| | 160.153.133.155 | 200 OK | 1.8 kB |
URL User Request GET HTTP/2IP160.153.133.155:443 ASN#21501 Host Europe GmbH
CertificateIssuerSectigo Limited Subjectblue-aviation.com Fingerprint46:07:CA:1C:09:B2:EF:E0:03:26:54:9E:90:16:E4:A2:A1:58:D3:82 ValidityThu, 04 Jan 2024 00:00:00 GMT - Sun, 02 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (4817), with no line terminators Hash754446fe99b0645df6f9e2925a9d7cac 5ec1a177c071e1d1bd36ed3f4d157bd157c7df1e 1621ab0d0c561d41dff8a2b5603bb7c9f1350ec5e4b243984b4203606a4c0fde
GET / HTTP/1.1
Host: blue-aviation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
content-encoding: br
content-length: 1804
content-type: text/html; charset=UTF-8
date: Thu, 18 Apr 2024 13:28:26 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| bind.bestresulttostart.com/m67LBk | 193.163.7.113 | 200 OK | 5.9 kB |
URL GET HTTP/2bind.bestresulttostart.com/m67LBk IP193.163.7.113:443
Requested byhttps://blue-aviation.com/ CertificateIssuerLet's Encrypt Subjectbestresulttostart.com FingerprintF4:4C:F5:1D:A8:B6:9F:52:11:56:EC:A1:D7:C6:98:DF:2E:96:E0:4C ValidityMon, 08 Apr 2024 08:36:22 GMT - Sun, 07 Jul 2024 08:36:21 GMT
File typeJavaScript source, ASCII text, with very long lines (13785) Hash58d15c8061659ef77d42e8c5d3ff4984 4fefb78331ee102e720c03a36265f3b286df3457 709f60c4e7be64193c1eff6aca024338e157da87200e114e84b061bfed693f98
Analyzer | Verdict | Alert | ThreatFox | malicious | Unknown malware | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /m67LBk HTTP/1.1
Host: bind.bestresulttostart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blue-aviation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:28:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 5919
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000;
X-Firefox-Spdy: h2
|
|
| visit.startfinishthis.com/fGGy8K | 104.21.64.161 | 200 OK | 0 B |
URL GET HTTP/3visit.startfinishthis.com/fGGy8K IP104.21.64.161:443
Requested byhttps://blue-aviation.com/ CertificateIssuerGoogle Trust Services LLC Subjectstartfinishthis.com FingerprintD5:E5:97:E4:E8:D4:53:86:B2:E1:D7:EF:F4:69:83:94:C6:46:E9:8C ValidityMon, 04 Mar 2024 14:59:39 GMT - Sun, 02 Jun 2024 14:59:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /fGGy8K HTTP/1.1
Host: visit.startfinishthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blue-aviation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:28:28 GMT
content-type: application/javascript
content-length: 0
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 18 Apr 2024 13:28:28 GMT
set-cookie: _subid=376l60je08td2; expires=Sun, 19 May 2024 13:28:28 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQ1XCI6MTcxMzQ0NjkwOH0sXCJjYW1wYWlnbnNcIjp7XCIxNVwiOjE3MTM0NDY5MDh9LFwidGltZVwiOjE3MTM0NDY5MDh9In0.mDp7EplIBgMhFk_P-brXuBMu0N-e3ig-JkCQ8nzfXk0; expires=Fri, 05 Aug 2078 14:56:56 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynfMJG%2BHOG5BZybNiKJKgScFc1Hn8jUrv0OFvb0HHm%2BW3aa6Pok0YuktDC0GzI%2Fl7Xm5WVAJJxaWSLjTl%2BGJ%2B4uCnuofhN6Nf6aoCMpuxbZeTqzOr1OXU76c%2BLTOCCNmiGyM6xn3NBH99tY6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764ff872db356c3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| blue-aviation.com/favicon.ico | 160.153.133.155 | 200 OK | 1.8 kB |
URL GET HTTP/2blue-aviation.com/favicon.ico IP160.153.133.155:443 ASN#21501 Host Europe GmbH
Requested byhttps://blue-aviation.com/ CertificateIssuerSectigo Limited Subjectblue-aviation.com Fingerprint46:07:CA:1C:09:B2:EF:E0:03:26:54:9E:90:16:E4:A2:A1:58:D3:82 ValidityThu, 04 Jan 2024 00:00:00 GMT - Sun, 02 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (4817), with no line terminators Hash754446fe99b0645df6f9e2925a9d7cac 5ec1a177c071e1d1bd36ed3f4d157bd157c7df1e 1621ab0d0c561d41dff8a2b5603bb7c9f1350ec5e4b243984b4203606a4c0fde
GET /favicon.ico HTTP/1.1
Host: blue-aviation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blue-aviation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
content-encoding: br
content-length: 1804
content-type: text/html; charset=UTF-8
date: Thu, 18 Apr 2024 13:28:27 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| visit.startfinishthis.com/2L1mRj?q=blue-aviation.com | 104.21.64.161 | 200 OK | 7.8 kB |
URL GET HTTP/2visit.startfinishthis.com/2L1mRj?q=blue-aviation.com IP104.21.64.161:443
Requested byhttps://blue-aviation.com/ CertificateIssuerGoogle Trust Services LLC Subjectstartfinishthis.com FingerprintD5:E5:97:E4:E8:D4:53:86:B2:E1:D7:EF:F4:69:83:94:C6:46:E9:8C ValidityMon, 04 Mar 2024 14:59:39 GMT - Sun, 02 Jun 2024 14:59:38 GMT
File typeJavaScript source, ASCII text, with very long lines (7752), with no line terminators Hash36b37c2b32cb60a5f7689fc7bc992368 75c21b11e9d45c0f100caba87985605f0f68749b e5bd093f5b2293f655d1c324186c2241e2dc972d50c8ad68df56bbaff4d71e12
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /2L1mRj?q=blue-aviation.com HTTP/1.1
Host: visit.startfinishthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blue-aviation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:28:27 GMT
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 18 Apr 2024 13:28:27 GMT
set-cookie: _subid=376l60je08tc3; expires=Sun, 19 May 2024 13:28:27 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQxXCI6MTcxMzQ0NjkwN30sXCJjYW1wYWlnbnNcIjp7XCIxM1wiOjE3MTM0NDY5MDd9LFwidGltZVwiOjE3MTM0NDY5MDd9In0.E7UkWRFvhq2NtYGiO2XVO0rtOzRtqcUUJLATvTvhlZo; expires=Sat, 06 Aug 2078 02:56:54 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vhgiu4obBqh3tY91KD9eyvDhE3Aa2D5Jq6itPWeG9iWgPCHEAQr7CyGJDZ0%2BQ7IPchZWgThQhmeJ5bpJ74vR7JCdiUKqPh%2B6Os8lQ8hvbDB04UQTc7BO9DlKU0oPKI9jEcUikmY2EhrRHJ4D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764ff85fb0c56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|