ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
200 OK 23 kB URL User Request GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (604)
Hash 36c44cb1bb045efb5bfd59c5c6e81af8
c032c9b570bc6673d63a43bc08b4084869e0bc20
ef5668dd2847185f07e71993125f5a3e90eafc9e994798c895fc1a746b3f9def
Analyzer Verdict Alert OpenPhish phishing Office365
Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/?bcda=1-888-365-4337 HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 22662
Content-Type: text/html
Content-MD5: NsRMsbsEXvtb/VnFxuga+A==
Last-Modified: Fri, 19 Apr 2024 13:10:15 GMT
Accept-Ranges: bytes
ETag: "0x8DC60720E231285"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c64e56c-e01e-004f-3c0e-963fae000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/css/styles.css
200 OK 9.0 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/css/styles.css
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type assembler source, ASCII text, with very long lines (1266)
Hash 6ef2560453a7b6bff8ea7ec4265a9816
1ed7044a0579bb751b10ba7353a36e9d208c659e
a072681ff11d60e33eb625e1d75e828542f80c9362d905c3eb9626063e27b4cc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/css/styles.css HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 8998
Content-Type: text/css
Content-MD5: bvJWBFOntr/46n7EJlqYFg==
Last-Modified: Fri, 19 Apr 2024 13:10:16 GMT
Accept-Ranges: bytes
ETag: "0x8DC60720E73BE21"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c64e573-e01e-004f-420e-963fae000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/js/jquery.min.js
200 OK 85 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/js/jquery.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type JavaScript source, ASCII text, with very long lines (32478)
Hash 20c129bedb4a26db02fc0f54d026c3f5
093b9d2728788de24a728742070a348b2848573f
436ecc90fab5ed1034b68a4a0e924e0132d93d9e7fb59b4fe23018eb7d9242c1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/jquery.min.js HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 84817
Content-Type: text/javascript
Content-MD5: IMEpvttKJtsC/A9U0CbD9Q==
Last-Modified: Fri, 19 Apr 2024 13:10:26 GMT
Accept-Ranges: bytes
ETag: "0x8DC607214B3BB33"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c64e574-e01e-004f-430e-963fae000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/js/main.js
200 OK 1.4 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/js/main.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash da6aacc1ca8eaa4902d9fee5c9c984b7
a06f41817583ce6182dd7121460c0bd16ea8b088
989120d05b8f3d703fd6e63b49b94845d7e038d536dd27723619e1f00623683f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/main.js HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1358
Content-Type: text/javascript
Content-MD5: 2mqswcqOqkkC2f7lycmEtw==
Last-Modified: Fri, 19 Apr 2024 13:10:26 GMT
Accept-Ranges: bytes
ETag: "0x8DC607214792C3C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3fa93463-101e-005b-650e-9677c1000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/js/scripts.js
200 OK 464 B URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/js/scripts.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type JavaScript source, ASCII text
Hash 2856b9008b89d67be19d586e43ae8521
d47ac3f1328fb58b19584d77d2e3acc93663fb10
19e9aaa12f8478366b3707ff49b0e3cfc4818f9343b48f5d43890c943d1b1a3d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/scripts.js HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 464
Content-Type: text/javascript
Content-MD5: KFa5AIuJ1nvhnVhuQ66FIQ==
Last-Modified: Fri, 19 Apr 2024 13:10:26 GMT
Accept-Ranges: bytes
ETag: "0x8DC607214858664"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3ab67d59-501e-0028-0a0e-962f52000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
www.googletagmanager.com/gtag/js?id=UA-xxx-x
200 OK 69 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-xxx-x
IP
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File type JavaScript source, ASCII text, with very long lines (2165)
Hash 5841e04cb47a791470e2e00f95e81544
