| ml7l-j95jg.ondigitalocean.app/ |  104.16.243.78 | 301 Moved Permanently | 0 B |
URL HTTP/1.1ml7l-j95jg.ondigitalocean.app/ IP104.16.243.78:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | fortinet | Phishing | |
GET / HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Dec 2022 00:25:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 04 Dec 2022 01:25:57 GMT
Location: https://ml7l-j95jg.ondigitalocean.app/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774068662d710b69-OSL
|
|
| r3.o.lencr.org/ |  23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3bbb845b153026fc5332dd4506585b57 3cad200fac28fd00f34ce6ef79373e661e188743 6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4076
Expires: Sun, 04 Dec 2022 01:33:53 GMT
Date: Sun, 04 Dec 2022 00:25:57 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash67e9370f1bf3e4946a01f346eeae8966 aaab391d1134302d718de7a0d5edbedf884633e6 27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1433
Cache-Control: max-age=124148
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 00:25:57 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 10:55:05 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash55b4c61a1e99001307750e3647fe1102 7559f9f6770b7d3f45b723167062096312641e08 39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5723
Expires: Sun, 04 Dec 2022 02:01:20 GMT
Date: Sun, 04 Dec 2022 00:25:57 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain |  34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash9ebddc2b260d081ebbefee47c037cb28 492bad62a7ca6a74738921ef5ae6f0be5edebf39 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ypaGgRgEWUYEBZu/9oXc0Z7okwwwL05cYATqIUwkqfABlCrwy4YRVGvSsj74Sv1Ln0rMR+nKDk+cN7EPrp7uSA==
x-amz-request-id: B6S9RK1JWD28Z7ZT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 23:47:19 GMT
age: 2318
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/ | 34.102.187.140 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash14cd9a0afb6ba9a763651d5112760d1e 75d7b104ab9ab11fbb73c3f348b43b0119b5adfa 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 00:18:20 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 457
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hasha72db6e1115d6bdaae1c42bf6f42b29b 0f81c1934161d91b02322d16d32c84d609e546fc 70402cb2ae962037d456cca92a043f8814e6365f4b81785bdaf8620eff0e2eaf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4424
Cache-Control: max-age=90381
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 00:25:57 GMT
Etag: "638a95da-117"
Expires: Mon, 05 Dec 2022 01:32:18 GMT
Last-Modified: Sat, 03 Dec 2022 00:18:34 GMT
Server: ECS (amb/6B7B)
X-Cache: HIT
Content-Length: 279
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 00:25:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hasha96c48a3affad46a0b7f5b8178b926d3 cab43cf055876aa6e3a3e0563e9bc550a00f70da f1bf5a7faea6b7ee9b5c8395188e4a5ba1840e1626e500803522c5950c472a68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1331
Cache-Control: max-age=111459
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 00:25:58 GMT
Etag: "638af447-116"
Expires: Mon, 05 Dec 2022 07:23:37 GMT
Last-Modified: Sat, 03 Dec 2022 07:01:27 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278
|
|
| cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js | 104.17.24.14 | 200 OK | 4.0 kB |
URL HTTP/2cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js IP104.17.24.14:0
File typeHTML document, ASCII text, with very long lines (11084), with no line terminators Hasha5775b673c18ffa903cd1a6129ce5f87 ee2569b285a7dbc4ccc95b01a16f06943fade768 ab8ad2f07d5214be2ade4edcd295d5fb8f8aa60971b3ec1348063a8a19659fc9
GET /ajax/libs/modernizr/2.8.3/modernizr.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 3980
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03f26-2b4c"
last-modified: Mon, 04 May 2020 16:13:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1574912
expires: Fri, 24 Nov 2023 00:25:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2BgBIRpq6SJza5%2BI22DqLSlOuCeW0lO9nNS2sFlB2a4aVZH582d8kX27owoeXMBeFYyFoKRJzaGGjTOZy2FmTjMZj1DOH3FCLK52iNv9zvoWo0lDqC4n1tye851c3TYqP6ck3ybY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7740686a3db81c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hasha96c48a3affad46a0b7f5b8178b926d3 cab43cf055876aa6e3a3e0563e9bc550a00f70da f1bf5a7faea6b7ee9b5c8395188e4a5ba1840e1626e500803522c5950c472a68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1331
Cache-Control: max-age=111459
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 00:25:58 GMT
