Report - backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232

Report Overview

Visited public
2023-12-06 15:17:17
Tags
fake_software scam
URL
backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Finishing URL
backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
IP / ASN
104.18.13.192
#13335 CLOUDFLARENET
Title
Pare-feu Windows Code0x268d3
Scam - Fake AntiVirus / Security software

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
backupbel.sfo3.cdn.digitaloceanspaces.com	unknown	unknown	No data	No data	14 kB	960 kB	104.18.13.192

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (20)

	URL	From	Size	First Seen	Last Seen
	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	941 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 051c2e46c8789bdbf7a7bb9f5307c92f 357f68b3b69c19e3c87080dd74d46b3a92dc650c eb01af586eb277c9ad467be2df92ee63a25dca2041b58135c4add9e1d9834436 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	681 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 5c7beddf248f44d7688eaee5fedfedab ffe839cd63c7f37c1149e95cfe507349b1931a71 910652fbe14020b40f399f0422298f5c583bb0e9a5cfd1c005c8fdb7196e6e04 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	840 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash c01bda53a6634956981a0eb04a7b7961 41c87139abaf62f3a6d6aa82463a76a791bde6c7 765937ece1fdf4afd6ae6904201abf389191b80945c983437d1fec0c52228ae9 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	1.0 kB	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 15f8aecce54619be2410d40c0258ffdd beef366c769691b582b2cd53b6b3dde38757113f f03d47162c02b3ef1bac4bf0aa14f8ff65caa52754d66ccf6cfbe4b3fcde35e5 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	637 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash e02ba76c6e59d3ceb8b3318ab0e8e922 57b31dfa0ead7c0b1563cddc61cb0b2221cbb9c0 920e03c8011d25311b813718bc9de92d829d16df822673691d9cd3728a8d4a9a Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/fullscreen.js	ScriptElement	237 B	2023-03-07	2024-09-19
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/fullscreen.js IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2024-09-19 22:04 Times Seen128 Hash 424165d04aaac003395f964590e6cb2d 3d041931a170de8ee9981122e0ae44ed05bfc29b f04b0a0a20f05bde21b16ad9e0ea1cef1ba49eaba5bf7eed03f3a8dd115240c8 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/before.js	ScriptElement	360 B	2023-03-07	2024-09-19
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/before.js IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2024-09-19 22:04 Times Seen137 Hash 8ebbb38cf682d5f27d96161903328daf 8e29ad053a028798c1dcd0cf14383d037163591a 84dc46d971b2c1c746b96ef8e1d5a16b744f54e9a4a81a2324e3a5be2eb4788b Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/main.js	ScriptElement	1.3 kB	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/main.js IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 1fe3e24bcd8f55011c04c57b3f1cf991 8e8fa7b79c1e9d0936028fecfb9c1f29962467ac 5d6d25a5defd38c4dee8fc21a2fa8bf927a74d90f7d1a6dea07c1380c9479b49 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	410 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 659257d3ca950cea36eb1681110f2df1 61930fd478a860a2b2a793f39dc8510085b5a515 934a39390959915e1051db94de10ad67d76c8f53019467dab7285633a69495e6 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	2.1 kB	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash defaf0508f4a3a85e83b8c6a7642e75c c379e408c7bbaeaaf43a4f8f498e524f0c47a48e cce8c4d933edea0a2634af3d8b8d0cf56f536b3c7427f59530b9e0f12b868360 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	946 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 99d13d0673bcb2db297cd263660ee3f2 22402450ed23886917714dfc7e78de92b820c6fa f1a3e4d8072987458254526b0fa0be9acf8a671dca0bccde78b4072d1804e386 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	955 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash ce4aac53408b08a8566b7d4742075c39 907d98e8f64c03f7d16b28ee572e7e7eaea6ac3e d8858f7f7ad1abb1319600581824d12ad02f3c8838fb3f53fe9d98f45320712f Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	900 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 6793d16ad2daae3f43f33e86dc8a0c12 b88bb92210cfb8ef265920dbf2d055dc53d15314 01d6963201db85db243c53b0d76ac4ac16f042a5ff28e751382de7a222fbe8f2 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/ajax/libs/jquery/2.1.3/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-11
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/ajax/libs/jquery/2.1.3/jquery.min.js IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-11 10:23 Times Seen6775 Hash 7f9fb969ce353c5d77707836391eb28d 62c4042e9ebc691a5372d653b424512a561d1670 2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	1.0 kB	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 22b99b25b459bcacbab1ca85ad750eb1 8f1d3793d96fbb8f2d837dd62a8202c8c764b6d8 87552e020376686fca23926b7ccab117d2fd9004ae1bf90d21896d75b0ab0dc6 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	949 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 9c38339d53dd6329f149e8a5ba08faea 6fa42fe84da562900016d8a20d27350b46204aca 65c222eaab06bc5eb8f6baae84bde70e65e693016c1a082c8bc418825dc59310 Loading...

