iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
20.60.142.36200 OK 23 kB URL User Request GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (604)
Hash 36c44cb1bb045efb5bfd59c5c6e81af8
c032c9b570bc6673d63a43bc08b4084869e0bc20
ef5668dd2847185f07e71993125f5a3e90eafc9e994798c895fc1a746b3f9def
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/?bcda=1-855-399-1052 HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 22662
Content-Type: text/html
Content-MD5: NsRMsbsEXvtb/VnFxuga+A==
Last-Modified: Thu, 25 Apr 2024 13:25:50 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B397D4AD9"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea447c-401e-0039-7e5d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:02 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/css/styles.css
20.60.142.36200 OK 9.0 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/css/styles.css
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type assembler source, ASCII text, with very long lines (1266)
Hash 6ef2560453a7b6bff8ea7ec4265a9816
1ed7044a0579bb751b10ba7353a36e9d208c659e
a072681ff11d60e33eb625e1d75e828542f80c9362d905c3eb9626063e27b4cc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/css/styles.css HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 8998
Content-Type: text/css
Content-MD5: bvJWBFOntr/46n7EJlqYFg==
Last-Modified: Thu, 25 Apr 2024 13:25:52 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B3AA3422E"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea45ca-401e-0039-095d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:02 GMT
www.googletagmanager.com/gtag/js?id=UA-xxx-x
142.250.74.168200 OK 69 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-xxx-x
IP 142.250.74.168:443
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File type JavaScript source, ASCII text, with very long lines (1763)
Hash b412ddc7c75bcd34bdd1f245ef56a2f6
ec053b32cf0d8c2f73c1877127ec6230e49ee39e
a06c6b033e15e21b74a5492d6b027e5c66c609116269860f1ab08cb761925191
GET /gtag/js?id=UA-xxx-x HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 27 Apr 2024 04:46:03 GMT
expires: Sat, 27 Apr 2024 04:46:03 GMT
cache-control: private, max-age=900
last-modified: Sat, 27 Apr 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69285
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
iij110.z27.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
20.60.142.36200 OK 27 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type ASCII text, with very long lines (27265)
Hash fd1609eb97e739683acf23120fd6f6c9
19b2e83fe8df09b85e74835c398aefee816bdfcb
ce26d1b76dae2f3b5d0ccc8d0ecd88d2edb411101b8a4c5edc4d9aa7008c9b04
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/css/font-awesome.min.css HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 27428
Content-Type: text/css
Content-MD5: /RYJ65fnOWg6zyMSD9b2yQ==
Last-Modified: Thu, 25 Apr 2024 13:25:52 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B3AD3B898"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea4624-401e-0039-4f5d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:02 GMT
m03lm.rdtk.io/postback?format=img&sum={replace}
85.17.54.67400 Bad Request 73 B URL GET HTTP/1.1 m03lm.rdtk.io/postback?format=img&sum={replace}
IP 85.17.54.67:443
ASN #60781 LeaseWeb Netherlands B.V.
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerGoGetSSL
Subject*.rdtk.io
Fingerprint3F:B8:3B:F6:C3:51:99:DC:0C:C4:BD:84:8C:14:9D:BA:06:6F:F8:9F
ValidityWed, 19 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT
Hash 6742622fd8c56312fdeefb1afae72019
f060d7d23c7fbc50993bbf1d4980c0908acfa3e8
68399ccccc0b28cf635b2065f20e239ddbb33cc3a2e755879259e0ab23765795
GET /postback?format=img&sum={replace} HTTP/1.1
Host: m03lm.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 400 Bad Request
Server: nginx/1.20.2
Date: Sat, 27 Apr 2024 04:46:03 GMT
Content-Type: application/json
Content-Length: 73
Connection: keep-alive
iij110.z27.web.core.windows.net/werrx01USAHTML/images/minimize.jpg
20.60.142.36200 OK 17 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/minimize.jpg
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
Hash 4bf52eb9b3efce840add1a90d83a40e5
6348a7617dfce3165e07af53a48df7892d62ffe1
a85f1e749a829c5c909837844c6b53ce0a9ae2adb7c8eac0e7b96c372c679a0d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/minimize.jpg HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 17173
Content-Type: image/jpeg
Content-MD5: S/UuubPvzoQK3RqQ2DpA5Q==
Last-Modified: Thu, 25 Apr 2024 13:26:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B43207B28"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea467c-401e-0039-1b5d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:02 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/kxFy-clip.png
20.60.142.36200 OK 542 B URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/kxFy-clip.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 66 x 68, 8-bit colormap, non-interlaced
Hash 0e9558d2d6e8000ce5c6c749c8fc67c2
f7ba9490807ef70bb6195150d6287cd54b7fefd0
91fb42a68a122344fd78cfd5f0cf9d06ff6d307fd4a5c68f40231c5950ece9a1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/kxFy-clip.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 542
Content-Type: image/png
Content-MD5: DpVY0tboAAzlxsdJyPxnwg==
Last-Modified: Thu, 25 Apr 2024 13:26:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B42FA0B99"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea46c9-401e-0039-5f5d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:02 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/js/scripts.js