7bd087dd7a9b8c5594e9071a2f99f0299e5936ea
098c01de66553df39c8dced2f031a2477e2cc206fa6b72205727a33d510fdf81
GET /gtag/js?id=UA-xxx-x HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 06:11:14 GMT
expires: Wed, 24 Apr 2024 06:11:14 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69214
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
200 OK 27 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type ASCII text, with very long lines (27265)
Hash fd1609eb97e739683acf23120fd6f6c9
19b2e83fe8df09b85e74835c398aefee816bdfcb
ce26d1b76dae2f3b5d0ccc8d0ecd88d2edb411101b8a4c5edc4d9aa7008c9b04
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/css/font-awesome.min.css HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 27428
Content-Type: text/css
Content-MD5: /RYJ65fnOWg6zyMSD9b2yQ==
Last-Modified: Fri, 19 Apr 2024 13:10:16 GMT
Accept-Ranges: bytes
ETag: "0x8DC60720E7BD32E"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4954592f-001e-0035-430e-9622ee000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/js/bootstrap.min.js
200 OK 60 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/js/bootstrap.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type JavaScript source, ASCII text, with very long lines (59765)
Hash 02d223393e00c273efdcb1ade8f4f8b1
0cc93b8421d89c24a889642428b363cb831de78a
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/bootstrap.min.js HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 60044
Content-Type: text/javascript
Content-MD5: AtIjOT4AwnPv3LGt6PT4sQ==
Last-Modified: Fri, 19 Apr 2024 13:10:26 GMT
Accept-Ranges: bytes
ETag: "0x8DC607214786903"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 444d1f9f-401e-0069-4e0e-9677b6000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/Z5BR-network.png
200 OK 607 B URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/Z5BR-network.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 63 x 70, 8-bit colormap, non-interlaced
Hash 2cd03a547f00cad010f9038619df45de
912f919836a77a514c76b990aceaf5e930a24024
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/Z5BR-network.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 607
Content-Type: image/png
Content-MD5: LNA6VH8AytAQ+QOGGd9F3g==
Last-Modified: Fri, 19 Apr 2024 13:10:26 GMT
Accept-Ranges: bytes
ETag: "0x8DC6072143B1B59"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c64e575-e01e-004f-440e-963fae000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/nOxp-sett.png
200 OK 463 B URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/nOxp-sett.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 33 x 31, 8-bit colormap, non-interlaced
Hash 905d91c276116928fa306ea732723fa9
092604f6a8786e46a7dee06065d29d2896fcf568
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/nOxp-sett.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 463
Content-Type: image/png
Content-MD5: kF2RwnYRaSj6MG6nMnI/qQ==
Last-Modified: Fri, 19 Apr 2024 13:10:25 GMT
Accept-Ranges: bytes
ETag: "0x8DC607213BF209F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 49545931-001e-0035-450e-9622ee000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/uZbx-si.png
200 OK 5.4 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/uZbx-si.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
Hash 51147eb9734c3c0caf22aa77a80d96f0
dc33807cd0c0c35bb98d8e23efe2d625137a43f5
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/uZbx-si.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 5377
Content-Type: image/png
Content-MD5: URR+uXNMPAyvIqp3qA2W8A==
Last-Modified: Fri, 19 Apr 2024 13:10:26 GMT
Accept-Ranges: bytes
ETag: "0x8DC6072143095AD"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3fa93464-101e-005b-660e-9677c1000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/-EBq-current.png
200 OK 1.2 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/-EBq-current.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 27 x 28, 8-bit colormap, non-interlaced
Hash 35629cc2adc804353a548305f1217206
cda6e89c5f6a644683aea6999a5d11e00dc64275
