzujAi9urpfQ_1HZCiJpmxpzg6j7a2gwdZ5E89xfc1MXg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:54:55 GMT
age: 78403
etag: "8cafda5659f5b36c855a2bbcaeb03aa715ddeebd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10822 bytes)
Hash
86ec3f22045de1a100eccf27d91593ae
e26769d82108f89057b05096061f1276d34e223a
b863d19ab12945922b4d014c517f5ffe349cefe2bbe1c2f16661371f22378cbd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10822
x-amzn-requestid: 1b1e2dfc-4096-45cf-adb3-58f0b1d614bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEAXHFhroAMF_Zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364adc6-7b94977b4143970a48bc1857;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 06:14:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vzUPLMO4CDywKUQvQ9gbltVLYlNher7ZTXYC9A00LfwycdEmG7m9wg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 04:21:46 GMT
age: 55192
etag: "e26769d82108f89057b05096061f1276d34e223a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4737 bytes)
Hash
39446652ee66d20bd73df20f1a29589c
349ea78f3ad0f2f7376ba22e417226b2e06806d7
655a00944a319ba167e99b43055044cb18bc48d53605ff0d1b6c8b1ba8ee8237

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4737
x-amzn-requestid: 3e45e647-43a6-43bf-b011-366e3899b400
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAvEEr7IAMF_JQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b2d-76f4e8dc345994823ef9ce4d;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:39:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tgUANh-QVW5J4xKViYY6NCQYFLJBjXYoEupDzvKa2UJ9TZ-sBclIPQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:56:11 GMT
age: 78327
etag: "349ea78f3ad0f2f7376ba22e417226b2e06806d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10462 bytes)
Hash
4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C7GYpM3mXSf0hVyGO9Zzlxa3IHXHdyPlXsvr3i0GoQnaPZF6lO-OwA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 09:08:58 GMT
age: 37960
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bom.so/cdn-cgi/challenge-platform/h/b/flow/ov1/0.1600510198807631:1668020887:nkt45WJyPeS_-FKVz5-f-pRNVh9P-XjdgHfD2D8Jmc4/767906dbad62b4f4/39335e48089af47

104.26.7.214

200 OK

1.9 kB

URL HTTP/1.1
bom.so/cdn-cgi/challenge-platform/h/b/flow/ov1/0.1600510198807631:1668020887:nkt45WJyPeS_-FKVz5-f-pRNVh9P-XjdgHfD2D8Jmc4/767906dbad62b4f4/39335e48089af47
IP
104.26.7.214:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2492), with no line terminators
Size
1.9 kB (1905 bytes)
Hash
24e8e8842589b8495779b0c06b005c7b
3c855e8ab3270b901691929f94e03b91558f5e47
27259c53c3a17c58e0314914a0a7fee9ad65b464a2e4a4573a341ebc82b5a272

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.1600510198807631:1668020887:nkt45WJyPeS_-FKVz5-f-pRNVh9P-XjdgHfD2D8Jmc4/767906dbad62b4f4/39335e48089af47 HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bom.so/UyVCpl
Content-type: application/x-www-form-urlencoded
CF-Challenge: 39335e48089af47
Content-Length: 15811
Origin: http://bom.so
Connection: keep-alive
Cookie: cf_chl_prog=b

HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 19:41:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: cf_chl_rc_m=;Expires=Tue, 08 Nov 2022 19:41:38 GMT;SameSite=Strict
cf_chl_out: ExNnjELFCYYI8zJ8MM7FZ5ojcarusx+1YCKg68oCWwpxC5+DKWlT0fORxc/cscawd54Ewy5HxaL5K43tYr3fbA==$0sH+L+sgsx3GAglber2bJw==
cf_chl_out_s: HIuFc/AnaODYe7DLCsKoumu57MyMI3GDzpCkTA5FC74Dc73sEXltG/y+uLyT4RqJoHMovJ1OLkmF9nSchMZbFyVumT9++hDwLfwA4KMKOq/8zV65WZ9Xa6PSn11CbBzGjFOgcM1XNo5bpnNvKkTfCTU5dNTNBvdZ001hKE1pPaKRVo7ht/A/zXhTiWV2o0d/$WXZ8O/+0QbZ0Aet3oOnoIQ==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FcMTPr0iHbG8yZXwsZmiqFzr5HEgNMHqafasSqlBOaU%2BO7YX9pKVq9RRtoB%2FQVmz4bqBoAOoONSiS6nzMNzyoXbnWNRKth9atd59GpqBoe%2F3slEy8j0miPY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 767906ed58acb4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

bom.so/UyVCpl

104.26.7.214

301 Moved Permanently

155 B

URL HTTP/1.1
bom.so/UyVCpl
IP
104.26.7.214:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
155 B (155 bytes)
Hash
42c394b8f0152b372537ace9acc3f7bb
1219c55c4e3ea109c473aab65deb81f09a0fe0a6
6aaad3365c30c4f8d2504e569527e588d33eeae66dd7045bcfeef7413820db2a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /UyVCpl HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bom.so/UyVCpl?__cf_chl_tk=MfrWdReXJ6N.1lfp0bZPJHMdkN0z04wZMjSMDxzBb5Y-1668022895-0-gaNycGzNAv0
Content-Type: application/x-www-form-urlencoded
Content-Length: 1675
Origin: http://bom.so
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Wed, 09 Nov 2022 19:41:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_clearance=97719d809670779234eebe9513ee3804f6e17827-1668022899-0-250; path=/; expires=Thu, 09-Nov-23 20:41:39 GMT; domain=.bom.so; HttpOnly
Location: https://bom.so/UyVCpl
X-Powered-By: VPSSIM
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=farxUpFpv2qYZQqdqQV8ZgfXfFFXtq0SeuVyJswhvj4DEEmGMtPZhr6MbaQ3WsxuMT7RhpkpWf%2BJ1i1I2ghUG%2F6NUPrNH5QRWEdvEaLe4xqmB%2BmK8lQsK8M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 767906eeeb01b4f7-OSL
alt-svc: h2=":443"; ma=60