	unknown	EventHandler	19 B	2023-04-10	2025-05-10
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 16:23 Last Seen2025-05-10 22:27 Times Seen7895 Hash 57381d43f260aa3b8c47820ca38655a3 8d087b53d91f8e3ff0def7d1d94a6dada72fac79 35b90e4b54b87ed6cd2b439eac195f9eb59e731e17248c95fb1e26e15d61f943 Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/ajax/libs/modernizr/2.8.3/modernizr.min.js	ScriptElement	11 kB	2023-03-07	2025-05-11
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/ajax/libs/modernizr/2.8.3/modernizr.min.js IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 09:48 Times Seen2472 Hash 65f1d21d5fcc9d21da758adababd0c3c e0661d07d64c00008bc9d013d16eec0a0f156dc7 d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/npm/bootstrap-4.6.0/dist/js/bootstrap.bundle.min.js	ScriptElement	84 kB	2023-03-07	2025-05-10
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/npm/bootstrap-4.6.0/dist/js/bootstrap.bundle.min.js IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 22:49 Times Seen2436 Hash f81d0a1705048649befc8b595e455a94 aec551e4d573463088fca7d14fb644eb389f1839 b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b Loading...

	backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232	ScriptElement	790 B	2023-12-06	2024-08-20
Pretty URL backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 IP 104.18.13.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 16:17 Last Seen2024-08-20 16:34 Times Seen2 Hash 124c5eaa9037d5df6334b3416746aa10 45d8f46e415c7b5453595a480aa526cb3cc751fe 9cbc3cef67c28c7ba0dfd1779af4ee3aa35ae9340b8e7fca5d32a4e2c71e2cf5 Loading...

HTTP Transactions (24)

URL IP Response Size

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/que.png

104.18.13.192

200 OK

349 B

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/que.png
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Size
349 B (349 bytes)
Hash
7454c652e0733d92de6c920c2d646ae0
34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/que.png HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/png
content-length: 349
last-modified: Tue, 31 Oct 2023 13:10:00 GMT
x-rgw-object-type: Normal
etag: "7454c652e0733d92de6c920c2d646ae0"
x-amz-request-id: tx00000a22371a68169c121-00657022c0-3c6f4933-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=EVg0OHFMF9zy62k4Ux3E0HvYDmf.Oi6UtNihBRkXCrw-1701875816-0-AauG5BnwJj+ZwOalplp6cLzhYyPUJS4YGdjK9XWiCmSmIG9mzqte/tmtO0fgsdlm/mcLOR34yJj5b43TtNMOnSU=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e3da656c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/background.png

104.18.13.192

200 OK

229 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/background.png
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
PNG image data, 1920 x 1126, 8-bit colormap, non-interlaced\012- data
Size
229 kB (228699 bytes)
Hash
a2d12c57680a1afe4db571924393de06
ab5366977ef499046980c840df9851059e4ce5c0
0d3d36645ffc457b43e604a6e0e0dfde2b9d7eef5cbe9e179b2d30a05483ae2b

