firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 20:15:21 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OOm9PmlO4bK3XXZ3p3GDpDkDfZnmRI-PqxDVqKswQTRpU7EQ8BNx1g==
Age: 3507
ummchcf.com/
208.109.68.254301 Moved Permanently 228 B IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dc7161fe839db3b2bfea907551cf63c5
6149f27b721a4b8be6fd674c592e63dfa76dc3bc
8f617eae5980965e4a61a85d18084055389864a7013b005ba50bf4a6f2058e12
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET / HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 26 Sep 2022 21:13:48 GMT
Server: Apache
Location: https://ummchcf.com/
Content-Length: 228
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5097
Expires: Mon, 26 Sep 2022 22:38:45 GMT
Date: Mon, 26 Sep 2022 21:13:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tlrzYAcA2qgHqUhdDB5r5XIdD5boZQxn5JVGwE0k54GQQH1Dyu8e2Q==
age: 59914
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:13:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 21:10:46 GMT
Expires: Mon, 26 Sep 2022 21:35:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JUvjmmRXjB4r15cKdI0sWRJ9YpnQeg_91ed6JCxiJptu-RO32ZEUmw==
Age: 183
ummchcf.com/
208.109.68.254200 OK 10 kB IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (3378), with CRLF, LF line terminators
Hash 50922697300a274cafa864d5cb593584
46d29708235d04be9596e65a63938cbca5b4a847
1e5462a75f825a2c02e34fa31934b1d11624cb6443ff33865b67824d79685b68
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET / HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.3.33
vary: Accept-Encoding
content-encoding: br
content-length: 10416
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 21:13:49 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5114
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:13:49 GMT
Last-Modified: Mon, 26 Sep 2022 19:48:35 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
secure.aadcdn.microsoftonline-p.com/ests/2.1.6102.15/content/images/microsoft_logo.png
104.110.18.151200 OK 1.1 kB URL HTTP/1.1 secure.aadcdn.microsoftonline-p.com/ests/2.1.6102.15/content/images/microsoft_logo.png
IP 104.110.18.151:0
File type PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ed9c9eb0dce17d752bedea6b5acda6d9
eca56c4904354eed5da0debcd6bd66856ab4784d
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
GET /ests/2.1.6102.15/content/images/microsoft_logo.png HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 1057
Content-Type: image/png
Content-MD5: 7ZyesNzhfXUr7eprWs2m2Q==
Last-Modified: Sat, 18 May 2019 09:42:49 GMT
Cache-Control: public, max-age=183286
Date: Mon, 26 Sep 2022 21:13:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: *
ummchcf.com/Sign%20in%20to%20your%20account_files/login_hover.css
208.109.68.254200 OK 57 B URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/login_hover.css
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with no line terminators
Hash ea48de3657c33ee2dc5de15500518ddf
7d82791af383cbad08bdc49227aa1e19a04ef4b9
0fc4f22b27467e15871f943044e2de2743f6cf32ad860f91255b86c2ae620068
Analyzer Verdict Alert openphish Outlook
GET /Sign%20in%20to%20your%20account_files/login_hover.css HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:54 GMT
etag: "2f4353d-59-55e6de1a9c880-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 57
content-type: text/css
date: Mon, 26 Sep 2022 21:13:49 GMT
server: Apache
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.189.157.130101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.157.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rZQ0q7z17dzqHBOoHwQPAw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BrfGdr75ut2yAQsZDOGAy1SyE0k=
ummchcf.com/Sign%20in%20to%20your%20account_files/bannerlogo.png
208.109.68.254200 OK 4.6 kB URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/bannerlogo.png
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 159 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f09a27d4f69b3557c7433574a29d726
a3097972d16e6d5768086f3f126e8d07edcc5976
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603
Analyzer Verdict Alert openphish Outlook
GET /Sign%20in%20to%20your%20account_files/bannerlogo.png HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:54 GMT