20.60.142.36200 OK 464 B URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/js/scripts.js
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type JavaScript source, ASCII text
Hash 2856b9008b89d67be19d586e43ae8521
d47ac3f1328fb58b19584d77d2e3acc93663fb10
19e9aaa12f8478366b3707ff49b0e3cfc4818f9343b48f5d43890c943d1b1a3d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/scripts.js HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 464
Content-Type: text/javascript
Content-MD5: KFa5AIuJ1nvhnVhuQ66FIQ==
Last-Modified: Thu, 25 Apr 2024 13:26:08 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B44281032"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f05bd77a-c01e-0027-615d-985d35000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/js/main.js
20.60.142.36200 OK 1.4 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/js/main.js
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash da6aacc1ca8eaa4902d9fee5c9c984b7
a06f41817583ce6182dd7121460c0bd16ea8b088
989120d05b8f3d703fd6e63b49b94845d7e038d536dd27723619e1f00623683f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/main.js HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1358
Content-Type: text/javascript
Content-MD5: 2mqswcqOqkkC2f7lycmEtw==
Last-Modified: Thu, 25 Apr 2024 13:26:08 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B44296E33"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bbff391d-801e-0026-705d-9802e9000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/qsbs-firewall.png
20.60.142.36200 OK 920 B URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/qsbs-firewall.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 77 x 63, 8-bit colormap, non-interlaced
Hash b0495ede4c875843fec037c794e9ff9a
c813aefba255a5cc53aea7811f987ccb551c3128
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/qsbs-firewall.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 920
Content-Type: image/png
Content-MD5: sEle3kyHWEP+wDfHlOn/mg==
Last-Modified: Thu, 25 Apr 2024 13:26:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B4374CC0C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea46ea-401e-0039-7b5d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/js/bootstrap.min.js
20.60.142.36200 OK 60 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/js/bootstrap.min.js
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type JavaScript source, ASCII text, with very long lines (59765)
Hash 02d223393e00c273efdcb1ade8f4f8b1
0cc93b8421d89c24a889642428b363cb831de78a
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/bootstrap.min.js HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 60044
Content-Type: text/javascript
Content-MD5: AtIjOT4AwnPv3LGt6PT4sQ==
Last-Modified: Thu, 25 Apr 2024 13:26:07 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B43F68980"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c538778a-601e-0001-295d-98152d000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/microsoft.png
20.60.142.36200 OK 1.0 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/microsoft.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/microsoft.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1045
Content-Type: image/png
Content-MD5: vytGBZD7udjpYRpukAa4Fg==
Last-Modified: Thu, 25 Apr 2024 13:26:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B42FA3279"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bbff397b-801e-0026-3e5d-9802e9000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/s-S4-acc.png
20.60.142.36200 OK 813 B URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/s-S4-acc.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 77 x 72, 8-bit colormap, non-interlaced
Hash d648c1837d01495eccd63e053491f72a
991d8f6c72777239472410d6129fd5f25ed9d134
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/s-S4-acc.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 813
Content-Type: image/png
Content-MD5: 1kjBg30BSV7M1j4FNJH3Kg==
Last-Modified: Thu, 25 Apr 2024 13:26:07 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B43A2AD51"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea4776-401e-0039-6d5d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/js/jquery.min.js
20.60.142.36200 OK 85 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/js/jquery.min.js
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type JavaScript source, ASCII text, with very long lines (32478)
Hash 20c129bedb4a26db02fc0f54d026c3f5
093b9d2728788de24a728742070a348b2848573f
436ecc90fab5ed1034b68a4a0e924e0132d93d9e7fb59b4fe23018eb7d9242c1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/jquery.min.js HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 84817
Content-Type: text/javascript
Content-MD5: IMEpvttKJtsC/A9U0CbD9Q==
Last-Modified: Thu, 25 Apr 2024 13:26:08 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B4427C266"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c5387783-601e-0001-245d-98152d000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/media/speech.mp3
20.60.142.36416 The range specified is invalid for the current size of the resource. 340 B URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/media/speech.mp3
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type HTML document, ASCII text, with very long lines (340), with no line terminators
Hash 23840f1dee7127531fe57c31a64e3339
bdbf1bcde370e4abf8fca98547de924b67b0c625
785f9cad6e8d7c6f8def0348e221414565022f2364912ba0c1c5d15268a34a5a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/media/speech.mp3 HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 416 The range specified is invalid for the current size of the resource.