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/background.png HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/png
content-length: 228699
last-modified: Tue, 31 Oct 2023 13:09:59 GMT
x-rgw-object-type: Normal
etag: "a2d12c57680a1afe4db571924393de06"
x-amz-request-id: tx0000027b023c49b38904e-00657022bf-3c6f4933-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=nL68JQIAshwzicvnqIOFOluCu_vBAyoaI5AtfQml0Es-1701875816-0-Adly4MpAInGpW7Rz2AGy4RyQdFdzhloQa7ZoMe85wHJncPvY9dw+4t8MY50K/1cuOPbEDSIXNVDtO61fUfKFTD4=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e2d9656c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/minimize.jpg

104.18.13.192

200 OK

2.2 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/minimize.jpg
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3\012- data
Size
2.2 kB (2247 bytes)
Hash
1ba392dce74f8987dca48bf65d817c8f
db0b8444c46125105b52f272bd422a7f52da1f72
a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/minimize.jpg HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/jpeg
content-length: 2247
cache-control: max-age=600
cf-bgj: h2pri
etag: "1ba392dce74f8987dca48bf65d817c8f"
last-modified: Tue, 31 Oct 2023 13:10:00 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: tx000003759a9d661d49793-00656a390e-3c6f493d-sfo3a
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
x-envoy-upstream-healthchecked-cluster: 
x-rgw-object-type: Normal
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=dgL7GGEJmxVW8f8m0tSC6hOKECiH7MJyzKK_rIYJwy8-1701875816-0-ATBbULy4Y14IcWMP6xa3n4Jt3sjqUfNrIRiHe724HRfohBSWL3f7yFNflOd0I8mYOqGMzSVSaUoCERapNrYsB3w=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e2d9856c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/setting.png

104.18.13.192

200 OK

364 B

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/setting.png
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size
364 B (364 bytes)
Hash
e144c3378090087c8ce129a30cb6cb4e
59da5466551de941d0215e45c54aa2ceaf436be1
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/setting.png HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/png
content-length: 364
last-modified: Tue, 31 Oct 2023 13:10:00 GMT
x-rgw-object-type: Normal
etag: "e144c3378090087c8ce129a30cb6cb4e"
x-amz-request-id: tx000001f5bf3ef1e68738c-00656d811b-3c6eab05-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=czvwokcquaFPmSKP5.gChucFY3Vo3cxvIgiuHyZxi4I-1701875816-0-AYBzQsFdOgAQSDxM/50HTrwOGdJJVwAfS0ImcVTAE4Ow93aWyQ0GNAamXynRl8p3sNTv5Wvpc4cSET/SIQrzJFs=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e3da356c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/bell.png

104.18.13.192

200 OK

1.1 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/bell.png
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1108 bytes)
Hash
a3555871399f1f67bfacaf437974b03a
b6337de87cd7a75a73cd804774651d14c83fe76a
2e48fef820929c21295e13444901f60e3aed61ba6f8c773ff1466e6843e76b49

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/bell.png HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/png
content-length: 1108
last-modified: Tue, 31 Oct 2023 13:09:59 GMT
x-rgw-object-type: Normal
etag: "a3555871399f1f67bfacaf437974b03a"
x-amz-request-id: tx00000452b9eeb50ef7e79-00656d811b-3c6f48ac-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=ojObqgh3PJHdZ9R28Gcgf_hc3QZnZwaP9cGSLXVTDn4-1701875816-0-AY7s1iUStMDylj2sV/MrwsC5R3hfnQyzBpuJfBincOaAu2aqMr+5OOSuB/61vsJu8Vue2TZD1Ytx8DqV6LZ2EMs=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e4db556c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/vircan.png

104.18.13.192

200 OK

26 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/vircan.png
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
26 kB (25871 bytes)
Hash
2c497dfff84bd8c5af9254c9d6278ce1
667e72e7ba6f00a54629e28133317022d4b59af6
b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/vircan.png HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/png
content-length: 25871
last-modified: Tue, 31 Oct 2023 13:10:00 GMT
x-rgw-object-type: Normal
etag: "2c497dfff84bd8c5af9254c9d6278ce1"
x-amz-request-id: tx000000d73769779101dbd-00656d811b-3c6f487a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=c0AmYKpmY_sFeERG11MNQqweZrIMCSAOpBv3EeNkQYY-1701875816-0-AS1Herk0D6gIuTR4QpDjB0kyaAGg+B4mYCP9qRTS3YhScg9i1SAk9QCI+9YgskRzq1kfRVhADRrKc0FuCxWNJ9Q=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e3da856c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/def.png