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/-EBq-current.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1162
Content-Type: image/png
Content-MD5: NWKcwq3IBDU6VIMF8SFyBg==
Last-Modified: Fri, 19 Apr 2024 13:10:22 GMT
Accept-Ranges: bytes
ETag: "0x8DC6072120AFD25"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3ab67d5a-501e-0028-0b0e-962f52000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/microsoft.png
200 OK 1.0 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/microsoft.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/microsoft.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1045
Content-Type: image/png
Content-MD5: vytGBZD7udjpYRpukAa4Fg==
Last-Modified: Fri, 19 Apr 2024 13:10:25 GMT
Accept-Ranges: bytes
ETag: "0x8DC607213B18E2B"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aca302f7-001e-001a-1c0e-962f25000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/re.gif
200 OK 15 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/re.gif
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type GIF image data, version 89a, 193 x 71
Hash 6fcb78e0cd7933a70eea2cf071f82118
70364bffd62fe33360abe70ecc7f7c0541b3b54c
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/re.gif HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 14751
Content-Type: image/gif
Content-MD5: b8t44M15M6cO6izwcfghGA==
Last-Modified: Fri, 19 Apr 2024 13:10:25 GMT
Accept-Ranges: bytes
ETag: "0x8DC607214074217"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 444d1fa0-401e-0069-4f0e-9677b6000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
m03lm.rdtk.io/postback?format=img&sum={replace}
400 Bad Request 73 B URL GET HTTP/1.1 m03lm.rdtk.io/postback?format=img&sum={replace}
IP
ASN #28753 Leaseweb Deutschland GmbH
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerGoGetSSL
Subject*.rdtk.io
Fingerprint3F:B8:3B:F6:C3:51:99:DC:0C:C4:BD:84:8C:14:9D:BA:06:6F:F8:9F
ValidityWed, 19 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT
Hash 6742622fd8c56312fdeefb1afae72019
f060d7d23c7fbc50993bbf1d4980c0908acfa3e8
68399ccccc0b28cf635b2065f20e239ddbb33cc3a2e755879259e0ab23765795
GET /postback?format=img&sum={replace} HTTP/1.1
Host: m03lm.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 400 Bad Request
Server: nginx/1.20.2
Date: Wed, 24 Apr 2024 06:11:15 GMT
Content-Type: application/json
Content-Length: 73
Connection: keep-alive
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/minimize.jpg
200 OK 17 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/minimize.jpg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
Hash 4bf52eb9b3efce840add1a90d83a40e5
6348a7617dfce3165e07af53a48df7892d62ffe1
a85f1e749a829c5c909837844c6b53ce0a9ae2adb7c8eac0e7b96c372c679a0d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/minimize.jpg HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 17173
Content-Type: image/jpeg
Content-MD5: S/UuubPvzoQK3RqQ2DpA5Q==
Last-Modified: Fri, 19 Apr 2024 13:10:25 GMT
Accept-Ranges: bytes
ETag: "0x8DC607213D9D07C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 49545932-001e-0035-460e-9622ee000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/s-S4-acc.png
200 OK 813 B URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/s-S4-acc.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 77 x 72, 8-bit colormap, non-interlaced
Hash d648c1837d01495eccd63e053491f72a
991d8f6c72777239472410d6129fd5f25ed9d134
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/s-S4-acc.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 813
Content-Type: image/png
Content-MD5: 1kjBg30BSV7M1j4FNJH3Kg==
Last-Modified: Fri, 19 Apr 2024 13:10:25 GMT
Accept-Ranges: bytes
ETag: "0x8DC6072141E48FE"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aca302f8-001e-001a-1d0e-962f25000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/qsbs-firewall.png
200 OK 920 B URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/qsbs-firewall.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 77 x 63, 8-bit colormap, non-interlaced
Hash b0495ede4c875843fec037c794e9ff9a
c813aefba255a5cc53aea7811f987ccb551c3128