Content-Length: 340
Content-Type: text/html
Content-Range: bytes */0
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: InvalidRange
x-ms-request-id: bbff39d8-801e-0026-0b5d-9802e9000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/Z5BR-network.png
20.60.142.36200 OK 607 B URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/Z5BR-network.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 63 x 70, 8-bit colormap, non-interlaced
Hash 2cd03a547f00cad010f9038619df45de
912f919836a77a514c76b990aceaf5e930a24024
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/Z5BR-network.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 607
Content-Type: image/png
Content-MD5: LNA6VH8AytAQ+QOGGd9F3g==
Last-Modified: Thu, 25 Apr 2024 13:26:07 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B43F74BF4"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea47fc-401e-0039-545d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/uZbx-si.png
20.60.142.36200 OK 5.4 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/uZbx-si.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
Hash 51147eb9734c3c0caf22aa77a80d96f0
dc33807cd0c0c35bb98d8e23efe2d625137a43f5
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/uZbx-si.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 5377
Content-Type: image/png
Content-MD5: URR+uXNMPAyvIqp3qA2W8A==
Last-Modified: Thu, 25 Apr 2024 13:26:07 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B43A48004"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c53878dd-601e-0001-245d-98152d000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/-EBq-current.png
20.60.142.36200 OK 1.2 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/-EBq-current.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 27 x 28, 8-bit colormap, non-interlaced
Hash 35629cc2adc804353a548305f1217206
cda6e89c5f6a644683aea6999a5d11e00dc64275
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/-EBq-current.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1162
Content-Type: image/png
Content-MD5: NWKcwq3IBDU6VIMF8SFyBg==
Last-Modified: Thu, 25 Apr 2024 13:26:03 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B41451F3B"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bbff3a3e-801e-0026-625d-9802e9000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/nOxp-sett.png
20.60.142.36200 OK 463 B URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/nOxp-sett.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 33 x 31, 8-bit colormap, non-interlaced
Hash 905d91c276116928fa306ea732723fa9
092604f6a8786e46a7dee06065d29d2896fcf568
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/nOxp-sett.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 463
Content-Type: image/png
Content-MD5: kF2RwnYRaSj6MG6nMnI/qQ==
Last-Modified: Thu, 25 Apr 2024 13:26:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B43624346"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea4880-401e-0039-435d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
20.60.142.36200 OK 22 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type Web Open Font Format (Version 2), TrueType, length 21716, version 1.0
Hash d4ff90db5da894c833f356f47a16e408
30606044507d81b996c992895ab16b8a8d68be97
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2 HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Cookie: PHPREFS=full
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 21716
Content-Type: application/octet-stream
Content-MD5: 1P+Q212olMgz81b0ehbkCA==
Last-Modified: Thu, 25 Apr 2024 13:25:55 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B3C560E1A"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c538792f-601e-0001-5c5d-98152d000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:04 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/media/_Fm7-alert.mp3
20.60.142.36206 Partial Content 49 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/media/_Fm7-alert.mp3
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type Audio file with ID3 version 2.3.0, contains:
- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural
Hash 1d19b33986eaa2c152fdf2f981088887
c9cd8f88f86cd97ee42422ca6b0ab3a81552ab57
5103e4fa719cc836cf91f886ff53ee68f84565afaffda2b402e1125741204637
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/media/_Fm7-alert.mp3 HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Length: 200832
Content-Type: audio/mpeg
Content-Range: bytes 0-200831/200832
Last-Modified: Thu, 25 Apr 2024 13:26:09 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B4515AAB7"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c538786a-601e-0001-515d-98152d000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/re.gif
20.60.142.36200 OK 15 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/re.gif
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type GIF image data, version 89a, 193 x 71
Hash 6fcb78e0cd7933a70eea2cf071f82118
70364bffd62fe33360abe70ecc7f7c0541b3b54c
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/re.gif HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 14751
Content-Type: image/gif
Content-MD5: b8t44M15M6cO6izwcfghGA==
Last-Modified: Thu, 25 Apr 2024 13:26:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B43762A0E"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea4902-401e-0039-2d5d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/bg2.jpg
20.60.142.36200 OK 463 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/bg2.jpg
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Size 463 kB (462770 bytes)