104.18.13.192

200 OK

3.8 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/def.png
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
3.8 kB (3834 bytes)
Hash
77a2ffc5545f87551d74781201de9b3b
c9c3798afd2ae95aa3bba3c428335d49c8255b06
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/def.png HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/png
content-length: 3834
last-modified: Tue, 31 Oct 2023 13:09:59 GMT
x-rgw-object-type: Normal
etag: "77a2ffc5545f87551d74781201de9b3b"
x-amz-request-id: tx0000097fbe7145612b0dd-00656d811b-3c6f48c0-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=AuzOB48roifMymHPAi7ZhEaeDosmuK3x4kFNzZw9S2k-1701875816-0-AYZJIuQdRgK/75QhLcSJ4b104sP9sdte4IZuw4g/HPDTVxW8anvDC/MbOEALZD3eL70FpgJ3NOG9WCBBfPCBKjQ=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e4dc756c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/cross.png

104.18.13.192

200 OK

44 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/cross.png
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size
44 kB (44098 bytes)
Hash
4487a588bf2a07e3d1936d705c5ceefd
db193b3e2ab9fbee6eae99ced2366b1ef5f16971
3821ef20f5904fdb993e34d87ff8fb9c5786a382efb0eeee8b4f00c91428b701

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/cross.png HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/png
content-length: 44098
last-modified: Tue, 31 Oct 2023 13:09:59 GMT
x-rgw-object-type: Normal
etag: "4487a588bf2a07e3d1936d705c5ceefd"
x-amz-request-id: tx00000cbde13f4926b43c7-00656a390f-3c6f487a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=vsBRH7h9CmdNe0IBmbl4C16bZMICZ27etFocmTId_FY-1701875816-0-AXQmnAtsNGXqrZRwQE0WJGfhaCo3jiZ7p8NPnoUCCitPEBS75hVfEaoT4pM/66v5li33UKr18IXT2tExNb1MNwk=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e5dcb56c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/pc.png

104.18.13.192

200 OK

4.9 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/pc.png
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data
Size
4.9 kB (4949 bytes)
Hash
cc5132b56ba46b03dd998aa1fe220106
403e007a0b17d76a9945fa5ec46a9d01733b3040
598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/pc.png HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/png
content-length: 4949
last-modified: Tue, 31 Oct 2023 13:10:00 GMT
x-rgw-object-type: Normal
etag: "cc5132b56ba46b03dd998aa1fe220106"
x-amz-request-id: tx0000082b81e3c80b4049d-00657022c0-3c6eab05-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=nAgZzkN6y3M26wiiBjswfFwWd5I4pS3LrLxCms4aqFw-1701875816-0-Acy1mavCLueuvyUqjIMckfyBtBqqggvbw4HxCo4apg3H7Fj4ypqUj60O6Sw62VjsqW1myhc/ujnyAZ4Tvu1Pt7k=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e4dbe56c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/virimages.jpg

104.18.13.192

200 OK

8.2 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/virimages.jpg
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 254x71, components 3\012- data
Size
8.2 kB (8196 bytes)
Hash
5fc559a242f0ea0a023f10830887d2af
9d744c2f3a6bf5b715496350c8de7124cdd7ddc8
3b531d403dc8ce7cbb0efb1a0c307cfb2bbaaf21feaff9f3546f13bebda71887

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/virimages.jpg HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: image/jpeg
content-length: 8196
cache-control: max-age=600
cf-bgj: h2pri
etag: "5fc559a242f0ea0a023f10830887d2af"
last-modified: Tue, 31 Oct 2023 13:10:00 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: tx00000dccde094ad729d0c-00656d811b-3c6f4933-sfo3a
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
x-envoy-upstream-healthchecked-cluster: 
x-rgw-object-type: Normal
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=TSZ4JypUZgEO1x_GGp_KE8kgC7hKkjpSnuTEqq5Xf64-1701875816-0-AQNnXdJHskOzOK23jGHkxE4KpCOT7YWRr/FoIckp7ZnqxDEAl6rZ7ec3/QE++c5TElSRn32AT8G04h0mx9exl4w=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e5dcd56c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/mi.png