Etag: "638af447-116"
Expires: Mon, 05 Dec 2022 07:23:37 GMT
Last-Modified: Sat, 03 Dec 2022 07:01:27 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash3c4319f54a5675ee9acda96c58f97ac6 210ea86db1836d430b321d59b4bd1b016c914f22 cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 00:25:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js | 151.101.129.229 | 200 OK | 22 kB |
URL HTTP/2cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js IP151.101.129.229:0
File typeASCII text, with very long lines (65299) Hasha5cbb97cf034dd181106adecdafe3035 5fca1af6c76dd3e609f7f92841e564df1281927a 5ae018daf5df2cd903f80162efbaa3e138e0ed47ff90a315f2e2c497dc88a890
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ml7l-j95jg.ondigitalocean.app
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 00:25:58 GMT
age: 15802201
x-served-by: cache-fra19162-FRA, cache-bma1649-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21830
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.2.1.min.js | 69.16.175.42 | 200 OK | 30 kB |
URL HTTP/2code.jquery.com/jquery-3.2.1.min.js IP69.16.175.42:0
File typeASCII text, with very long lines (32058) Hash148f8d3ffd9cc02048c5f4d1cc83c407 9f2b89cfd151be6a29b4d43ad64d164fb8471046 4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e
GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-encoding: gzip
content-length: 30125
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15283"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670113558.dop204.sk1.t,1670113558.cds201.sk1.hn,1670113558.cds222.sk1.c
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hasha96c48a3affad46a0b7f5b8178b926d3 cab43cf055876aa6e3a3e0563e9bc550a00f70da f1bf5a7faea6b7ee9b5c8395188e4a5ba1840e1626e500803522c5950c472a68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1331
Cache-Control: max-age=111459
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 00:25:58 GMT
Etag: "638af447-116"
Expires: Mon, 05 Dec 2022 07:23:37 GMT
Last-Modified: Sat, 03 Dec 2022 07:01:27 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278
|
|
| www.googletagmanager.com/gtag/js?id=UA-228316669-1 | 172.217.21.168 | 200 OK | 44 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=UA-228316669-1 IP172.217.21.168:0
File typeASCII text, with very long lines (1921) Hashf5c2a229f1367311068e097738a1b52b d6d36c789ca283256f707cd07ac95d15ce6e64ce 445d955434aedb7e5e3b2b4a57a9f95c4fd1ec6918832897110d5ca8177a0afc
GET /gtag/js?id=UA-228316669-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 00:25:58 GMT
expires: Sun, 04 Dec 2022 00:25:58 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43580
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1 | 104.18.20.226 | 200 OK | 1.5 kB |
URL HTTP/1.1ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1 IP104.18.20.226:0
Hash5c98d6884af77ffe7cab11dbb59691a5 6328e1c427324e3889706818eeb5921b44384b56 517b24986a98ee4fdff02442a8d828032469201017933388d79bac56e2cd3634
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 00:25:58 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "F1C6319DC77875020B6625D7F342922CFE5C2C03"
Expires: Sun, 04 Dec 2022 11:00:00 GMT
Last-Modified: Sat, 03 Dec 2022 23:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1885
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7740686afa36b515-OSL
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hashe63a3fb1ef1a4ebbbd126969d6ee68ca 8bc9c26950b3899087e25ddea159c28f57b47200 f2ec30377e239f64286ae7dde8032e4e332b6c123f7decc07126fbbcff460a69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 00:25:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ml7l-j95jg.ondigitalocean.app/minimize.jpeg | 104.16.243.78 | 200 OK | 2.2 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/minimize.jpeg IP104.16.243.78:0
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3\012- data Hash1ba392dce74f8987dca48bf65d817c8f db0b8444c46125105b52f272bd422a7f52da1f72 a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | fortinet | Phishing | |
GET /minimize.jpeg HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/jpeg
content-length: 2247
cf-bgj: h2pri
cache-control: public,max-age=10,s-maxage=86400
etag: "1ba392dce74f8987dca48bf65d817c8f"
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: tx000000000000006d07c54-00638bb03b-2143371e-sfo3a
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
x-rgw-object-type: Normal
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c3e0b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/mic.png | 104.16.243.78 | 200 OK | 194 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/mic.png IP104.16.243.78:0
File typePNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data Hashdf0a213a8bc598e53c8513b360fc910e b8cb3eac6254ced5dcf57beecf3758a4a9bc8c26 c6ea65b06c0f199ee8073ae19b9909fa004de0bc3d5c9d6402693e14e0ae979f
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /mic.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 194
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
etag: "df0a213a8bc598e53c8513b360fc910e"
x-amz-request-id: tx000000000000006d05f34-00638bb03b-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c3a0b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/que.png | 104.16.243.78 | 200 OK | 349 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/que.png IP104.16.243.78:0
File typePNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data Hash7454c652e0733d92de6c920c2d646ae0 34a5bd8c7401f95e346895b0e5ccffbf0e9ad638 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /que.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 349
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
etag: "7454c652e0733d92de6c920c2d646ae0"
x-amz-request-id: tx000000000000006d07c5b-00638bb03c-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c490b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/setting.png | 104.16.243.78 | 200 OK | 364 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/setting.png IP104.16.243.78:0
File typePNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data Hashe144c3378090087c8ce129a30cb6cb4e 59da5466551de941d0215e45c54aa2ceaf436be1 b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /setting.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 364
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
etag: "e144c3378090087c8ce129a30cb6cb4e"
x-amz-request-id: tx000000000000006d05f35-00638bb03b-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c480b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/bell.png | 104.16.243.78 | 200 OK | 1.1 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/bell.png IP104.16.243.78:0
File typePNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data Hasha3555871399f1f67bfacaf437974b03a b6337de87cd7a75a73cd804774651d14c83fe76a 2e48fef820929c21295e13444901f60e3aed61ba6f8c773ff1466e6843e76b49
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /bell.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 1108
last-modified: Fri, 02 Dec 2022 16:41:26 GMT
x-rgw-object-type: Normal
etag: "a3555871399f1f67bfacaf437974b03a"
x-amz-request-id: tx000000000000006d05f3d-00638bb03c-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c4b0b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/pc.png | 104.16.243.78 | 200 OK | 4.9 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/pc.png IP104.16.243.78:0
File typePNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data Hashcc5132b56ba46b03dd998aa1fe220106 403e007a0b17d76a9945fa5ec46a9d01733b3040 598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /pc.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 4949
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
etag: "cc5132b56ba46b03dd998aa1fe220106"
x-amz-request-id: tx000000000000006d05f3b-00638bb03c-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c4c0b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/virus-images.jpeg | 104.16.243.78 | 200 OK | 8.2 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/virus-images.jpeg IP104.16.243.78:0
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 254x71, components 3\012- data Hash5fc559a242f0ea0a023f10830887d2af 9d744c2f3a6bf5b715496350c8de7124cdd7ddc8 3b531d403dc8ce7cbb0efb1a0c307cfb2bbaaf21feaff9f3546f13bebda71887
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | fortinet | Phishing | |
GET /virus-images.jpeg HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/jpeg
content-length: 8196
cf-bgj: h2pri
cache-control: public,max-age=10,s-maxage=86400
etag: "5fc559a242f0ea0a023f10830887d2af"
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: tx000000000000006d07c58-00638bb03c-2143371e-sfo3a
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
x-rgw-object-type: Normal
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a2c4f0b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/def.png | 104.16.243.78 | 200 OK | 3.8 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/def.png IP104.16.243.78:0
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Hash77a2ffc5545f87551d74781201de9b3b c9c3798afd2ae95aa3bba3c428335d49c8255b06 316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /def.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 3834
