staging.camersoftware.com/
82.165.104.147 162 B URL staging.camersoftware.com/
IP 82.165.104.147:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET / HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 14 Apr 2023 17:15:06 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://staging.camersoftware.com/
staging.camersoftware.com/
82.165.104.147 2.0 kB URL staging.camersoftware.com/
IP 82.165.104.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash b348645b636a89546a14db8ae3f4808b
1d0790b8154aac78e996e59772762efe0e3e1576
09bfe03a6798322900f6fe4f1f50d7280879afa953eaa1242667362d3a63e36c
GET / HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 503 Service Unavailable
server: nginx
date: Fri, 14 Apr 2023 17:15:07 GMT
content-type: text/html; charset=utf-8
content-length: 1950
x-powered-by: PHP/8.0.28
retry-after: 600
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/maintenance/assets/images/twitter.svg
82.165.104.147 952 B URL staging.camersoftware.com/wp-content/maintenance/assets/images/twitter.svg
IP 82.165.104.147:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (952), with no line terminators
Hash dd4f8165e570755b63fbdecbe8517310
63b8013008224f21328750709814a66bdd639c46
c4776245ed99e108e72b1ed13278bc87a90bbb9382cc28a581b08b3e1f580280
GET /wp-content/maintenance/assets/images/twitter.svg HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:07 GMT
content-type: image/svg+xml
content-length: 952
x-accel-version: 0.01
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: "3b8-5f31e9b10eb2b"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/maintenance/assets/images/facebook.svg
82.165.104.147 424 B URL staging.camersoftware.com/wp-content/maintenance/assets/images/facebook.svg
IP 82.165.104.147:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (424), with no line terminators
Hash dc3714e15ee2485e02683e0bf0793907
138013642372d3647a473b9dc6b6742262264646
fd7d36f12699b359c97d46c3215c20acd013d32c46577d25a7e8370ac9d09137
GET /wp-content/maintenance/assets/images/facebook.svg HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:07 GMT
content-type: image/svg+xml
content-length: 424
x-accel-version: 0.01
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: "1a8-5f31e9b10eb2b"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/maintenance/assets/images/plesk-logo.png
82.165.104.147 3.9 kB URL staging.camersoftware.com/wp-content/maintenance/assets/images/plesk-logo.png
IP 82.165.104.147:0
File type PNG image data, 133 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash d797b691c4cae7787433d824b966e3c5
307084c1d2da5aa21f0c0873aacf09f684304e86
89cfb5e2bc5d24ca9c3bf9b279aca5b0c225b785efaaee16af6e483b76dab73f
GET /wp-content/maintenance/assets/images/plesk-logo.png HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:07 GMT
content-type: image/png
content-length: 3894
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: "63d1b4ab-f36"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
new.weatherplllatform.com/pick.js?v=7.77.3
194.135.30.42 689 B URL new.weatherplllatform.com/pick.js?v=7.77.3
IP 194.135.30.42:0
ASN #2856 British Telecommunications PLC
File type ASCII text, with very long lines (1529), with no line terminators
Hash 4155ee2aeda036a7db96986ed8567463
3b9091b7fa1268ee548741e23539984adc44a47f
3db23fb0511f34e3654d3546626ff6659ffa7c312a30fb02efeb9d744cf77ea6
GET /pick.js?v=7.77.3 HTTP/1.1
Host: new.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 689
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/maintenance/assets/styles.css
82.165.104.147 64 kB URL staging.camersoftware.com/wp-content/maintenance/assets/styles.css
IP 82.165.104.147:0
Hash 9240cb685a2c231c722cb4af7d3e8c71
b3040fbc5fd166fab98e38058f45e5dbd384f0ce
51fc7f26b66f71092701a4ac4b39e4c5d49f347288fed5bbeac42ebb2dbc3d13
GET /wp-content/maintenance/assets/styles.css HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:07 GMT
content-type: text/css
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: W/"63d1b4ab-b54"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/maintenance/assets/images/Camer_Software_bg.jpeg
82.165.104.147 187 kB URL staging.camersoftware.com/wp-content/maintenance/assets/images/Camer_Software_bg.jpeg
IP 82.165.104.147:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x854, components 3\012- data
Size 187 kB (186747 bytes)
Hash 82a425afeb306c463cbd8e7befd0ea73
0d0a6531f4f107899f3fe04fdc4cf38ffbc946de
240f7dcbc6942d2bfc6df8b091293380cb11f3948eec5b5a32f3e58237592797
GET /wp-content/maintenance/assets/images/Camer_Software_bg.jpeg HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/wp-content/maintenance/assets/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:07 GMT
content-type: image/jpeg
content-length: 186747
last-modified: Wed, 25 Jan 2023 23:00:59 GMT
etag: "63d1b4ab-2d97b"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
staging.camersoftware.com/wp-content/uploads/2016/09/cropped-Camer-Software-Icon-1-32x32.png