104.18.13.192

200 OK

700 B

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/mi.png
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
PNG image data, 47 x 46, 8-bit colormap, non-interlaced\012- data
Size
700 B (700 bytes)
Hash
0ff56a6a86d5e52a8befd4c71d1842df
9a5cd44dd2f43a37ce3af14e167bcba480e97ff4
81e528ea37468236da238a66c1539207d5eca2db4dbeb429bb0e67b80f04a9bb

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/mi.png HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:57 GMT
content-type: image/png
content-length: 700
last-modified: Tue, 31 Oct 2023 13:10:00 GMT
x-rgw-object-type: Normal
etag: "0ff56a6a86d5e52a8befd4c71d1842df"
x-amz-request-id: tx0000079b3b9cda609e4a0-00656d811b-3c6f48c0-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=oH4LYBUHaQqG3LSAAO1ClTzmrEHNAKGBenaBtRFwQsQ-1701875817-0-AV3/64+cOXnSjbty0Bp5j/+gq3VpH1vMRGTFdIAQfhuiRaeA2RxH2+tIxzdn+Ww79Ntcgd7LouiPLoAy66g3p7E=; path=/; expires=Wed, 06-Dec-23 15:46:57 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e3da156c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/am2.mp3

104.18.13.192

206 Partial Content

205 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/am2.mp3
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
205 kB (204793 bytes)
Hash
fb975311be621bc94acc1cc6ce7d588a
2ccb9f0d2f1bac3047fc58079fc56ada2b670523
031a0f68ed8f3af5072ff17cdfc3372bc7fec520a9561b7e9e7fd32d1f44a343

HTTP Headers

GET /last/am2.mp3 HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
date: Wed, 06 Dec 2023 15:16:57 GMT
content-type: audio/mpeg
content-length: 204793
last-modified: Tue, 31 Oct 2023 13:09:55 GMT
x-rgw-object-type: Normal
etag: "fb975311be621bc94acc1cc6ce7d588a"
x-amz-request-id: tx00000fb1354cb77fe78ff-00656c54d5-3c6f487a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
content-range: bytes 0-204792/204793
set-cookie: __cf_bm=ehvlEEeVLo6Ux8N1ClXAc4vRD7KdhQTBKZ_7oqxxeuw-1701875817-0-AZn8XLdXPZQ42OWHKad/RvMMdo38ZF3xgntlylPGbTXglQAzZ8OV9XXAKG/ZYvWqTR8M21Nt3PB3ZuPlj1SBAA8=; path=/; expires=Wed, 06-Dec-23 15:46:57 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e31da8256c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/npm/bootstrap-4.6.0/dist/css/bootstrap.min.css

104.18.13.192

200 OK

91 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/npm/bootstrap-4.6.0/dist/css/bootstrap.min.css
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
91 kB (90682 bytes)
Hash
06226595a8b2cbfd6ad302d6009d8bb9
98f3e5715d558b495b6a31ade0ea7a7dc9707bd6
dbd08a78bf600433e0cdcfde0cbb86912087790aa6eb0a3cb5f45a7a629efe75

HTTP Headers

GET /last/npm/bootstrap-4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/css
last-modified: Tue, 31 Oct 2023 13:09:57 GMT
x-rgw-object-type: Normal
etag: W/"d432e4222814b62dd30c9513dcc29440"
x-amz-request-id: tx000006b3a7461e875808f-00656d811a-3c6f48ac-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=eYPfjQk_CD9ks_MpYs5GH0jwHuGzqWvUal0IClwYZ7Q-1701875816-0-AYGBMSJ892aGfhzt0kqWejroR2WadC7mFfuqiZ34d3qQ/FMmeCABpTRPGs77Qyaw560eE1mVLWKG7lSZ0QMSQzY=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e1d8556c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/favicon.ico