Hash ab996ed3b126f2b5f0c1f214b96afe7a
77223f12976d20e06058fe40040e261bd5688f39
4eaf7b7f53ea1a27a22bae168f560d9dc78dc2e2185162be9ee4db59e1e1065a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/bg2.jpg HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 462770
Content-Type: image/jpeg
Content-MD5: q5lu07Em8rXwwfIUuWr+eg==
Last-Modified: Thu, 25 Apr 2024 13:26:05 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B42AB59B8"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f05bd7bd-c01e-0027-185d-985d35000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/bg1.jpg
20.60.142.36200 OK 463 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/bg1.jpg
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Size 463 kB (462770 bytes)
Hash ab996ed3b126f2b5f0c1f214b96afe7a
77223f12976d20e06058fe40040e261bd5688f39
4eaf7b7f53ea1a27a22bae168f560d9dc78dc2e2185162be9ee4db59e1e1065a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/bg1.jpg HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 462770
Content-Type: image/jpeg
Content-MD5: q5lu07Em8rXwwfIUuWr+eg==
Last-Modified: Thu, 25 Apr 2024 13:26:05 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B425E7A82"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea473b-401e-0039-415d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/microsoft.png
20.60.142.36200 OK 1.0 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/microsoft.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/microsoft.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Cookie: PHPREFS=full
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1045
Content-Type: image/png
Content-MD5: vytGBZD7udjpYRpukAa4Fg==
Last-Modified: Thu, 25 Apr 2024 13:26:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B42FA3279"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f05bd9fc-c01e-0027-675d-985d35000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:04 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/images/cross.png
20.60.142.36200 OK 386 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/images/cross.png
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
Size 386 kB (386359 bytes)
Hash be42ad7752720327d28bf52dbdbb64c2
f4cce31b9236319aa9c87fee038638d1de12c07d
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/cross.png HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 386359
Content-Type: image/png
Content-MD5: vkKtd1JyAyfSi/Utvbtkwg==
Last-Modified: Thu, 25 Apr 2024 13:26:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B43207B28"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c53879f2-601e-0001-695d-98152d000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:04 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/fonts/fontawesome-webfont.woff2
20.60.142.36200 OK 67 kB URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/fonts/fontawesome-webfont.woff2
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type Web Open Font Format (Version 2), TrueType, length 66624, version 4.262
Hash db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
Cookie: PHPREFS=full
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 66624
Content-Type: application/octet-stream
Content-MD5: 24EtinCk6I6Ih0TByaJ+iQ==
Last-Modified: Thu, 25 Apr 2024 13:25:56 GMT
Accept-Ranges: bytes
ETag: "0x8DC652B3D801F7E"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70ea4c28-401e-0039-345d-98b1ed000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:04 GMT
iij110.z27.web.core.windows.net/werrx01USAHTML/_Fm7-alert.mp3
20.60.142.36404 The requested content does not exist. 321 B URL GET HTTP/1.1 iij110.z27.web.core.windows.net/werrx01USAHTML/_Fm7-alert.mp3
IP 20.60.142.36:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint16:B4:8C:49:FA:47:35:97:FA:45:9C:E7:9F:2D:54:5A:CF:CD:2E:39
ValidityThu, 18 Apr 2024 22:23:00 GMT - Sun, 13 Apr 2025 22:23:00 GMT
File type HTML document, ASCII text, with very long lines (321), with no line terminators
Hash fdd8278796b5840b754af32b57f49b2a
f29467347024e63c9e9894f7818ba2b2c660f156
9de7820e6b1aca954ac0da8682f6a1d162097b313472115e74fb919287978787
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/_Fm7-alert.mp3 HTTP/1.1
Host: iij110.z27.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: bbff3a8e-801e-0026-255d-9802e9000000
x-ms-version: 2018-03-28
Date: Sat, 27 Apr 2024 04:46:03 GMT
userstatics.com/get/script.js?referrer=https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
0.0.0.0 0 B URL GET userstatics.com/get/script.js?referrer=https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
IP 0.0.0.0:0
Requested by https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Certificate IssuerLet's Encrypt
Subjectuserstatics.com
FingerprintAB:62:24:6D:5D:BB:D9:D8:00:B7:CB:47:DD:7C:74:69:C8:48:16:49
ValidityThu, 28 Mar 2024 13:34:23 GMT - Wed, 26 Jun 2024 13:34:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /get/script.js?referrer=https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052 HTTP/1.1
Host: userstatics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iij110.z27.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 27 Apr 2024 04:46:05 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.1
access-control-allow-origin: https://iij110.z27.web.core.windows.net
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K2ht6fczhuCCuzDuTrRRh5Aj1AB2Z1401a9HnL6F1ID0RzFZvjgUs1mrhCA%2B%2FjTZllttzqfCvILcOabRRwsI%2FagmEtMqT2vG0%2Fir%2F2EjWM814Q7w6dvkq0Al2vyPsjsltEQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ac2ab1c9e8b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2