etag: "2f43539-11e9-55e6de1a9c880"
accept-ranges: bytes
content-length: 4585
content-type: image/png
date: Mon, 26 Sep 2022 21:13:49 GMT
server: Apache
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/login.css
208.109.68.254200 OK 4.4 kB URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/login.css
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (21664), with no line terminators
Hash 16dfc7a445e4ab607904021df0e03623
88146fe68f5ae447b7e8df91f67c4e8e1cf4590f
5af8e96fba4c06cfca245bd2f6814610bd285d1ba3d8e13f6f54c4c51e0ba60b
Analyzer Verdict Alert openphish Outlook
GET /Sign%20in%20to%20your%20account_files/login.css HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:54 GMT
etag: "2f4353c-54a0-55e6de1a9c880-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 4428
content-type: text/css
date: Mon, 26 Sep 2022 21:13:49 GMT
server: Apache
X-Firefox-Spdy: h2
secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/cdnbundles/login_hover.min.css
104.110.18.151200 OK 82 B URL HTTP/1.1 secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/cdnbundles/login_hover.min.css
IP 104.110.18.151:0
File type ASCII text, with no line terminators
Hash 93e2ddccfaf9275ecbb8200e04c55305
70ed7422a6192e7b08c5ebcbc17641e7505bb681
66bf047108e0232578aa82c9dfe32bdc359acd10a19634b1e6da0a78e750f715
GET /ests/2.1.4653.2/content/cdnbundles/login_hover.min.css HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/css
Content-Encoding: gzip
Content-MD5: k+LdzPr5J17LuCAOBMVTBQ==
Last-Modified: Sun, 19 May 2019 02:29:46 GMT
Cache-Control: public, max-age=183285
Date: Mon, 26 Sep 2022 21:13:50 GMT
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: *
ummchcf.com/Sign%20in%20to%20your%20account_files/aad.js
208.109.68.254200 OK 36 kB URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/aad.js
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (32198)
Hash ea1b7a14396c88096e9d456438f25ac5
3a3f91ae2ac0842a0e620fdf8cd072022ed683f4
f4df9ae53f03eda7d25ad74febc3c0ab675c7fbe8e54ac919f179a5a6cd7758c
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /Sign%20in%20to%20your%20account_files/aad.js HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:54 GMT
etag: "2f43537-28ecc-55e6de1a9c880-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 35799
content-type: application/javascript
date: Mon, 26 Sep 2022 21:13:49 GMT
server: Apache
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/jquery.js
208.109.68.254200 OK 37 kB URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/jquery.js
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (32047), with CRLF line terminators
Hash 2d04740b77fef403cf18fc066f6d06f2
6aacf82816cb6302bbb843104f3ac4cd197269c9
06989c064783f7b965fded67d4aef6c3191a9a93faf6fb6b193e6e8e6b81a5c5
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /Sign%20in%20to%20your%20account_files/jquery.js HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:54 GMT
etag: "2f4353b-1aa16-55e6de1a9c880-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 36978
content-type: application/javascript
date: Mon, 26 Sep 2022 21:13:49 GMT
server: Apache
X-Firefox-Spdy: h2
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/bannerlogo?ts=635538653042733860
104.110.18.151200 OK 4.6 kB URL HTTP/1.1 secure.aadcdn.microsoftonline-p.com/dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/bannerlogo?ts=635538653042733860
IP 104.110.18.151:0
File type PNG image data, 159 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f09a27d4f69b3557c7433574a29d726
a3097972d16e6d5768086f3f126e8d07edcc5976
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603
GET /dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/bannerlogo?ts=635538653042733860 HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 4585
Content-Type: image\jpeg
Content-MD5: nwmifU9ps1V8dDNXSinXJg==
Last-Modified: Thu, 11 Dec 2014 03:28:24 GMT
Cache-Control: public, max-age=40007
Date: Mon, 26 Sep 2022 21:13:51 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: *
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/heroillustration?ts=635538653045233940
104.110.18.151200 OK 203 kB URL HTTP/1.1 secure.aadcdn.microsoftonline-p.com/dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/heroillustration?ts=635538653045233940