104.18.13.192

403 Forbidden

244 B

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/favicon.ico
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
XML document, ASCII text, with no line terminators
Size
244 B (244 bytes)
Hash
a560f385a9ecdab471adc65abea86767
0b0e600978bdbee0d86ff010d5c442bf823ce31f
de91c2be154ff2c5be1a77148c1c5d6f53cca0c86dd7ba30f1d70dd25c6103d5

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Wed, 06 Dec 2023 15:16:57 GMT
content-type: application/xml
x-amz-request-id: tx00000290c831d44b66ac8-0065709069-3c6eab05-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: MISS
set-cookie: __cf_bm=RWj2sAqNdpS1eJPfs.RYzSb9ntHAXjNz2qwSg2XbvhA-1701875817-0-ASqfNMyaWb7La/jlflnjQQIkPMbk56kcdE2XjLIOR42KKjrVZsuFbti3OIsbnZifoST1bHv6d/8n1yns5+xc5QY=; path=/; expires=Wed, 06-Dec-23 15:46:57 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e333cf656c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/ajax/libs/jquery/2.1.3/jquery.min.js

104.18.13.192

200 OK

84 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/ajax/libs/jquery/2.1.3/jquery.min.js
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32180)
Size
84 kB (84355 bytes)
Hash
7f9fb969ce353c5d77707836391eb28d
62c4042e9ebc691a5372d653b424512a561d1670
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/javascript
last-modified: Tue, 31 Oct 2023 13:09:54 GMT
x-rgw-object-type: Normal
etag: W/"7f9fb969ce353c5d77707836391eb28d"
x-amz-request-id: tx00000071808f8d98a0a41-00657022bf-3c6f48c0-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=CIeXG_YfRCjvL8x.jzrOWCgGlk2Oa0ht6v4aGW2MwLs-1701875816-0-ATrui3WzPY2a7z2VUuB51wCrPbHQsf422yM4DcoQ7h4waGUnqm3sEfKwZmM9Dsr176U+9YvAvX/jg/bWnP32bKg=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e1d8656c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/before.js

104.18.13.192

200 OK

360 B

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/before.js
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (368), with no line terminators
Size
360 B (360 bytes)
Hash
9c2b57a68a0766a03ba119ce1b472af9
b9b42ea2c4bb071d7bf893df1b82f0fdc1c8fbca
418e20285e134744f60a5342f16d4e8a7162a738bd25d76f894877f416cef0a8

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/before.js HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/javascript
last-modified: Tue, 31 Oct 2023 13:09:58 GMT
x-rgw-object-type: Normal
etag: W/"8ebbb38cf682d5f27d96161903328daf"
x-amz-request-id: tx0000019313d86fab83983-00656d811b-3c6f487a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=JUp6b.ViPTVau60W.8.1bcxwzOchaKBsOPAKuo19QLs-1701875816-0-AWgL01m0KuQe6rPiMFIx7aolEw22YncDtaHBjVSIKY06HbVZycKwa8tCYnGdPjB54NwEtVxI+wxjAsNSYGyejpo=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e6de456c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/font-awesome/4.5.0/css/font-awesome.min.css

104.18.13.192

200 OK

27 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/font-awesome/4.5.0/css/font-awesome.min.css
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (27279)
Size
27 kB (27441 bytes)
Hash
7e68c831dd8075fcba7a194bd8a734c2
c144be6bf69da1dec6857496a77e6fc46e7227ae
1e910d102261eefd0386ff165ad577e6c9d4ca6e606e49138c276601bbc7332d

HTTP Headers

GET /last/font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/css
last-modified: Tue, 31 Oct 2023 13:09:53 GMT
x-rgw-object-type: Normal
etag: W/"7e68c831dd8075fcba7a194bd8a734c2"
x-amz-request-id: tx00000547b910fa6f43a3b-00656d811a-3c6eab05-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=WwHeM6ZIHGXFCNsWFRLYdc0DF1bToNDGupcpvA29FVA-1701875816-0-AVX4GAQT5m11UK+0g0z2A6vuyYoxV6GxW2A2TES0uRXoJUxAgnZkMu3SwKGV/cPFBZbA+Gjv1DsfklknwAA9wd8=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e1d8a56c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/npm/bootstrap-4.6.0/dist/js/bootstrap.bundle.min.js

