Report - bahgytui.z28.web.core.windows.net/

Report Overview

Submitted URL
bahgytui.z28.web.core.windows.net/
IP
20.60.13.228
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-05-04 08:00:30
Access
public
Website Title
ウィンドウズエラーポップアップ
Final URL
bahgytui.z28.web.core.windows.net/
Tags
fake_software scam
urlquery detections
Scam - Fake AntiVirus / Security software

Detections

urlquery
29
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bahgytui.z28.web.core.windows.net	unknown	unknown	No data	No data	7.8 kB	793 kB	20.60.13.228
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-03	913 B	166 kB	142.250.74.168
c.clarity.ms	803	2017-04-03	2021-02-04	2024-05-02	1.0 kB	1.5 kB	68.219.88.97
c.bing.com	247	1996-01-29	2012-05-22	2024-05-03	536 B	1.1 kB	13.107.21.237
y.clarity.ms	unknown	2017-04-03	2023-02-13	2024-05-04	1.7 kB	933 B	104.211.35.148
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	1.1 kB	68 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	477 B	4.3 kB	142.250.74.138
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-03	448 B	31 kB	142.250.74.138
www.clarity.ms	1404	2017-04-03	2018-08-22	2024-05-02	914 B	64 kB	13.107.213.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	bahgytui.z28.web.core.windows.net/	0 B	2023-03-07	2024-05-18
Pretty URL bahgytui.z28.web.core.windows.net/ IP 20.60.13.228 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 09:34:15 Times Seen37778016 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	bahgytui.z28.web.core.windows.net/	0 B	2023-03-07	2024-05-18
Pretty URL bahgytui.z28.web.core.windows.net/ IP 20.60.13.228 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 09:34:15 Times Seen37778016 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	11 B	2023-08-13	2024-05-10
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-08-13 07:22:44 Last Seen2024-05-10 06:46:24 Times Seen80 Hash 529c730c8c6b8980154402f7c157ba13 05d83d52400e98cfb0c70de312d89c3b7c0125f2 66fe8a578135ac1bd3ad407af310b31b157e76e5a1b9c8fd4f9bc47b1928a73c Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	84 kB	2023-03-07	2024-05-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-18 04:47:01 Times Seen14246 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	bahgytui.z28.web.core.windows.net/sandbox%20eval%20code	147 B	2023-04-11	2024-05-18
Pretty URL bahgytui.z28.web.core.windows.net/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-18 09:33:27 Times Seen350192 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-18
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-18 09:33:27 Times Seen349680 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=UA-176875146-1	208 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=UA-176875146-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 10:00:37 Last Seen2024-05-04 10:00:37 Times Seen2 Hash 5cd0e2d309b9f939423cf934acb40ecc c13a77173ffcb95f3c98bf2d328015f7c8ee6d88 4cbaa62fa3b492881a7fab35cf0e847e16ba9f3193efe42b750e8edcf875cb13 Loading...

	www.googletagmanager.com/gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c	254 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 10:00:37 Last Seen2024-05-04 10:00:37 Times Seen2 Hash 75d248c274b08d29f36d8fcfe26acdc9 77d7d6bcdc5ea6f8024597b18a0cffea8e00bc1c 9bebb9466b0eee7a963fc00924086609f255d0a97d128d5419dff859675fa47f Loading...

	www.clarity.ms/tag/i6wbidqrri	667 B	2024-05-04	2024-05-04
Pretty URL www.clarity.ms/tag/i6wbidqrri IP 13.107.213.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 09:49:37 Last Seen2024-05-04 10:00:37 Times Seen4 Hash 1fb06db52df62cb8911ad131c42341c8 72aba8eb6087aa9c886aeaff588febd4b0fc9f0f 2e85a1896323616af16d8db134e2658704e7315b734e77ccd56dfa13e38f9563 Loading...

	www.clarity.ms/s/0.7.32/clarity.js	62 kB	2024-05-04	2024-05-11
Pretty URL www.clarity.ms/s/0.7.32/clarity.js IP 13.107.213.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 09:49:37 Last Seen2024-05-11 22:08:31 Times Seen6 Hash b31e76d22da4399db4b8c8eccd35dc2b b36d4554849d3f05df0363366be9133d35eaca98 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e Loading...

HTTP Transactions (30)

URL IP Response Size

bahgytui.z28.web.core.windows.net/

20.60.13.228

200 OK

9.4 kB

URL User Request GET HTTP/1.1
bahgytui.z28.web.core.windows.net/
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
9.4 kB (9434 bytes)
Hash
3bde50ee5df5b3ef000b4e161e32697c
3e84dcac9406ccd57ddce7fb57f8ee18a6d2d675
c4e829c43a84b0ff7ac533f6a31abe345392b2f65e70c4abf4a2d24267cfcb5c

HTTP Headers

GET / HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 9434
Content-Type: text/html
Content-MD5: O95Q7l31s+8AC04WHjJpfA==
Last-Modified: Sat, 04 May 2024 05:09:51 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86DBB275F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 78a5a0ae-601e-0028-6df9-9dd37a000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:03 GMT

bahgytui.z28.web.core.windows.net/css/style-browser-reset.css

20.60.13.228

200 OK

7.0 kB

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/css/style-browser-reset.css
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
ASCII text
Size
7.0 kB (6958 bytes)
Hash
6e6f1a0825d8e991c9425026368b5dfc
1c4098af50ba750231d8eaf563aa9550e9500690
6958062d752bd84b03a4389d5caccd7765ba55ecaaf5fff5208c1707931728dc