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/qsbs-firewall.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 920
Content-Type: image/png
Content-MD5: sEle3kyHWEP+wDfHlOn/mg==
Last-Modified: Fri, 19 Apr 2024 13:10:25 GMT
Accept-Ranges: bytes
ETag: "0x8DC607214037218"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 444d1fa1-401e-0069-500e-9677b6000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:15 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/kxFy-clip.png
200 OK 542 B URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/kxFy-clip.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 66 x 68, 8-bit colormap, non-interlaced
Hash 0e9558d2d6e8000ce5c6c749c8fc67c2
f7ba9490807ef70bb6195150d6287cd54b7fefd0
91fb42a68a122344fd78cfd5f0cf9d06ff6d307fd4a5c68f40231c5950ece9a1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/kxFy-clip.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 542
Content-Type: image/png
Content-MD5: DpVY0tboAAzlxsdJyPxnwg==
Last-Modified: Fri, 19 Apr 2024 13:10:25 GMT
Accept-Ranges: bytes
ETag: "0x8DC6072139EF36D"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 49545934-001e-0035-480e-9622ee000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/cross.png
200 OK 386 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/cross.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
Size 386 kB (386359 bytes)
Hash be42ad7752720327d28bf52dbdbb64c2
f4cce31b9236319aa9c87fee038638d1de12c07d
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/cross.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 386359
Content-Type: image/png
Content-MD5: vkKtd1JyAyfSi/Utvbtkwg==
Last-Modified: Fri, 19 Apr 2024 13:10:24 GMT
Accept-Ranges: bytes
ETag: "0x8DC60721341EDA5"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c64e576-e01e-004f-450e-963fae000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/bg2.jpg
200 OK 463 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/bg2.jpg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Size 463 kB (462770 bytes)
Hash ab996ed3b126f2b5f0c1f214b96afe7a
77223f12976d20e06058fe40040e261bd5688f39
4eaf7b7f53ea1a27a22bae168f560d9dc78dc2e2185162be9ee4db59e1e1065a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/bg2.jpg HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 462770
Content-Type: image/jpeg
Content-MD5: q5lu07Em8rXwwfIUuWr+eg==
Last-Modified: Fri, 19 Apr 2024 13:10:25 GMT
Accept-Ranges: bytes
ETag: "0x8DC607213D51643"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3fa93466-101e-005b-680e-9677c1000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/media/_Fm7-alert.mp3
206 Partial Content 201 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/media/_Fm7-alert.mp3
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type Audio file with ID3 version 2.3.0, contains:
- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural
Size 201 kB (200832 bytes)
Hash 0116152611dd51432e852781f8cc7e82
2408d3d281b25649894f78a4e19f7f8a8ac735f9
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/media/_Fm7-alert.mp3 HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Length: 200832
Content-Type: audio/mpeg
Content-Range: bytes 0-200831/200832
Last-Modified: Fri, 19 Apr 2024 13:10:28 GMT
Accept-Ranges: bytes
ETag: "0x8DC60721583473E"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c64e579-e01e-004f-480e-963fae000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/media/speech.mp3
416 The range specified is invalid for the current size of the resource. 340 B URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/media/speech.mp3
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type HTML document, ASCII text, with very long lines (340), with no line terminators
Hash 5085e84a7694e427e4a4aa4a14e06214
cd8c8acb2ef830242307e2638b04d20af5225136
c86a490af0415ab5535192387c73784698f5393dc410cc15425ce67ceddcca24
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/media/speech.mp3 HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 416 The range specified is invalid for the current size of the resource.