104.18.13.192

200 OK

84 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/npm/bootstrap-4.6.0/dist/js/bootstrap.bundle.min.js
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65299)
Size
84 kB (84378 bytes)
Hash
f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/npm/bootstrap-4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/javascript
last-modified: Tue, 31 Oct 2023 13:09:57 GMT
x-rgw-object-type: Normal
etag: W/"f81d0a1705048649befc8b595e455a94"
x-amz-request-id: tx00000f323a34904df59a2-00656d811b-3c6f48c0-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=w7PBLfDzGN6VBDqYJ52DlcuRANqG.u6MQ3FLMh7jE7o-1701875816-0-AdqRhtovg04rX20VwA0NbGPAy+pPdfxIMepkKZhg++ZJbmHJ9o3s87/GxNR+MT0je5fRbaMvpz6pfXGiTGlsXjc=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e6ddb56c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232

104.18.13.192

200 OK

38 kB

URL User Request GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type

Size
38 kB (38456 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232 HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/html
last-modified: Wed, 06 Dec 2023 07:28:32 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx0000094559a8c2ed6f5cf-0065708baa-3c6f487a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=US30QYTa8v2IInhkK7bMWShBXbcsMd6duqvjfeEHLVY-1701875816-0-ATTE10mPc6sQ8OR3rDRjM7cXKLtaZ/ckGseC9YaU67XZ9OnzTOKrgvoTcCIRLjbMocdtqJv/KZBbLiCqTSzmic0=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2aa8a156c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/main.js

104.18.13.192

200 OK

1.3 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/main.js
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1367), with no line terminators
Size
1.3 kB (1287 bytes)
Hash
6cd499204726aa99be5c15bab48a2fd7
8da09f64480c070ab003c945418599c6adb3aab2
7075f7369a8ef3c46e77507cf2f69688a69104023c75d28ba5b836d2fc655795

HTTP Headers

GET /last/protewincer/main.js HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/javascript
last-modified: Tue, 31 Oct 2023 13:09:59 GMT
x-rgw-object-type: Normal
etag: W/"1fe3e24bcd8f55011c04c57b3f1cf991"
x-amz-request-id: tx00000fe18d212a6b04944-00656d811b-3c6f4933-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=VuemJA26AaPrZoqjLJVnKxR_1wQZqfEdtlr7lFIIzU8-1701875816-0-ARKnucMMuMF+Sh5fpAwRbD1A7mo9EJcqgewlXuZjFVE0gaxl5giJMZZu/Mp517ILVfkjoTlTW/6AzNm6PcyVAtc=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e6de756c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/main.css

104.18.13.192

200 OK

7.2 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/main.css
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7191), with no line terminators
Size
7.2 kB (7191 bytes)
Hash
656d809dc37f4f2c2d402929cc0d5b0f
214fcbcdb5e8ae5c2d0d4dc76356a9815660ede2
fabbc6d74d0bddc4c6bfadad813d7ddb7d981b7a62d6181fd8a6c19c89bf891a

HTTP Headers

GET /last/protewincer/main.css HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/css
last-modified: Tue, 31 Oct 2023 13:09:59 GMT
x-rgw-object-type: Normal
etag: W/"656d809dc37f4f2c2d402929cc0d5b0f"
x-amz-request-id: tx00000f91e9c8f2cfa81a6-00656a390e-3c6f487a-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=WUAqs6kpxly6PGv3U7zXqmcpEs4TZ7ZIS1mdMIHge6o-1701875816-0-AU+AXblWau2JO+UNgF4UP9gUqsOykXIPnDbuEkyheTqorG0ASIUuE44r8rLf0yEwU3IjlcIkowtfnGFXK3lKjrY=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e1d8956c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/ajax/libs/modernizr/2.8.3/modernizr.min.js