IP 104.110.18.151:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1420x1080, components 3\012- data
Size 203 kB (203294 bytes)
Hash 65283b123eb235e6176ae98c02ac5b1c
c50ca32b13a2dcbde0cb6eb2d4f72c252f14ac3f
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
GET /dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/heroillustration?ts=635538653045233940 HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 203294
Content-Type: image\jpeg
Content-MD5: ZSg7Ej6yNeYXaumMAqxbHA==
Last-Modified: Thu, 11 Dec 2014 03:28:24 GMT
Cache-Control: public, max-age=40007
Date: Mon, 26 Sep 2022 21:13:51 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: *
secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/favicon_a.ico
104.110.18.151200 OK 17 kB URL HTTP/1.1 secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/favicon_a.ico
IP 104.110.18.151:0
File type MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Hash 12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
GET /ests/2.1.4653.2/content/images/favicon_a.ico HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 17174
Content-Type: image/x-icon
Content-MD5: EuPayFgGHQiAI7K9SOL6lg==
Last-Modified: Sun, 19 May 2019 02:31:17 GMT
Cache-Control: public, max-age=212736
Date: Mon, 26 Sep 2022 21:13:51 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8251
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:13:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8251
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:13:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8251
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:13:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8251
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:13:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f10a12719b387d176497669ba75f0acc
16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: igIWZ2IhMA_GIovp4HgIHtGeDt5xoX0iThoQFKjnNJUYP_uMdO7FHw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 00:33:08 GMT
age: 74443
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a75be68e82e6a0ba74932fbe74c7b30
36310320605833289e78cd248c45915363a0a0c3
56d709b77802037254b7922e3f85d1b1652b70dfc4b6c65b03e4149d3b1f22ca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6443
x-amzn-requestid: b6f3be01-6086-4fc1-8bec-c4caa1fe806c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSKMG04IAMFRxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330ca41-5452d1805d3f4d71303142c9;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tx-lL61dT3iakJd8VZw31hzMklubUDBQxE6LBhxsJUqyMM0bqCk73g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:07:18 GMT
age: 83193
etag: "36310320605833289e78cd248c45915363a0a0c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d79a3a5bd7dc7aa6cab306176fafd11
0d5cb1f3e3ea510308034a5e569c0e65fae30835
57979dfcf6fdc76f04e4790c2b94b876e188ac780aa49d9bfc8a58c498dc4203
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7185
x-amzn-requestid: e7b997d7-f9ce-40c6-b9bb-372ee10d8ad0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTAfEX5oAMFcHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb9c-31e295e33ead940f381121a1;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:43:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p7rimTrmOgUnwPuESSKSrsWlzhiSBJYx9h8XIacxP8DUyyvXye2iyg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 84235
etag: "0d5cb1f3e3ea510308034a5e569c0e65fae30835"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fe8c4f0c70fb6c1f4259eabedc7015e
85e378d0fff856832a8dd01743516b9476fed8c6
508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 83015
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c11e6fef1be62b971bd9daf378bfc95
ef9d756cbcda72cf7ef5029b7d384cd1fbaed633
b8369f83d6dddcd2355b81d8eb200791788165e56881ce21e1a1e9c8bb1bb2ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13584
x-amzn-requestid: 198bd2b4-d4ae-4f19-a500-463aee52b890
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHgFdNoAMFwEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc9-19a1f7d2102820da4b21f18b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: bGRBCfCtZkeYhbTpaE18IpIgUtOHyttE-0hRk8fWVB9sJS2rSbP22g==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:05:32 GMT