last-modified: Fri, 02 Dec 2022 16:41:29 GMT
x-rgw-object-type: Normal
etag: "77a2ffc5545f87551d74781201de9b3b"
x-amz-request-id: tx000000000000006d07c5a-00638bb03c-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c4d0b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/microsoft.png | 104.16.243.78 | 200 OK | 700 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/microsoft.png IP104.16.243.78:0
File typePNG image data, 47 x 46, 8-bit colormap, non-interlaced\012- data Hash0ff56a6a86d5e52a8befd4c71d1842df 9a5cd44dd2f43a37ce3af14e167bcba480e97ff4 81e528ea37468236da238a66c1539207d5eca2db4dbeb429bb0e67b80f04a9bb
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /microsoft.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 700
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
etag: "0ff56a6a86d5e52a8befd4c71d1842df"
x-amz-request-id: tx000000000000006d07c53-00638bb03b-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c450b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/virus-scan.png | 104.16.243.78 | 200 OK | 26 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/virus-scan.png IP104.16.243.78:0
File typePNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data Hash2c497dfff84bd8c5af9254c9d6278ce1 667e72e7ba6f00a54629e28133317022d4b59af6 b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /virus-scan.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 25871
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
etag: "2c497dfff84bd8c5af9254c9d6278ce1"
x-amz-request-id: tx000000000000006d05f39-00638bb03c-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c4a0b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/bg2.jpeg | 104.16.243.78 | 200 OK | 312 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/bg2.jpeg IP104.16.243.78:0
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data Size312 kB (312439 bytes) Hashf77bdf7166b1b136a944fc6fbb6155eb 107b87a5913d8e16a0936da03610d34111ad9b3d a8e3e67b3894cf2a89be4d27d94b1863b815f45433b14a166aa0e83fff2af48a
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | fortinet | Phishing | |
GET /bg2.jpeg HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/jpeg
content-length: 312439
cf-bgj: h2pri
cache-control: public,max-age=10,s-maxage=86400
etag: "f77bdf7166b1b136a944fc6fbb6155eb"
last-modified: Fri, 02 Dec 2022 16:41:29 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: tx000000000000006d07c52-00638bb03b-2143371e-sfo3a
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
x-rgw-object-type: Normal
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c370b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/cross.png | 104.16.243.78 | 200 OK | 44 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/cross.png IP104.16.243.78:0
File typePNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data Hash4487a588bf2a07e3d1936d705c5ceefd db193b3e2ab9fbee6eae99ced2366b1ef5f16971 3821ef20f5904fdb993e34d87ff8fb9c5786a382efb0eeee8b4f00c91428b701
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /cross.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 44098
last-modified: Fri, 02 Dec 2022 16:41:29 GMT
x-rgw-object-type: Normal
etag: "4487a588bf2a07e3d1936d705c5ceefd"
x-amz-request-id: tx000000000000006d05f38-00638bb03c-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a1c4e0b65-OSL
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 34.102.187.140 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 00:11:19 GMT
cache-control: public,max-age=3600
age: 879
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/bg1.jpeg | 104.16.243.78 | 200 OK | 654 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/bg1.jpeg IP104.16.243.78:0
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1394, components 3\012- data Size654 kB (653698 bytes) Hash3722bd7abebdd2124f3d4d24f1823024 50b50222ea17bd754457b0d99ce9fd199e610bc6 d8a9ac3f3dc3fde6dfc7a7481aa50b2c8008f342a92cc27a5885ac84b852bd0a
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | fortinet | Phishing | |
GET /bg1.jpeg HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/jpeg
content-length: 653698
cf-bgj: h2pri
cache-control: public,max-age=10,s-maxage=86400
etag: "3722bd7abebdd2124f3d4d24f1823024"
last-modified: Fri, 02 Dec 2022 16:41:28 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: tx000000000000006d05f36-00638bb03b-21434b5a-sfo3a
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
x-rgw-object-type: Normal