104.18.13.192

200 OK

11 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/ajax/libs/modernizr/2.8.3/modernizr.min.js
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (11084), with no line terminators
Size
11 kB (11084 bytes)
Hash
65f1d21d5fcc9d21da758adababd0c3c
e0661d07d64c00008bc9d013d16eec0a0f156dc7
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/ajax/libs/modernizr/2.8.3/modernizr.min.js HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/javascript
last-modified: Tue, 31 Oct 2023 13:09:52 GMT
x-rgw-object-type: Normal
etag: W/"65f1d21d5fcc9d21da758adababd0c3c"
x-amz-request-id: tx000003815b13ecff93609-00656d811b-3c6f48ac-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=1j2v8CTIu7ScYvSaqKO9n12VA_IZrunKc8_RWRIPKT4-1701875816-0-AdJkInO8vHrFXcp9LH3o3JlNHaQwa4Ww30P56+lcw4UEqqLD5drUS3e2s0/qU/bb3KPOQJeiBahjru+0g+CrN60=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e5dd456c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/font-awesome/4.5.0/fonts/fontawesome-webfont.woff

104.18.13.192

200 OK

67 kB

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/font-awesome/4.5.0/fonts/fontawesome-webfont.woff
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Size
67 kB (66624 bytes)
Hash
db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/font-awesome/4.5.0/fonts/fontawesome-webfont.woff HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/font-awesome/4.5.0/css/font-awesome.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:59 GMT
content-type: application/font-woff
content-length: 66624
last-modified: Tue, 31 Oct 2023 13:09:56 GMT
x-rgw-object-type: Normal
etag: "db812d8a70a4e88e888744c1c9a27e89"
x-amz-request-id: tx00000fc81d8986f627ab9-00656d8565-3c6f4933-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: REVALIDATED
accept-ranges: bytes
set-cookie: __cf_bm=RjUsYQcXrSFHLSNhEUMsSla0ANQ6tZfmNcbvN6JKRJY-1701875819-0-AUVJnt2mVuAFySA3/p4ZnWrgFrdduWqNoTuIi0Sgzwj/JGID+oRcKlgRaZGIqj3apKRLwEoRTSzEO8iWZ3+din8=; path=/; expires=Wed, 06-Dec-23 15:46:59 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e3fafab56c6-OSL
X-Firefox-Spdy: h2

backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/fullscreen.js

104.18.13.192

200 OK

237 B

URL GET HTTP/2
backupbel.sfo3.cdn.digitaloceanspaces.com/last/protewincer/fullscreen.js
IP
104.18.13.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Certificate
IssuerDigiCert Inc
Subject*.sfo3.cdn.digitaloceanspaces.com
FingerprintE8:90:2E:A3:00:15:79:5A:22:0B:4A:8A:13:57:E6:3B:08:61:F6:EE
ValidityFri, 09 Dec 2022 00:00:00 GMT - Tue, 02 Jan 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
237 B (237 bytes)
Hash
3097a7d20659d4edb64c98614df599f7
71b24f5bfb2c9ef9a57e6eaa6368732d766b1e84
425e589c851d2ae43e521a77a351ce690dd1dc255e6f1577372a6ccc699c35a2

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /last/protewincer/fullscreen.js HTTP/1.1
Host: backupbel.sfo3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://backupbel.sfo3.cdn.digitaloceanspaces.com/last/index.html?msclkid=aeb0c2f8460c1adb28bca788cdace232
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:16:56 GMT
content-type: text/javascript
last-modified: Tue, 31 Oct 2023 13:09:59 GMT
x-rgw-object-type: Normal
etag: W/"424165d04aaac003395f964590e6cb2d"
x-amz-request-id: tx00000bd19e9806bfd0fcd-00657022c0-3c6eab05-sfo3a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: c63d5322-9f22-4152-b865-9d5924d9629d
cache-control: max-age=600
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: HIT
set-cookie: __cf_bm=tUBfXgey0kB0X_n_7UHCIG6znx.F_BAfaK0WzZaksWw-1701875816-0-AfcM8P9XnkeYiKNNZtzTPU9PdqVSdDM2ZQhm+6svJrUjK4KHu66kPFqjQLgcX28OBCoL2uxU1toZg+YfufdKQrQ=; path=/; expires=Wed, 06-Dec-23 15:46:56 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 83157e2e6de156c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by