etag: "ef9d756cbcda72cf7ef5029b7d384cd1fbaed633"
content-type: image/jpeg
age: 83299
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d02ede0c964f3346fd53ae2950bf2a62
e49306a3713cb724be024a4ddb5e90645718a718
c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mToVKJcSAtJB1AOuQ-Y9o_EZzyhUuZJivVa3DLql5FwzK4NC82kh5Q==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:06:17 GMT
age: 83254
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch.htm
208.109.68.254200 OK 982 B URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch.htm
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1188), with CRLF line terminators
Hash 9c0aad63dba578b53c30132899c92cca
780edabf122bef938154a53502cf66cd473013a4
9a945ccccbed2a6fff0960be1f8972cd639862b809cee77db5a60957e44f8ec4
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /Sign%20in%20to%20your%20account_files/prefetch.htm HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Cookie: testcookie=testcookie
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:54 GMT
etag: "2f4353f-cfd-55e6de1a9c880-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 982
content-type: text/html
date: Mon, 26 Sep 2022 21:13:51 GMT
server: Apache
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/sprite1.png
208.109.68.254200 OK 17 kB URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/sprite1.png
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 600 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 934d28f5d1967abbde9663d01344bf24
9c2876c367f2796f72233a617e494348d2dc1406
5955f2bd8794076f0afad29b0492a3c6f88a4c8eeb281588c8e761c4c95dcbd8
Analyzer Verdict Alert openphish Outlook
GET /Sign%20in%20to%20your%20account_files/prefetch_data/sprite1.png HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch.htm
Cookie: testcookie=testcookie
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:58 GMT
etag: "2f61047-4247-55e6de1e6d180"
accept-ranges: bytes
content-length: 16967
content-type: image/png
date: Mon, 26 Sep 2022 21:13:51 GMT
server: Apache
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/sprite1.css
208.109.68.254200 OK 987 B URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/sprite1.css
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (7584), with no line terminators
Hash 5008f9178c5cce8c7ed0eba6769c24aa
59f1f23c9f4d13bccbe10b80b6e42c3093dee1b7
7ea9a659dba1df5a3dfd0cc0699f143acceffd949ccb52d3755caf864c3edf18
Analyzer Verdict Alert openphish Outlook
GET /Sign%20in%20to%20your%20account_files/prefetch_data/sprite1.css HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch.htm
Cookie: testcookie=testcookie
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:58 GMT
etag: "2f61046-1da0-55e6de1e6d180-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 987
content-type: text/css
date: Mon, 26 Sep 2022 21:13:51 GMT
server: Apache
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot.css
208.109.68.254200 OK 23 kB URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot.css
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5cb33a570ed58234dc1a1d8b3b0778c2
3bb360b33325186f25728acce98869846142ea23
420a99defcb91997e89287f8410e45473f10340824ddb0994a98d3edcf3c366c
Analyzer Verdict Alert openphish Outlook
GET /Sign%20in%20to%20your%20account_files/prefetch_data/boot.css HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch.htm
Cookie: testcookie=testcookie
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:58 GMT
etag: "2f605cc-2c877-55e6de1e6d180-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 22897
content-type: text/css
date: Mon, 26 Sep 2022 21:13:51 GMT
server: Apache
X-Firefox-Spdy: h2
r1.res.office365.com/owa/prem/16.1389.11.2087567/scripts/boot.worldwide.0.mouse.js
23.38.200.227200 OK 169 kB URL HTTP/1.1 r1.res.office365.com/owa/prem/16.1389.11.2087567/scripts/boot.worldwide.0.mouse.js
IP 23.38.200.227:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (59852), with CRLF line terminators
Size 169 kB (169168 bytes)
Hash d8e5c85a0324a9dc0d41328a3ed4c599
682f6d3ad5dfe7fde08de0dc43fda5bc6b98fd10
6f7208150bc7d8dd5630265de2c550e8286c2393aa90f4d40429b45537f953d9
GET /owa/prem/16.1389.11.2087567/scripts/boot.worldwide.0.mouse.js HTTP/1.1