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686a0c360b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/fullscreen.js | 104.16.243.78 | 200 OK | 601 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/fullscreen.js IP104.16.243.78:0
Hash333268634f209b250b15261a5f44f1c6 b0188c04767524705575c9a24366cd91964aa0c8 900ec8fc6711b0cbb8c311dce9b6ed3c0fd1de39a8f832ad6e453f1a574b475a
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /fullscreen.js HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 02 Dec 2022 16:41:29 GMT
x-rgw-object-type: Normal
etag: W/"424165d04aaac003395f964590e6cb2d"
x-amz-request-id: tx000000000000006d05f30-00638bb03b-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7740686a2c550b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/cross.svg | 104.16.243.78 | 200 OK | 21 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/cross.svg IP104.16.243.78:0
File typeSVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (584), with no line terminators Hashdd5337201d5f014ce276219b4cf11032 5947edfa0d9f88a1e79fd1f62d6a0ae4f4aed10d 9bcb222aef0fff9d3d60e3db23cfa1258f7941b26a55b794ee4467ac2313ed44
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /cross.svg HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/svg+xml
last-modified: Fri, 02 Dec 2022 16:41:29 GMT
x-rgw-object-type: Normal
etag: W/"bc1f7dd210381c4c10bd93c4bccdc587"
x-amz-request-id: tx000000000000006d07c55-00638bb03b-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7740686a1c390b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/antivirus.png | 104.16.243.78 | 200 OK | 17 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/antivirus.png IP104.16.243.78:0
File typePNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data Hashf6e5701a264992107acc4583ed4ae622 a6df615fcb3a05bf4aefa62221127970956e5de6 45eb621e5fa1258a63f8e53d8032a1acd8805366bf0ea4c5f48cb2adbeaaa28f
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus |
GET /antivirus.png HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/png
content-length: 17021
last-modified: Fri, 02 Dec 2022 16:41:24 GMT
x-rgw-object-type: Normal
etag: "f6e5701a264992107acc4583ed4ae622"
x-amz-request-id: tx000000000000006d07c77-00638bb03e-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7740686c7db90b65-OSL
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 54.148.69.31 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.148.69.31:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PWGfWSQQ4zmIFGIv0jiw1A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iL+ZQ5Vki5eLQKaFqX3MaO9Vu00=
|
|
| www.google-analytics.com/analytics.js | 142.250.74.110 | 200 OK | 20 kB |
URL HTTP/2www.google-analytics.com/analytics.js IP142.250.74.110:0
File typeASCII text, with very long lines (1325) Hash47e6f374ca946fddd5b59871b325736c baa9282efc8785e84d247c3bff518eaa45f101c4 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 03 Dec 2022 22:41:08 GMT
expires: Sun, 04 Dec 2022 00:41:08 GMT
cache-control: public, max-age=7200
age: 6290
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| www.google-analytics.com/j/collect?v=1&_v=j98&a=1577443837&t=pageview&_s=1&dl=https%3A%2F%2Fml7l-j95jg.ondigitalocean.app%2F&ul=en-us&de=UTF-8&dt=%7C%5C_%7C%7CPirated_Activation_code_detected_0xRedx0xx786xx786y_cu5tomer_s5upport&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1738803916&gjid=138231881&cid=583404315.1670113557&tid=UA-228316669-1&_gid=2075885982.1670113557&_r=1>m=2oubu0&z=776106618 | 142.250.74.110 | 200 OK | 1 B |
URL HTTP/2www.google-analytics.com/j/collect?v=1&_v=j98&a=1577443837&t=pageview&_s=1&dl=https%3A%2F%2Fml7l-j95jg.ondigitalocean.app%2F&ul=en-us&de=UTF-8&dt=%7C%5C_%7C%7CPirated_Activation_code_detected_0xRedx0xx786xx786y_cu5tomer_s5upport&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1738803916&gjid=138231881&cid=583404315.1670113557&tid=UA-228316669-1&_gid=2075885982.1670113557&_r=1>m=2oubu0&z=776106618 IP142.250.74.110:0
File typevery short file (no magic) Hashc4ca4238a0b923820dcc509a6f75849b 356a192b7913b04c54574d18c28d46e6395428ab 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=1577443837&t=pageview&_s=1&dl=https%3A%2F%2Fml7l-j95jg.ondigitalocean.app%2F&ul=en-us&de=UTF-8&dt=%7C%5C_%7C%7CPirated_Activation_code_detected_0xRedx0xx786xx786y_cu5tomer_s5upport&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1738803916&gjid=138231881&cid=583404315.1670113557&tid=UA-228316669-1&_gid=2075885982.1670113557&_r=1>m=2oubu0&z=776106618 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://ml7l-j95jg.ondigitalocean.app