82.165.104.147 1.1 kB URL staging.camersoftware.com/wp-content/uploads/2016/09/cropped-Camer-Software-Icon-1-32x32.png
IP 82.165.104.147:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 2ee1744cff15b973568d9a9cdeb522b0
2dbc8bfc37ab6b803a638c4f2cf9d56fb1280683
35990b0e367d9c9a28b1b30726a5e5a08764a8a9a20d8fe7cc73016a1c571c44
GET /wp-content/uploads/2016/09/cropped-Camer-Software-Icon-1-32x32.png HTTP/1.1
Host: staging.camersoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:08 GMT
content-type: image/png
content-length: 1093
last-modified: Wed, 25 Jan 2023 23:01:32 GMT
etag: "63d1b4cc-445"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
back.firstblackphase.com/mbRB96
162.55.76.206 851 B URL back.firstblackphase.com/mbRB96
IP 162.55.76.206:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (2003), with no line terminators
Hash 2615b36507259920be0c13ac25457013
ea1137c5b0deda5000d40c065cc413120ea8c73b
18e3958c974b7635664dd2ff8b91681eece2b157c7767b9dadc3e32bfe624cc9
Analyzer Verdict Alert fortinet Malware
GET /mbRB96 HTTP/1.1
Host: back.firstblackphase.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 14 Apr 2023 17:15:08 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 851
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=1sisi1ao01ni; expires=Mon, 15 May 2023 17:15:08 GMT; path=/
381c9=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNjgxNDkyNTA4fSxcImNhbXBhaWduc1wiOntcIjFcIjoxNjgxNDkyNTA4fSxcInRpbWVcIjoxNjgxNDkyNTA4fSJ9.j96Hp7HwpPxUBVf0WqVe8_14Mps-G2ymY1UVqI2FtYk; expires=Sun, 26 Jul 2076 18:30:16 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
cdn.statisticline.com/scripts/swaynew.js
85.239.34.190 3.7 kB URL cdn.statisticline.com/scripts/swaynew.js
IP 85.239.34.190:0
File type ASCII text, with very long lines (10907), with no line terminators
Hash 092e4490ad65c1fc71e7d3e0a7720568
6bf45200304e921e48375df7c738f1752969c9ec
c0cc807396d9070176a86d3b1a44ce3d8330db12c4da155c59d8cce6b26e6f50
GET /scripts/swaynew.js HTTP/1.1
Host: cdn.statisticline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:08 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 03 Apr 2023 14:18:45 GMT
vary: Accept-Encoding
etag: W/"642ae045-1391"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
far.statisticline.com/away/back.php?id=64785e55-66-45776433
162.55.76.206 0 B URL far.statisticline.com/away/back.php?id=64785e55-66-45776433
IP 162.55.76.206:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /away/back.php?id=64785e55-66-45776433 HTTP/1.1
Host: far.statisticline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://staging.camersoftware.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 14 Apr 2023 17:15:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://come.sortyellowapples.com/away/go.php?id=6436345-33-5734523&qid=8568&wid=76538&kid=863843534&suid=5618457
Access-Control-Allow-Origin: *
come.sortyellowapples.com/away/go.php?id=6436345-33-5734523&qid=8568&wid=76538&kid=863843534&suid=5618457
162.55.76.206 435 B URL come.sortyellowapples.com/away/go.php?id=6436345-33-5734523&qid=8568&wid=76538&kid=863843534&suid=5618457
IP 162.55.76.206:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash dad6b2853a0be93075946d50a1cc6b4a
9534577b2489df21307dd151ff567c20afc41438
fc388dfec059d657dae318bb0c2c9c80b16384801745e45ea27c149416d19219
GET /away/go.php?id=6436345-33-5734523&qid=8568&wid=76538&kid=863843534&suid=5618457 HTTP/1.1
Host: come.sortyellowapples.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://staging.camersoftware.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 14 Apr 2023 17:15:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
bluelabelsky.com/w78899721.js
134.209.192.77 49 B URL bluelabelsky.com/w78899721.js
IP 134.209.192.77:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash a28ee67c65622a8a4c4b4c9fbeeb1a4b
8874ecbc8120c1858dfef29fef995090a035dbaa
a07f542e621b092d3fbcd5088928ec7fd1941123db4096af8ebf4267f0bf3c00
Analyzer Verdict Alert fortinet Phishing
GET /w78899721.js HTTP/1.1
Host: bluelabelsky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 12 Apr 2023 06:20:18 GMT
etag: "64364da2-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
134.209.192.77200 OK 53 kB URL User Request GET HTTP/2 bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
IP 134.209.192.77:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subject0.bluelabelsky.com
Fingerprint80:84:B8:FD:33:87:A6:E8:76:4D:61:92:61:EF:D4:DA:DA:27:01:DC
ValidityWed, 05 Apr 2023 11:11:13 GMT - Tue, 04 Jul 2023 11:11:12 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334)
Hash 09f50ff58a30934d11678fb12232974d
292c3befa7821c8e8389f1f9f1ae07ea28e1ac40
d9cab9462e57c55f4d632dc6a0687cd37cb1a0ccb9275136a43fac5a333a067c
GET /?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457 HTTP/1.1
Host: bluelabelsky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://come.sortyellowapples.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:10 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67; expires=Sun, 14-May-2023 17:15:10 GMT; Max-Age=2592000; path=/; domain=bluelabelsky.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