Host: r1.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
Last-Modified: Tue, 30 Aug 2016 07:55:32 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: public,max-age=630720000, s-maxage=630720000
Date: Mon, 26 Sep 2022 21:13:52 GMT
Content-Length: 169168
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubDomains
ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot_002.js
208.109.68.254200 OK 122 kB URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot_002.js
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65333), with CRLF line terminators
Size 122 kB (122306 bytes)
Hash e56792386165f607bb8c1bf5589c7e60
f18c7f1362ff0eb4e4dc2e602ff932c09dd14567
b88089afae4b068f8ac0ca9f982cbcb02ab827e9f3a8e4f5125828e8202dded6
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /Sign%20in%20to%20your%20account_files/prefetch_data/boot_002.js HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch.htm
Cookie: testcookie=testcookie
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:56 GMT
etag: "2f61042-98636-55e6de1c84d00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: application/javascript
date: Mon, 26 Sep 2022 21:13:51 GMT
server: Apache
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot.js
208.109.68.254200 OK 310 kB URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot.js
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 (with BOM) text, with very long lines (59852), with CRLF line terminators
Size 310 kB (310372 bytes)
Hash b9bb39d42a59959ce84303fccefa61ce
4587615ce7c42f719b0b346477ac38271d75694e
887846a8cb0fea91c6e216749027588d5278ae3ce40ce705bebaf248cf21efca
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /Sign%20in%20to%20your%20account_files/prefetch_data/boot.js HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch.htm
Cookie: testcookie=testcookie
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:58 GMT
etag: "2f605ce-98738-55e6de1e6d180-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: application/javascript
date: Mon, 26 Sep 2022 21:13:51 GMT
server: Apache
X-Firefox-Spdy: h2
r4.res.office365.com/owa/prem/15.20.5654.18/scripts/boot.worldwide.0.mouse.js
23.38.200.227200 OK 180 kB URL HTTP/2 r4.res.office365.com/owa/prem/15.20.5654.18/scripts/boot.worldwide.0.mouse.js
IP 23.38.200.227:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
Size 180 kB (179692 bytes)
Hash 7107c752f3901d95bdc4e9d46ac2b6d8
747a0d933dc2ef38a98fa11a44ba661ec6a5eae3
c4a5ecaf090da5f8115afcf0d4b723810054ecf3de31acc5ea6d48f9eb2d4111
GET /owa/prem/15.20.5654.18/scripts/boot.worldwide.0.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Wed, 21 Sep 2022 07:42:40 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
content-length: 179692
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot_003.js
208.109.68.254200 OK 299 kB URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot_003.js
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65311), with CRLF line terminators
Size 299 kB (298816 bytes)
Hash e0a35d8c4276df28ae2234f73b1b2c0e
b567b7c2713c0f0508e2eea0acaac4028c3d5226
00bdea6b45be11933c03009fd1de6fae11617d96b629c47ee914e9bf6c230e95
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /Sign%20in%20to%20your%20account_files/prefetch_data/boot_003.js HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch.htm
Cookie: testcookie=testcookie
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:56 GMT
etag: "2f61044-97e34-55e6de1c84d00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: application/javascript
date: Mon, 26 Sep 2022 21:13:51 GMT
server: Apache
X-Firefox-Spdy: h2
r4.res.office365.com/owa/prem/15.20.5654.18/scripts/boot.worldwide.1.mouse.js
23.38.200.227200 OK 163 kB URL HTTP/2 r4.res.office365.com/owa/prem/15.20.5654.18/scripts/boot.worldwide.1.mouse.js
IP 23.38.200.227:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size 163 kB (163086 bytes)
Hash e8e90ea74afb3c2e067828c093fc86b1
cdc77987b351dc36f67d2d72d9bb59f17bfd49e0
411cbbad8d2c64f927321e1a825bf15860e2a7757688b4b445cdec041a1c497a
GET /owa/prem/15.20.5654.18/scripts/boot.worldwide.1.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Wed, 21 Sep 2022 07:42:36 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
content-length: 163086
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
r1.res.office365.com/owa/prem/16.1389.11.2087567/scripts/boot.worldwide.3.mouse.js
23.38.200.227200 OK 135 kB URL HTTP/2 r1.res.office365.com/owa/prem/16.1389.11.2087567/scripts/boot.worldwide.3.mouse.js
IP 23.38.200.227:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65333), with CRLF line terminators
Size 135 kB (134625 bytes)
Hash ecd51d88b4d4f29cb2b5fb0a2290cd80
d61df10eca7ed24ea1bba2f500d6e1bec9c763f7
8f68cd867144d1bf3876d0346310af9a61e0625cfe3c6acff55e334e7a0006dd
GET /owa/prem/16.1389.11.2087567/scripts/boot.worldwide.3.mouse.js HTTP/1.1
Host: r1.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Tue, 30 Aug 2016 07:55:24 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
content-length: 134625
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
r4.res.office365.com/owa/prem/15.20.5654.18/scripts/boot.worldwide.2.mouse.js
23.38.200.227200 OK 170 kB URL HTTP/2 r4.res.office365.com/owa/prem/15.20.5654.18/scripts/boot.worldwide.2.mouse.js
IP 23.38.200.227:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size 170 kB (169702 bytes)
Hash 1e37d6bba254c3ff7f57d369bfffb5ee
3815e368af2c284735837ee7facbbfc9a7627e59
d3b62817e50c0a8e046612ec81463e9613eda09be666c511992f556550195852
GET /owa/prem/15.20.5654.18/scripts/boot.worldwide.2.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Wed, 21 Sep 2022 07:42:40 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
content-length: 169702
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
r4.res.office365.com/owa/prem/15.20.5654.18/scripts/boot.worldwide.3.mouse.js
23.38.200.227200 OK 146 kB URL HTTP/2 r4.res.office365.com/owa/prem/15.20.5654.18/scripts/boot.worldwide.3.mouse.js
IP 23.38.200.227:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size 146 kB (145619 bytes)
Hash 51236710facd7777aa13a4807f5c5eba
f30f8bdddb857832080b878f07bd3b078aaa21b3
b13f876c44748caec001b1c875ba7d7a32354d6bf07be6d34d3e93b7dd5c98a9
GET /owa/prem/15.20.5654.18/scripts/boot.worldwide.3.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Wed, 21 Sep 2022 07:42:37 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
content-length: 145619
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
r4.res.office365.com/owa/prem/15.20.5654.18/resources/images/0/sprite1.mouse.png
23.38.200.227200 OK 132 B URL HTTP/2 r4.res.office365.com/owa/prem/15.20.5654.18/resources/images/0/sprite1.mouse.png
IP 23.38.200.227:0
File type PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 3eda15637afeac6078f56c9dcc9bbdb8
97b900884183cb8cf99ba069eedc280c599c1b74
68c66d144855ba2bc8b8bee88bb266047367708c1e281a21b9d729b1fbd23429
GET /owa/prem/15.20.5654.18/resources/images/0/sprite1.mouse.png HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-length: 132
content-type: image/png
last-modified: Wed, 21 Sep 2022 07:53:12 GMT
server: AkamaiNetStorage
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
r1.res.office365.com/owa/prem/16.1389.11.2087567/resources/images/0/sprite1.mouse.png
23.38.200.227200 OK 17 kB URL HTTP/2 r1.res.office365.com/owa/prem/16.1389.11.2087567/resources/images/0/sprite1.mouse.png
IP 23.38.200.227:0
File type PNG image data, 600 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 934d28f5d1967abbde9663d01344bf24
9c2876c367f2796f72233a617e494348d2dc1406
5955f2bd8794076f0afad29b0492a3c6f88a4c8eeb281588c8e761c4c95dcbd8
GET /owa/prem/16.1389.11.2087567/resources/images/0/sprite1.mouse.png HTTP/1.1
Host: r1.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
last-modified: Tue, 30 Aug 2016 07:53:43 GMT
server: AkamaiNetStorage
content-length: 16967
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
r4.res.office365.com/owa/prem/15.20.5654.18/resources/images/0/sprite1.mouse.css
23.38.200.227200 OK 288 B URL HTTP/2 r4.res.office365.com/owa/prem/15.20.5654.18/resources/images/0/sprite1.mouse.css
IP 23.38.200.227:0
File type ASCII text, with very long lines (994), with no line terminators
Hash d5376db145bd802d6dc34b453e38db2d
a33794e22b790cefae0b1427244ddbf60aef74e6
4e5c1ba33900bd8b05d2bef342bdd037c240d27207ef878b2b87d252dfc30cfc
GET /owa/prem/15.20.5654.18/resources/images/0/sprite1.mouse.css HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:20 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
content-length: 288
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
r4.res.office365.com/owa/prem/15.20.5654.18/resources/styles/0/boot.worldwide.mouse.css
23.38.200.227200 OK 44 kB URL HTTP/2 r4.res.office365.com/owa/prem/15.20.5654.18/resources/styles/0/boot.worldwide.mouse.css
IP 23.38.200.227:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 820f40594a0e8d5f9d58546208aa9060
e17ed5116a34c432013a244c979ac9da53829d74
f8f708049e1e1609af3959cd21eaf313c8192d3e962887a7a2e1f9b353d3fc80
GET /owa/prem/15.20.5654.18/resources/styles/0/boot.worldwide.mouse.css HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:47 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
content-length: 44144
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
r1.res.office365.com/owa/prem/16.1389.11.2087567/resources/images/0/sprite1.mouse.css
23.38.200.227200 OK 1.1 kB URL HTTP/2 r1.res.office365.com/owa/prem/16.1389.11.2087567/resources/images/0/sprite1.mouse.css
IP 23.38.200.227:0
File type ASCII text, with very long lines (7584), with no line terminators
Hash 31a95bfa10f0d623738b3902ab0450aa
6bd4d0a1445457994f0f3a495ef066ee2999d99a
61ec811db28f31d92225328ac3fa45631693879ad88a48a7ce00438e90400e7a
GET /owa/prem/16.1389.11.2087567/resources/images/0/sprite1.mouse.css HTTP/1.1
Host: r1.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Tue, 30 Aug 2016 07:53:44 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
content-length: 1098
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
r1.res.office365.com/owa/prem/16.1389.11.2087567/resources/styles/0/boot.worldwide.mouse.css
23.38.200.227200 OK 24 kB URL HTTP/2 r1.res.office365.com/owa/prem/16.1389.11.2087567/resources/styles/0/boot.worldwide.mouse.css
IP 23.38.200.227:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c7c2258c7ab5cece6d9f700c21b9804c
0c41900656c804d665cf5421903538972db6509d
4c23db892c70b994c9b4d387ec36ea44697641785a87b43623217fac525a5166
GET /owa/prem/16.1389.11.2087567/resources/styles/0/boot.worldwide.mouse.css HTTP/1.1
Host: r1.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Tue, 30 Aug 2016 07:53:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Mon, 26 Sep 2022 21:13:52 GMT
content-length: 24394
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef17205adb2b478d3bff54b048208d22
12aac1bd22e675f09a220de08b4656e801c2e647
620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5980
x-amzn-requestid: fbf0c390-da24-49e2-8492-43e29e5d4bb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHCGJVoAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc6-1f9b1b7d63467c58702e6d7e;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:38 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pt7rJi8EIQFBk0gHQZ1WnjvThPba86XZCGFs83l1ZW2dj-_6bZprAA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 84241
etag: "12aac1bd22e675f09a220de08b4656e801c2e647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot_004.js
208.109.68.254200 OK 0 B URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch_data/boot_004.js
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /Sign%20in%20to%20your%20account_files/prefetch_data/boot_004.js HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/Sign%20in%20to%20your%20account_files/prefetch.htm
Cookie: testcookie=testcookie
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:56 GMT
etag: "2f61045-98207-55e6de1c84d00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: application/javascript
date: Mon, 26 Sep 2022 21:13:51 GMT
server: Apache
X-Firefox-Spdy: h2
ummchcf.com/Sign%20in%20to%20your%20account_files/heroillustration.jpg
208.109.68.254200 OK 0 B URL HTTP/2 ummchcf.com/Sign%20in%20to%20your%20account_files/heroillustration.jpg
IP 208.109.68.254:0
ASN #398101 GO-DADDY-COM-LLC
Analyzer Verdict Alert openphish Outlook
GET /Sign%20in%20to%20your%20account_files/heroillustration.jpg HTTP/1.1
Host: ummchcf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ummchcf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Nov 2017 18:01:54 GMT
etag: "2f4353a-31a1e-55e6de1a9c880"
accept-ranges: bytes
content-length: 203294
content-type: image/jpeg
date: Mon, 26 Sep 2022 21:13:49 GMT
server: Apache
X-Firefox-Spdy: h2