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://ml7l-j95jg.ondigitalocean.app
date: Sun, 04 Dec 2022 00:25:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/btmng0786xx.mp3 | 104.16.243.78 | 206 Partial Content | 8.4 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/btmng0786xx.mp3 IP104.16.243.78:0
File typeAudio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural\012- data Hash8618fbb0911e3b8fc96725dee8bfd81f 1bbcb78922946d0cf18fbf3a9e092e36453eb767 0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1
| Analyzer | Verdict | Alert |
|---|
| urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | urlquery | | Scam - Fake AntiVirus | | fortinet | Phishing | |
GET /btmng0786xx.mp3 HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
date: Sun, 04 Dec 2022 00:25:59 GMT
content-type: audio/mpeg
content-length: 8405
last-modified: Fri, 02 Dec 2022 16:41:29 GMT
x-rgw-object-type: Normal
etag: "8618fbb0911e3b8fc96725dee8bfd81f"
x-amz-request-id: tx000000000000006d07c5d-00638bb03c-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
content-range: bytes 0-8404/8405
server: cloudflare
cf-ray: 7740686c8dc10b65-OSL
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6615
Expires: Sun, 04 Dec 2022 02:16:15 GMT
Date: Sun, 04 Dec 2022 00:26:00 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6615
Expires: Sun, 04 Dec 2022 02:16:15 GMT
Date: Sun, 04 Dec 2022 00:26:00 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6615
Expires: Sun, 04 Dec 2022 02:16:15 GMT
Date: Sun, 04 Dec 2022 00:26:00 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6615
Expires: Sun, 04 Dec 2022 02:16:15 GMT
Date: Sun, 04 Dec 2022 00:26:00 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg | 34.120.237.76 | 200 OK | 4.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc01fe1cccdb3b672bbade6d98217ffe9 a9a529dc9894827f6243a1bf57f81caa4fe88fc2 c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 9719
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg | 34.120.237.76 | 200 OK | 7.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc1a6f4805f59db44f9d3520d88701a58 6a0258e8c97ce09f1723382c8a16d9682b7dc50c ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:16:04 GMT
age: 61796
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png | 34.120.237.76 | 200 OK | 16 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash14dcca2a9c4792d835ee709bcd947402 1d702df3a64258628f4124eafd580695f2d350af da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:26:43 GMT
age: 61157
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ef13a87-7179-4643-9f9e-199878f42764.png | 34.120.237.76 | 200 OK | 6.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ef13a87-7179-4643-9f9e-199878f42764.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash69411fa7c0f94e7179c2cf84b716e427 188edc080e8a683c3fdc2968ee1e6aae114d75d2 713514c9afaa1953e3387aa1d1b6203fe6387e007f9fb5347558b77dd72425e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ef13a87-7179-4643-9f9e-199878f42764.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: 1c11b153-5494-4656-ad96-33bc541f93f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgaEAGmooAMFwlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a3b3-1984a9194065807d36f29532;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:05:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xNjdYH9Rb0Sunnv8GTfNikc6WvQogmZP0qUM8BmhGe4h8ETPaZDH9w==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:16:04 GMT
age: 61796
etag: "188edc080e8a683c3fdc2968ee1e6aae114d75d2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/chat2.css | 104.16.243.78 | 200 OK | 7.5 kB |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/chat2.css IP104.16.243.78:0
File typeassembler source, ASCII text Hasha5a0f044dbc25bca137ce6ee8565c93d ab16f5b5afe6349b59009a7e27bad1a4f0a222d0 de34cc5f7834658da7f1126c1d0fa344175752a1372fa320dfc619c00a3ad758
GET /chat2.css HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 02 Dec 2022 16:41:29 GMT
x-rgw-object-type: Normal
etag: W/"b134372f192646ab45be2595d2953eb6"
x-amz-request-id: tx000000000000006d05f25-00638bb03a-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7740686a0c350b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg | 34.120.237.76 | 200 OK | 8.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashdb1701b7b9d161a0c935bb6e10b17893 22a8c4bd58c729c1abcf794466e8f3231dfb034b b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6UQ_BhPmpVpe9w6gsExB-EpNq_syeCCK6fr4Y1FFK1jDJh_n1Sd0Eg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:47 GMT
age: 9193
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/ | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/ IP104.16.243.78:0
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET / HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:57 GMT
content-type: text/html; charset=utf-8
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000000000000006d05f17-00638bb038-21434b5a-sfo3a
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77406867daef0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css | 104.18.11.207 | 200 OK | 0 B |
URL HTTP/2maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css IP104.18.11.207:0
GET /bootstrap/3.4.1/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 2021-03-10 20:26:25
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 61d285a2b452357d1d833ab142fef512
cdn-cache: HIT
cf-cache-status: HIT
age: 19424335
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7740686a5d13fac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/main.css | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/main.css IP104.16.243.78:0
GET /main.css HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
etag: W/"42c4e2e8dd76ead8423337d13847c835"
x-amz-request-id: tx000000000000006d07c43-00638bb03a-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7740686a0c2d0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/light.js | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/light.js IP104.16.243.78:0
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /light.js HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
etag: W/"1254046725b03e59683adbe0fde59733"
x-amz-request-id: tx000000000000006d05f33-00638bb03b-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7740686a2c580b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/before.js | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/before.js IP104.16.243.78:0
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /before.js HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 02 Dec 2022 16:41:26 GMT
x-rgw-object-type: Normal
etag: W/"8ebbb38cf682d5f27d96161903328daf"
x-amz-request-id: tx000000000000006d07c50-00638bb03b-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7740686a2c560b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/a0lerFR0tm0s.mp3 | 104.16.243.78 | 206 Partial Content | 0 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/a0lerFR0tm0s.mp3 IP104.16.243.78:0
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /a0lerFR0tm0s.mp3 HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: audio/mpeg
content-length: 200832
last-modified: Fri, 02 Dec 2022 16:41:24 GMT
x-rgw-object-type: Normal
etag: "0116152611dd51432e852781f8cc7e82"
x-amz-request-id: tx000000000000006d05f5d-00638bb03f-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
content-range: bytes 0-200831/200832
server: cloudflare
cf-ray: 7740686d2e000b65-OSL
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/main.js | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/main.js IP104.16.243.78:0
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /main.js HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 02 Dec 2022 16:41:30 GMT
x-rgw-object-type: Normal
etag: W/"bc513794f40d3ffba3362b531e651e1a"
x-amz-request-id: tx000000000000006d05f31-00638bb03b-21434b5a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7740686a2c570b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css | 104.18.11.207 | 200 OK | 0 B |
URL HTTP/2maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css IP104.18.11.207:0
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 15557806
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7740686a9d25fac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ml7l-j95jg.ondigitalocean.app/arrow.svg | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2ml7l-j95jg.ondigitalocean.app/arrow.svg IP104.16.243.78:0
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /arrow.svg HTTP/1.1
Host: ml7l-j95jg.ondigitalocean.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ml7l-j95jg.ondigitalocean.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 00:25:58 GMT
content-type: image/svg+xml
last-modified: Fri, 02 Dec 2022 16:41:24 GMT
x-rgw-object-type: Normal
etag: W/"4a2289f2e154a09f7a8f168c13c251bf"
x-amz-request-id: tx000000000000006d07c56-00638bb03c-2143371e-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 5685b9f4-ee89-4660-af04-c736e0b3203b
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7740686a1c3d0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
104.16.243.78