0.bluelabelsky.com/w78899721.js
134.209.192.77 49 B URL 0.bluelabelsky.com/w78899721.js
IP 134.209.192.77:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash a28ee67c65622a8a4c4b4c9fbeeb1a4b
8874ecbc8120c1858dfef29fef995090a035dbaa
a07f542e621b092d3fbcd5088928ec7fd1941123db4096af8ebf4267f0bf3c00
Analyzer Verdict Alert fortinet Phishing
GET /w78899721.js HTTP/1.1
Host: 0.bluelabelsky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67; uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 12 Apr 2023 06:20:18 GMT
etag: "64364da2-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
0.bluelabelsky.com/favicon.ico
134.209.192.77204 No Content 0 B URL GET HTTP/2 0.bluelabelsky.com/favicon.ico
IP 134.209.192.77:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://0.bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
Certificate IssuerLet's Encrypt
Subject0.bluelabelsky.com
Fingerprint80:84:B8:FD:33:87:A6:E8:76:4D:61:92:61:EF:D4:DA:DA:27:01:DC
ValidityWed, 05 Apr 2023 11:11:13 GMT - Tue, 04 Jul 2023 11:11:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 0.bluelabelsky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
Cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67; uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 14 Apr 2023 17:15:11 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
0.bluelabelsky.com/favicon.ico
134.209.192.77204 No Content 0 B URL GET HTTP/2 0.bluelabelsky.com/favicon.ico
IP 134.209.192.77:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://0.bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
Certificate IssuerLet's Encrypt
Subject0.bluelabelsky.com
Fingerprint80:84:B8:FD:33:87:A6:E8:76:4D:61:92:61:EF:D4:DA:DA:27:01:DC
ValidityWed, 05 Apr 2023 11:11:13 GMT - Tue, 04 Jul 2023 11:11:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 0.bluelabelsky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.bluelabelsky.com/?auf=mjswmnlghe5diojygyxtqmbrgixtemrpge3dqmjuhezdkmjr&s=1&sub1=&sub2=5618457&sub3=&sub4=&cpc=0&cpm=0
Cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67; uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67; uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 14 Apr 2023 17:15:11 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
0.bluelabelsky.com/?auf=mjswmnlghe5diojygyxtqmbrgixtemrpge3dqmjuhezdkmjr&s=1&sub1=&sub2=5618457&sub3=&sub4=&cpc=0&cpm=0
134.209.192.77200 OK 0 B URL User Request GET HTTP/2 0.bluelabelsky.com/?auf=mjswmnlghe5diojygyxtqmbrgixtemrpge3dqmjuhezdkmjr&s=1&sub1=&sub2=5618457&sub3=&sub4=&cpc=0&cpm=0
IP 134.209.192.77:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subject0.bluelabelsky.com
Fingerprint80:84:B8:FD:33:87:A6:E8:76:4D:61:92:61:EF:D4:DA:DA:27:01:DC
ValidityWed, 05 Apr 2023 11:11:13 GMT - Tue, 04 Jul 2023 11:11:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?auf=mjswmnlghe5diojygyxtqmbrgixtemrpge3dqmjuhezdkmjr&s=1&sub1=&sub2=5618457&sub3=&sub4=&cpc=0&cpm=0 HTTP/1.1
Host: 0.bluelabelsky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
Cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67; uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:11 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67; expires=Sun, 14-May-2023 17:15:11 GMT; Max-Age=2592000; path=/
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
0.bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
134.209.192.77200 OK 18 kB URL User Request GET HTTP/2 0.bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
IP 134.209.192.77:443
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerLet's Encrypt
Subject0.bluelabelsky.com
Fingerprint80:84:B8:FD:33:87:A6:E8:76:4D:61:92:61:EF:D4:DA:DA:27:01:DC
ValidityWed, 05 Apr 2023 11:11:13 GMT - Tue, 04 Jul 2023 11:11:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457 HTTP/1.1
Host: 0.bluelabelsky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bluelabelsky.com/
Cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 17:15:11 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67; expires=Sun, 14-May-2023 17:15:11 GMT; Max-Age=2592000; path=/; domain=0.bluelabelsky.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
bluelabelsky.com/favicon.ico
134.209.192.77204 No Content 0 B URL GET HTTP/2 bluelabelsky.com/favicon.ico
IP 134.209.192.77:443
ASN #14061 DIGITALOCEAN-ASN
Requested by https://bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
Certificate IssuerLet's Encrypt
Subject0.bluelabelsky.com
Fingerprint80:84:B8:FD:33:87:A6:E8:76:4D:61:92:61:EF:D4:DA:DA:27:01:DC
ValidityWed, 05 Apr 2023 11:11:13 GMT - Tue, 04 Jul 2023 11:11:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: bluelabelsky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bluelabelsky.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=5618457
Cookie: uuid=791c2a9b-cf3d-4aa6-bf52-aed6d6e89f67
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Fri, 14 Apr 2023 17:15:10 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2