Content-Length: 340
Content-Type: text/html
Content-Range: bytes */0
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: InvalidRange
x-ms-request-id: 444d1fa2-401e-0069-510e-9677b6000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:15 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/bg1.jpg
200 OK 463 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/bg1.jpg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Size 463 kB (462770 bytes)
Hash ab996ed3b126f2b5f0c1f214b96afe7a
77223f12976d20e06058fe40040e261bd5688f39
4eaf7b7f53ea1a27a22bae168f560d9dc78dc2e2185162be9ee4db59e1e1065a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/bg1.jpg HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 462770
Content-Type: image/jpeg
Content-MD5: q5lu07Em8rXwwfIUuWr+eg==
Last-Modified: Fri, 19 Apr 2024 13:10:24 GMT
Accept-Ranges: bytes
ETag: "0x8DC6072133C9749"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3ab67d5b-501e-0028-0c0e-962f52000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
200 OK 22 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type Web Open Font Format (Version 2), TrueType, length 21716, version 1.0
Hash d4ff90db5da894c833f356f47a16e408
30606044507d81b996c992895ab16b8a8d68be97
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2 HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Cookie: PHPREFS=full
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 21716
Content-Type: application/octet-stream
Content-MD5: 1P+Q212olMgz81b0ehbkCA==
Last-Modified: Fri, 19 Apr 2024 13:10:17 GMT
Accept-Ranges: bytes
ETag: "0x8DC60720F336E1F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c64e57a-e01e-004f-490e-963fae000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/_Fm7-alert.mp3
404 The requested content does not exist. 321 B URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/_Fm7-alert.mp3
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type HTML document, ASCII text, with very long lines (321), with no line terminators
Hash 5a7bda69975aa5b9a5dc0e1dfcf6253d
44082ec6893d0a80245495ab016f5d654b1d394f
deac9fb47d49ed34c8a47ad44215d8af8101ae982558b991853c145d0da8966e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/_Fm7-alert.mp3 HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: 3fa93467-101e-005b-690e-9677c1000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/microsoft.png
200 OK 1.0 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/images/microsoft.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/microsoft.png HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Cookie: PHPREFS=full
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1045
Content-Type: image/png
Content-MD5: vytGBZD7udjpYRpukAa4Fg==
Last-Modified: Fri, 19 Apr 2024 13:10:25 GMT
Accept-Ranges: bytes
ETag: "0x8DC607213B18E2B"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3ab67d5f-501e-0028-100e-962f52000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:14 GMT
ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/fonts/fontawesome-webfont.woff2
200 OK 67 kB URL GET HTTP/1.1 ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/fonts/fontawesome-webfont.woff2
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint35:0E:B6:53:49:81:AA:ED:F7:B7:F7:29:68:32:2C:27:C8:73:71:9F
ValidityTue, 26 Sep 2023 03:46:24 GMT - Thu, 26 Sep 2024 03:46:24 GMT
File type Web Open Font Format (Version 2), TrueType, length 66624, version 4.262
Hash db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: ddf29-secondary.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
Cookie: PHPREFS=full
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 66624
Content-Type: application/octet-stream
Content-MD5: 24EtinCk6I6Ih0TByaJ+iQ==
Last-Modified: Fri, 19 Apr 2024 13:10:19 GMT
Accept-Ranges: bytes
ETag: "0x8DC60721016A634"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3fa93469-101e-005b-6b0e-9677c1000000
x-ms-version: 2018-03-28
Date: Wed, 24 Apr 2024 06:11:15 GMT
userstatics.com/get/script.js?referrer=https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
622 B URL GET userstatics.com/get/script.js?referrer=https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
IP
Requested by https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337
Certificate IssuerLet's Encrypt
Subjectuserstatics.com
FingerprintAB:62:24:6D:5D:BB:D9:D8:00:B7:CB:47:DD:7C:74:69:C8:48:16:49
ValidityThu, 28 Mar 2024 13:34:23 GMT - Wed, 26 Jun 2024 13:34:22 GMT
File type ASCII text, with no line terminators
Hash fea7fbf2c619fd4b7716fcaa64070c6c
f192732937981a26f526b7c1293a2ae13bc59a22
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26
GET /get/script.js?referrer=https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337 HTTP/1.1
Host: userstatics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ddf29-secondary.z1.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 06:11:16 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.1
access-control-allow-origin: https://ddf29-secondary.z1.web.core.windows.net
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dVq7vqAduJphL51bir5PoMBEcp0lQ7rEx5rw6TvkcBjpSuEx7BbykZMqrgOg%2FzlJP4%2BTEUbmEt0PXC51Z1ZvkAovQDGxwDWPhRNpjYtQysIroMW9WzqluN9c7fjm8aCC6Ww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8793ef59d9a6b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
20.150.116.4
142.250.74.136
217.20.112.104
188.114.96.1
0.0.0.0