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
cf8846023d9e4e75de0090e7f3f76199
ec9625749d1395e1729ef346d43bd4ae8880b7c7
5e65b97060d16db5d40e6ae71ce16c27944eeb94e05e9a6b8ca86b808a716d82

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5E65B97060D16DB5D40E6AE71CE16C27944EEB94E05E9A6B8CA86B808A716D82"
Last-Modified: Wed, 09 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3111
Expires: Wed, 09 Nov 2022 20:33:30 GMT
Date: Wed, 09 Nov 2022 19:41:39 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
cf8846023d9e4e75de0090e7f3f76199
ec9625749d1395e1729ef346d43bd4ae8880b7c7
5e65b97060d16db5d40e6ae71ce16c27944eeb94e05e9a6b8ca86b808a716d82

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5E65B97060D16DB5D40E6AE71CE16C27944EEB94E05E9A6B8CA86B808A716D82"
Last-Modified: Wed, 09 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3111
Expires: Wed, 09 Nov 2022 20:33:30 GMT
Date: Wed, 09 Nov 2022 19:41:39 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
f2adf898c3d642a0452be7ec6ae24609
a50e41d3c1d3a38e6bb7f05da1adec21cd772039
39f3dd16035aa2cbdd8b73ee583a0786ec8b48675108f0e3af37216355e24592

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2614
Cache-Control: max-age=143106
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 19:41:39 GMT
Etag: "636b843f-117"
Expires: Fri, 11 Nov 2022 11:26:45 GMT
Last-Modified: Wed, 09 Nov 2022 10:43:11 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279

challenges.cloudflare.com/turnstile/v0/560b3cb7/api.js?onload=_cf_chl_turnstile_l&render=explicit

104.18.6.185

200 OK

0 B

URL HTTP/2
challenges.cloudflare.com/turnstile/v0/560b3cb7/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP
104.18.6.185:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /turnstile/v0/560b3cb7/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 09 Nov 2022 19:41:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 767906e5bcdd0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bom.so/UyVCpl

104.26.6.214

403 Forbidden

0 B

URL HTTP/2
bom.so/UyVCpl
IP
104.26.6.214:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /UyVCpl HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Wed, 09 Nov 2022 19:41:39 GMT
content-type: text/html; charset=UTF-8
cf-chl-bypass: 1
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nnrlKnLffbCBrByNheJ0%2F%2FN5LHh0Tl1gFQT7EWpqeRHO9qzWM6VWowISl4J1DEIzQY1VDx7l2D%2BBso0VhHDkN5icvh3oWMWqebUomMidTR9N8PP%2F31Q8Nvc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 767906f05d49fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bom.so/cdn-cgi/styles/challenges.css

104.26.6.214

200 OK

0 B

URL HTTP/2
bom.so/cdn-cgi/styles/challenges.css
IP
104.26.6.214:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bom.so/UyVCpl
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 09 Nov 2022 19:41:39 GMT
content-type: text/css
last-modified: Tue, 08 Nov 2022 13:16:22 GMT
etag: W/"636a56a6-1896"
server: cloudflare
cf-ray: 767906f0bdaefabc-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Wed, 09 Nov 2022 21:41:39 GMT
cache-control: max-age=7200, public
content-encoding: gzip
X-Firefox-Spdy: h2

bom.so/favicon.ico

104.26.6.214

403 Forbidden

0 B

URL HTTP/2
bom.so/favicon.ico
IP
104.26.6.214:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bom.so
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bom.so/UyVCpl
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 403 Forbidden
date: Wed, 09 Nov 2022 19:41:39 GMT
content-type: text/html; charset=UTF-8
cf-chl-bypass: 1
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKe9f%2FEnQhiIDslnodul3UTuVfLUeOZIa5W9h8U0Lpc60z%2Ft0rtNjjQZGfu4Ew10xzzZjCYZIsklVWJnTtRxW18XH4oM0pTt9O%2BkFq92KpaWOwZHaWG0saE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 767906f0bdaffabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

104.18.18.132

200 OK

0 B

URL HTTP/2
cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
IP
104.18.18.132:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1
Host: cloudflare.hcaptcha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 09 Nov 2022 19:41:39 GMT
content-type: application/javascript
cf-ray: 767906f18f2bfab4-OSL
access-control-allow-origin: *
age: 0
cache-control: max-age=120
etag: W/"cba895d710939d3f383adf1461af832f"
last-modified: Wed, 09 Nov 2022 04:14:07 GMT
strict-transport-security: max-age=0
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-id: b0DWrfx-9Xmfx9tD5_IswWM-ZQ9LflMhUFcFaZINOdiXLtDV7udH6w==
x-amz-cf-pop: OSL50-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

f1e5046d9.huyts.eu.org/46d987a64197d4

172.67.73.53

200 OK

0 B

URL HTTP/2
f1e5046d9.huyts.eu.org/46d987a64197d4
IP
172.67.73.53:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /46d987a64197d4 HTTP/1.1
Host: f1e5046d9.huyts.eu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 09 Nov 2022 19:41:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8xJF4jYNNh0wZwg%2FqpSHr3zd29jtgheOxGwLIJjlTHo8cj%2BlBqzyF98185m2NI%2FCbcSV8O96hmSVxHJ%2B1IxgTvtfqC99PEghMTZAyO1%2BKkTCsT%2BoDsvqYaOImKtQhH%2BC8D4NOL7gVqof"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 767906f9bdc31c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations