Overview

URL grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
IP104.16.244.78
ASNCLOUDFLARENET
Location
Report completed2022-09-29 07:56:10 UTC
StatusLoading report..
urlquery Alerts Scam / Fake AntiVirus


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (17)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-29 05:05:36 UTC 143.204.55.27
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.76.226
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (1) 175 2017-06-14 07:23:31 UTC 2022-09-29 04:56:10 UTC 142.250.74.3
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-29 04:32:01 UTC 104.18.21.226
mnemonic passive DNS maxcdn.bootstrapcdn.com (2) 724 2014-06-18 00:37:31 UTC 2022-09-28 21:18:43 UTC 188.114.99.202
mnemonic passive DNS img-getpocket.cdn.mozilla.net (2) 1631 2017-09-01 03:40:57 UTC 2022-09-29 04:10:37 UTC 34.120.237.76
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-29 03:20:00 UTC 142.250.74.174
mnemonic passive DNS grf-8wamy.ondigitalocean.app (27) 0 2022-09-28 21:40:00 UTC 2022-09-28 21:40:00 UTC 104.16.244.78 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-29 05:03:41 UTC 143.204.55.49
mnemonic passive DNS ocsp.digicert.com (7) 86 2012-05-21 07:02:23 UTC 2022-09-29 04:12:37 UTC 93.184.220.29
mnemonic passive DNS cdn.jsdelivr.net (1) 439 2012-09-30 00:15:09 UTC 2022-09-29 04:13:14 UTC 151.101.85.229
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-28 04:42:17 UTC 142.250.74.72
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 35.86.38.2
mnemonic passive DNS code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2022-09-28 04:38:15 UTC 69.16.175.42
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-09-29 04:17:27 UTC 104.17.25.14
mnemonic passive DNS grf-8wamy.ondigitalocean.app (27) 0 2022-09-28 21:40:00 UTC 2022-09-28 21:40:00 UTC 104.16.243.78 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.16.244.78

Date UQ / IDS / BL URL IP
2022-12-07 23:52:05 +0000
12 - 0 - 0 mon07kfish-appsy7-25rbu.ondigitalocean.app/wi (...) 104.16.244.78
2022-12-07 23:41:01 +0000
52 - 0 - 0 svh-fon3p.ondigitalocean.app/ 104.16.244.78
2022-12-07 15:21:18 +0000
14 - 0 - 0 plankton-app-9mrc4.ondigitalocean.app/?phone= (...) 104.16.244.78
2022-12-07 14:17:01 +0000
53 - 0 - 0 monkfish-app-5mum9.ondigitalocean.app/?number (...) 104.16.244.78
2022-12-07 07:40:01 +0000
14 - 0 - 0 seahorse-app-xqq44.ondigitalocean.app/ 104.16.244.78

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-08 01:58:49 +0000
0 - 0 - 4 wdenablers.com/oime/index.php?QBOT.zip 104.21.42.63
2022-12-08 01:58:21 +0000
0 - 0 - 4 xpertnifty.in/essi/index.php?QBOT.zip 188.114.97.1
2022-12-08 01:57:09 +0000
0 - 0 - 4 treclo.com/rr/index.php?QBOT.zip 104.21.11.183
2022-12-08 01:56:53 +0000
0 - 0 - 4 vapetehran1.com/vutn/index.php?QBOT.zip 172.67.186.97
2022-12-08 01:56:43 +0000
0 - 0 - 2 verblackclover.net/uun/index.php?QBOT.zip 104.21.58.253

Last 1 reports on domain: grf-8wamy.ondigitalocean.app

Date UQ / IDS / BL URL IP
2022-09-29 07:56:10 +0000
11 - 0 - 0 grf-8wamy.ondigitalocean.app/?phone=+1-844-98 (...) 104.16.244.78

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-07 23:41:01 +0000
52 - 0 - 0 svh-fon3p.ondigitalocean.app/ 104.16.244.78
2022-12-04 00:26:09 +0000
50 - 0 - 14 ml7l-j95jg.ondigitalocean.app/ 104.16.243.78
2022-11-24 05:41:32 +0000
19 - 0 - 13 mmk-273nw.ondigitalocean.app/ 104.16.244.78
2022-11-03 14:54:22 +0000
12 - 0 - 0 mgt-huksd.ondigitalocean.app/?phone=+1-855-79 (...) 104.16.244.78
2022-10-29 00:54:56 +0000
11 - 0 - 0 g3r4-ioj6t.ondigitalocean.app/ 104.16.243.78


JavaScript

Executed Scripts (35)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 15, repeated: 1) - SHA256: 82f2c1930402f1a631eae6e46765e3c1f8ae1198676308ae130b36ddb03b69a9

                                        +1 - 844 - 980 - 4037
                                    


HTTP Transactions (55)


Request Response
                                        
                                            GET /?phone=+1-844-980-4037&rezp=unearth.com HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.16.244.78
HTTP/1.1 301 Moved Permanently
                                        
Date: Thu, 29 Sep 2022 07:55:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 29 Sep 2022 08:55:59 GMT
Location: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 752328e158040b49-OSL

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 07:15:52 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 96l50ZNj6EgGCLVu2rLY5kBgpz2cUedfavD-Hg-P2NwMKaHcuTDlOg==
Age: 2407


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16609
Expires: Thu, 29 Sep 2022 12:32:48 GMT
Date: Thu, 29 Sep 2022 07:55:59 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1kVk0jwtvwqZlq-7Mc9YSZoTZXK7fHE0BBVnmwnb7B3m9U90YzMNQA==
age: 8852
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2508
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 07:55:59 GMT
Last-Modified: Thu, 29 Sep 2022 07:14:11 GMT
Server: ECS (amb/6B94)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 29 Sep 2022 07:55:59 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3713
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 07:56:00 GMT
Last-Modified: Thu, 29 Sep 2022 06:54:07 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3713
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 07:56:00 GMT
Last-Modified: Thu, 29 Sep 2022 06:54:07 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 443
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 07:56:00 GMT
Last-Modified: Thu, 29 Sep 2022 07:48:37 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://grf-8wamy.ondigitalocean.app
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 29 Sep 2022 07:56:00 GMT
age: 10126802
x-served-by: cache-fra19162-FRA, cache-bma1674-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21830
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65299)
Size:   21830
Md5:    a5cbb97cf034dd181106adecdafe3035
Sha1:   5fca1af6c76dd3e609f7f92841e564df1281927a
Sha256: 5ae018daf5df2cd903f80162efbaa3e138e0ed47ff90a315f2e2c497dc88a890
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 07:56:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /jquery-3.2.1.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         69.16.175.42
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
content-encoding: gzip
content-length: 30125
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15283"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664438160.dop204.sk1.t,1664438160.cds072.sk1.hn,1664438160.cds222.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   30125
Md5:    148f8d3ffd9cc02048c5f4d1cc83c407
Sha1:   9f2b89cfd151be6a29b4d43ad64d164fb8471046
Sha256: 4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e
                                        
                                            GET /ajax/libs/modernizr/2.8.3/modernizr.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
content-length: 3980
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03f26-2b4c"
last-modified: Mon, 04 May 2020 16:13:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 550527
expires: Tue, 19 Sep 2023 07:56:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WNXIFYMZNLLZ7ec16RaTiF9P0TQhs2qXpNhXduoAdpzlRi1uCiQrLxTw1hlZ%2FCAdSntpwariCriQQsH9vilxYEF7%2FlqRHAXdP%2FrK4AtWGZb7DbyGS%2F89N0jqZLsIYYHOzWxlxPip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 752328e548e10b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (11084), with no line terminators
Size:   3980
Md5:    a5775b673c18ffa903cd1a6129ce5f87
Sha1:   ee2569b285a7dbc4ccc95b01a16f06943fade768
Sha256: ab8ad2f07d5214be2ade4edcd295d5fb8f8aa60971b3ec1348063a8a19659fc9
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4893
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 07:56:00 GMT
Last-Modified: Thu, 29 Sep 2022 06:34:27 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 07:56:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "4F9AB93B484702FA9B0DBA3442CFF828EDD05B82"
Expires: Thu, 29 Sep 2022 19:00:00 GMT
Last-Modified: Thu, 29 Sep 2022 07:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 579
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 752328e58c29b523-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    77a8ce93a581b53562be1e417739e7a0
Sha1:   5eabccad2f2ef00c5fa32b64ff7ec2695e7a1078
Sha256: cb60c0c6ece79e7d561f0979b0e730780feea0f1f8ee444257d9f7d83d13fe43
                                        
                                            GET /gtag/js?id=UA-228316669-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Sep 2022 07:56:00 GMT
expires: Thu, 29 Sep 2022 07:56:00 GMT
cache-control: private, max-age=900
last-modified: Thu, 29 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42348
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2039)
Size:   42348
Md5:    217ee830bdf806902c7a360a1acde110
Sha1:   cc677a60a53423760bb40f43936b1166932de7bd
Sha256: 7ce9a4fb294f37f07a4a84af71a55048df187cbe1c7b5b37d46883ccd6b8a38d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 443
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 07:56:00 GMT
Last-Modified: Thu, 29 Sep 2022 07:48:37 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /bootstrap/3.4.1/css/bootstrap.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.114.99.202
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 2021-03-10 20:26:25
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 61d285a2b452357d1d833ab142fef512
cdn-cache: HIT
cf-cache-status: HIT
age: 13748937
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 752328e52c860b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65369)
Size:   20806
Md5:    179f3707ec62e60bd9c1b714eb175c71
Sha1:   8d0ebc089367f839b602fe9c703f409833209a63
Sha256: af139442ff66874a345d9d1ec03211f46b01e3b62d01028754e38ff513ece7df
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 07:29:33 GMT
Expires: Thu, 29 Sep 2022 07:40:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UkNWuZQZ-DY2OuOlXsuPP90cBfKjRKqo1OSVJ3glNVbg3sZX-PNMRQ==
Age: 1587


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4827
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 07:56:00 GMT
Last-Modified: Thu, 29 Sep 2022 06:35:33 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /setting.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
content-length: 364
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "e144c3378090087c8ce129a30cb6cb4e"
x-amz-request-id: tx000000000000002fc7169-0063354f90-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4bfbbb52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size:   364
Md5:    e144c3378090087c8ce129a30cb6cb4e
Sha1:   59da5466551de941d0215e45c54aa2ceaf436be1
Sha256: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /bell.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
content-length: 1108
last-modified: Wed, 28 Sep 2022 21:00:09 GMT
x-rgw-object-type: Normal
etag: "a3555871399f1f67bfacaf437974b03a"
x-amz-request-id: tx000000000000002fc5510-0063354f90-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4cfc9b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size:   1108
Md5:    a3555871399f1f67bfacaf437974b03a
Sha1:   b6337de87cd7a75a73cd804774651d14c83fe76a
Sha256: 2e48fef820929c21295e13444901f60e3aed61ba6f8c773ff1466e6843e76b49

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /mic.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
content-length: 194
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "df0a213a8bc598e53c8513b360fc910e"
x-amz-request-id: tx000000000000002fc716b-0063354f90-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4bfb6b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size:   194
Md5:    df0a213a8bc598e53c8513b360fc910e
Sha1:   b8cb3eac6254ced5dcf57beecf3758a4a9bc8c26
Sha256: c6ea65b06c0f199ee8073ae19b9909fa004de0bc3d5c9d6402693e14e0ae979f
                                        
                                            GET /pc.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
content-length: 4949
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "cc5132b56ba46b03dd998aa1fe220106"
x-amz-request-id: tx000000000000002fc716c-0063354f90-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4dfd2b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data
Size:   4949
Md5:    cc5132b56ba46b03dd998aa1fe220106
Sha1:   403e007a0b17d76a9945fa5ec46a9d01733b3040
Sha256: 598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fS1g7ts4hsTOAGdY3iC+Cg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.86.38.2
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GfJfeNcAfRVfXspe816zMIbrNlU=

                                        
                                            GET /def.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
content-length: 3834
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "77a2ffc5545f87551d74781201de9b3b"
x-amz-request-id: tx000000000000002fc5516-0063354f90-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4dfd3b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   3834
Md5:    77a2ffc5545f87551d74781201de9b3b
Sha1:   c9c3798afd2ae95aa3bba3c428335d49c8255b06
Sha256: 316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /que.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
content-length: 349
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "7454c652e0733d92de6c920c2d646ae0"
x-amz-request-id: tx000000000000002fc5518-0063354f90-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4cfbfb52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Size:   349
Md5:    7454c652e0733d92de6c920c2d646ae0
Sha1:   34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
Sha256: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /virus-scan.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
content-length: 25871
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "2c497dfff84bd8c5af9254c9d6278ce1"
x-amz-request-id: tx000000000000002fc550d-0063354f90-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4cfc7b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size:   25871
Md5:    2c497dfff84bd8c5af9254c9d6278ce1
Sha1:   667e72e7ba6f00a54629e28133317022d4b59af6
Sha256: b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /microsoft.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
content-length: 700
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "0ff56a6a86d5e52a8befd4c71d1842df"
x-amz-request-id: tx000000000000002fc7178-0063354f91-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4bfbab52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 47 x 46, 8-bit colormap, non-interlaced\012- data
Size:   700
Md5:    0ff56a6a86d5e52a8befd4c71d1842df
Sha1:   9a5cd44dd2f43a37ce3af14e167bcba480e97ff4
Sha256: 81e528ea37468236da238a66c1539207d5eca2db4dbeb429bb0e67b80f04a9bb

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /minimize.jpeg HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
content-length: 2247
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "1ba392dce74f8987dca48bf65d817c8f"
x-amz-request-id: tx000000000000002fc7179-0063354f91-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4bfb8b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3\012- data
Size:   2247
Md5:    1ba392dce74f8987dca48bf65d817c8f
Sha1:   db0b8444c46125105b52f272bd422a7f52da1f72
Sha256: a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /virus-images.jpeg HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
content-length: 8196
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "5fc559a242f0ea0a023f10830887d2af"
x-amz-request-id: tx000000000000002fc717a-0063354f91-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4dfd6b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 254x71, components 3\012- data
Size:   8196
Md5:    5fc559a242f0ea0a023f10830887d2af
Sha1:   9d744c2f3a6bf5b715496350c8de7124cdd7ddc8
Sha256: 3b531d403dc8ce7cbb0efb1a0c307cfb2bbaaf21feaff9f3546f13bebda71887

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /cross.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:02 GMT
content-length: 44098
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "4487a588bf2a07e3d1936d705c5ceefd"
x-amz-request-id: tx000000000000002fc551f-0063354f91-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4dfd4b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size:   44098
Md5:    4487a588bf2a07e3d1936d705c5ceefd
Sha1:   db193b3e2ab9fbee6eae99ced2366b1ef5f16971
Sha256: 3821ef20f5904fdb993e34d87ff8fb9c5786a382efb0eeee8b4f00c91428b701

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /bg2.jpeg HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
content-length: 312439
last-modified: Wed, 28 Sep 2022 21:00:11 GMT
x-rgw-object-type: Normal
etag: "f77bdf7166b1b136a944fc6fbb6155eb"
x-amz-request-id: tx000000000000002fc5517-0063354f90-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4bfb2b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size:   312439
Md5:    f77bdf7166b1b136a944fc6fbb6155eb
Sha1:   107b87a5913d8e16a0936da03610d34111ad9b3d
Sha256: a8e3e67b3894cf2a89be4d27d94b1863b815f45433b14a166aa0e83fff2af48a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3561
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 07:56:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3561
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 07:56:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3561
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 07:56:02 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7859
x-amzn-requestid: 34d0718f-46d4-446f-bb06-8449bd8f4287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZIlO4FcBoAMFy0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63334f2b-58ae81c9077e4f1575750f15;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 19:29:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LwYd0qn4P-zh1W4GvU8vNEo3_TZHEqtErAj3UKx7a82LIDaBsiXE-w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 19:04:20 GMT
age: 46302
etag: "35ec6e80d324bb215796c590a7ffafbaea55d88e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7859
Md5:    c62a6368c456e9614ca4c8e360a2ef12
Sha1:   35ec6e80d324bb215796c590a7ffafbaea55d88e
Sha256: 90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3561
Expires: Thu, 29 Sep 2022 08:55:23 GMT
Date: Thu, 29 Sep 2022 07:56:02 GMT
Connection: keep-alive

                                        
                                            GET /main.js HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: W/"bc513794f40d3ffba3362b531e651e1a"
x-amz-request-id: tx000000000000002fc551d-0063354f91-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 752328e4dfd9b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   6742
Md5:    627bd10e0f52f92257249af737c2d3f5
Sha1:   4a67f97144a42cde9e473911f965324520aabb17
Sha256: 6b50be0c11af2fcfdbbb30373eec412d663f6fe9c5fd450e985673833a067132
                                        
                                            GET /before.js HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
last-modified: Wed, 28 Sep 2022 21:00:07 GMT
x-rgw-object-type: Normal
etag: W/"8ebbb38cf682d5f27d96161903328daf"
x-amz-request-id: tx000000000000002fc551e-0063354f91-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 752328e4dfd8b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   9835
Md5:    bd8ce7fb323efe3c5a7990021e2a7fe0
Sha1:   e72468e392c973feb97ff5ba3d18de0e16da0341
Sha256: 73f63892f1f2ad1a9064314ed93ab168d1dd0671d6ee3b4eec63a620e2f47db8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9034
x-amzn-requestid: 20199dff-cd75-4f47-9395-9fdab045638c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYtHROoAMFQ6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-6a77e2d438ae887e4cd54ec6;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: z92zeMKTSVmpz2TYok8XpBUxuY4ZzN3Z_w32gQgjX1QGb26YDxnfdQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:40 GMT
age: 12922
etag: "927d5a375d9607b23caadae148566fdff10147b1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9034
Md5:    2054ae778a3079d8233ee33045127df6
Sha1:   927d5a375d9607b23caadae148566fdff10147b1
Sha256: 6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a
                                        
                                            GET /light.js HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: W/"1254046725b03e59683adbe0fde59733"
x-amz-request-id: tx000000000000002fc717b-0063354f91-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 752328e4dfdbb52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   9221
Md5:    2913d12985a7fbfe5c4f910ee1ca6222
Sha1:   3f1a57eee90c7d5bf43ba5aede86a98816ab4fff
Sha256: c4ad2c29937c01708b026b08af040aafbeb8149172fc147b680c1fcf76dc4bd8
                                        
                                            GET /fullscreen.js HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: W/"424165d04aaac003395f964590e6cb2d"
x-amz-request-id: tx000000000000002fc7173-0063354f90-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 752328e4dfd7b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3462
Md5:    6d99e8903a9d86e378a633241e9473ed
Sha1:   52ff59f8a98e4078506b47cbf6ffe762bcac8edf
Sha256: d107ef54f2ca131fef34e8d8cdc8c32def4ca5849c429f0b0e5a87a0ba7bf941
                                        
                                            GET /cross.svg HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: W/"bc1f7dd210381c4c10bd93c4bccdc587"
x-amz-request-id: tx000000000000002fc716a-0063354f90-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 752328e4bfb4b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (584), with no line terminators
Size:   8710
Md5:    4d2d348a7d281df6e940bfa05175764d
Sha1:   06f2243a0e624fbc25adbc645c7810d83dbce4f4
Sha256: f2d8e444660ae5fa31d99c821b1a6bb442243607292ea92ce54902de610dfb99
                                        
                                            GET /bg1.jpeg HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Thu, 29 Sep 2022 07:56:02 GMT
content-length: 653698
last-modified: Wed, 28 Sep 2022 21:00:10 GMT
x-rgw-object-type: Normal
etag: "3722bd7abebdd2124f3d4d24f1823024"
x-amz-request-id: tx000000000000002fc7177-0063354f91-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328e4bfafb52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1394, components 3\012- data
Size:   653698
Md5:    3722bd7abebdd2124f3d4d24f1823024
Sha1:   50b50222ea17bd754457b0d99ce9fd199e610bc6
Sha256: d8a9ac3f3dc3fde6dfc7a7481aa50b2c8008f342a92cc27a5885ac84b852bd0a
                                        
                                            GET /seo.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:02 GMT
content-length: 20629
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: "d6a6abff8300306298b9839210a01272"
x-amz-request-id: tx000000000000002fc7183-0063354f92-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328ed8ff9b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size:   20629
Md5:    d6a6abff8300306298b9839210a01272
Sha1:   5d816e96fe022415f817bc580273bb6e3c58fb33
Sha256: 8d3a47bb7fede0db929ed92f8ebaee71fc12e3b4cc4f43362f3fc304d6fd130b
                                        
                                            GET /antivirus.png HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 29 Sep 2022 07:56:02 GMT
content-length: 17021
last-modified: Wed, 28 Sep 2022 21:00:06 GMT
x-rgw-object-type: Normal
etag: "f6e5701a264992107acc4583ed4ae622"
x-amz-request-id: tx000000000000002fc5527-0063354f92-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 752328ed8ffcb52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size:   17021
Md5:    f6e5701a264992107acc4583ed4ae622
Sha1:   a6df615fcb3a05bf4aefa62221127970956e5de6
Sha256: 45eb621e5fa1258a63f8e53d8032a1acd8805366bf0ea4c5f48cb2adbeaaa28f
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 29 Sep 2022 06:41:09 GMT
expires: Thu, 29 Sep 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 4493
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /chat2.css HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:01 GMT
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: W/"b134372f192646ab45be2595d2953eb6"
x-amz-request-id: tx000000000000002fc551c-0063354f91-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 752328e4bfa6b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /main.css HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
etag: W/"42c4e2e8dd76ead8423337d13847c835"
x-amz-request-id: tx000000000000002fc550e-0063354f90-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 752328e4afa2b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:03 GMT
last-modified: Wed, 28 Sep 2022 21:00:05 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000000000000002fc718e-0063354f93-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 752328f57f23b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /arrow.svg HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
last-modified: Wed, 28 Sep 2022 21:00:06 GMT
x-rgw-object-type: Normal
etag: W/"4a2289f2e154a09f7a8f168c13c251bf"
x-amz-request-id: tx000000000000002fc550f-0063354f90-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 752328e4bfb7b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /?phone=+1-844-980-4037&rezp=unearth.com HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.16.243.78
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:55:59 GMT
last-modified: Wed, 28 Sep 2022 21:00:12 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000000000000002f6f569-006334ce12-21434b5a-sfo3a
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: HIT
age: 32988
vary: Accept-Encoding
server: cloudflare
cf-ray: 752328e3bed0b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.114.99.202
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:56:00 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 9882408
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 752328e54ca60b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /a0lerFR0tm0s.mp3 HTTP/1.1 
Host: grf-8wamy.ondigitalocean.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://grf-8wamy.ondigitalocean.app/?phone=+1-844-980-4037&rezp=unearth.com
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.243.78
HTTP/2 206 Partial Content
content-type: audio/mpeg
                                        
date: Thu, 29 Sep 2022 07:56:02 GMT
content-length: 200832
last-modified: Wed, 28 Sep 2022 21:00:06 GMT
x-rgw-object-type: Normal
etag: "0116152611dd51432e852781f8cc7e82"
x-amz-request-id: tx000000000000002fc7180-0063354f91-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 1add2738-2b6e-466f-b176-3a8923c02a58
x-do-orig-status: 200
cf-cache-status: MISS
content-range: bytes 0-200831/200832
server: cloudflare
cf-ray: 752328edb828b52d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---