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /css/style-browser-reset.css HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 6958
Content-Type: text/css
Content-MD5: bm8aCCXY6ZHJQlAmNotd/A==
Last-Modified: Sat, 04 May 2024 05:09:51 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86DB230C0"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 78a5a1da-601e-0028-7bf9-9dd37a000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:03 GMT

bahgytui.z28.web.core.windows.net/css/style.css

20.60.13.228

200 OK

12 kB

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/css/style.css
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
ASCII text
Size
12 kB (12154 bytes)
Hash
7cd3ea1e9c50e82eaa8edfc5a1b0a9c3
9f77286687fd6e118ffd5854c6205a0efa62fc2e
f67daacd2dffefa3199b63c42b0964f121e8db5f524814abc45b3a99b97b449d

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /css/style.css HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 12154
Content-Type: text/css
Content-MD5: fNPqHpxQ6C6qjt/FobCpww==
Last-Modified: Sat, 04 May 2024 05:09:51 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86DCFF78D"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c694c63f-901e-003c-6ff9-9d9b15000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (32061)
Size
30 kB (29671 bytes)
Hash
e40ec2161fe7993196f23c8a07346306
afb90752e0a90c24b7f724faca86c5f3d15d1178
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

HTTP Headers

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:24:46 GMT
expires: Fri, 02 May 2025 23:24:46 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 117318
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bahgytui.z28.web.core.windows.net/img/skip.svg

20.60.13.228

200 OK

153 B

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/skip.svg
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
SVG Scalable Vector Graphics image
Size
153 B (153 bytes)
Hash
f98aab4e2a400b8b99ede8d0084336bc
e95f5d0ab17a53519b248c9fececd314960604cd
9edaa2b6e53ac5e608b77f5622b1bad2529cee19906688138799e17adc3d0c87

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/skip.svg HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 153
Content-Type: image/svg+xml
Content-MD5: +YqrTipAC4uZ7ejQCEM2vA==
Last-Modified: Sat, 04 May 2024 05:09:52 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86E030333"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 78a5a275-601e-0028-08f9-9dd37a000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:03 GMT

bahgytui.z28.web.core.windows.net/img/world-min.png

20.60.13.228

200 OK

2.3 kB

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/world-min.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 55 x 65, 8-bit/color RGBA, non-interlaced
Size
2.3 kB (2334 bytes)
Hash
6c9518d26a8fce8b5476854e26bf9bb5
b86604406df94513dc752331a3bc816cf618a26a
48ba31e331db64e10973ac1ea694095891cb555ec7122e4d3d70b92beaf269a2

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/world-min.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2334
Content-Type: image/png
Content-MD5: bJUY0mqPzotUdoVOJr+btQ==
Last-Modified: Sat, 04 May 2024 05:09:53 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86E8901CC"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c694c65d-901e-003c-0cf9-9d9b15000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

bahgytui.z28.web.core.windows.net/img/icon-chat.png

20.60.13.228

200 OK

3.5 kB

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/icon-chat.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 117 x 25, 8-bit/color RGBA, non-interlaced
Size
3.5 kB (3526 bytes)
Hash
9b1f21dd040a850687d989f804c982cb
fc1697a3622ca7ebe68d15e3e59b1e5b693e2f35
148394202d5a332a7813d94e3911853e3ba70ea18cd4391d3e188ee8b60ba02e

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/icon-chat.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 3526
Content-Type: image/png
Content-MD5: mx8h3QQKhQaH2Yn4BMmCyw==
Last-Modified: Sat, 04 May 2024 05:09:53 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86EAEFCBA"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3465491e-701e-000b-07f9-9d49b9000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

bahgytui.z28.web.core.windows.net/img/comp-min.png

20.60.13.228

200 OK

724 B

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/comp-min.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 79 x 63, 8-bit/color RGBA, non-interlaced
Size
724 B (724 bytes)
Hash
db0e6825a0f394cc119f9dce51e87d0d
14ad5c784c8793da6d1793023d29a2ed941f999e
d23448df7f1a2f0e32540a23dace5883a040f3934eda711ccbb786a9a3f85586

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/comp-min.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 724
Content-Type: image/png
Content-MD5: 2w5oJaDzlMwRn53OUeh9DQ==
Last-Modified: Sat, 04 May 2024 05:09:52 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86E2E2878"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 34654920-701e-000b-09f9-9d49b9000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

bahgytui.z28.web.core.windows.net/img/microsoft-min.png

20.60.13.228

200 OK

358 B

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/microsoft-min.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
Size
358 B (358 bytes)
Hash
b70b61fbaef16f92eda0c249926b3ffc
fd089d0504c8e655fcda642ea23e970f9cb1fce2
0f76835451427509c2c509c34d7da48a0b3d3eba777be73f519e6853796b1987

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/microsoft-min.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 358
Content-Type: image/png
Content-MD5: twth+67xb5LtoMJJkms//A==
Last-Modified: Sat, 04 May 2024 05:09:52 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86E0DF36B"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 74bf9ba2-501e-0033-2ef9-9ded79000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

bahgytui.z28.web.core.windows.net/img/close.png

20.60.13.228

200 OK

204 B

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/close.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
204 B (204 bytes)
Hash
e40d1b1cb551eb3aa439e3aa58684506
360fd35b4a6a2a41220fb3a886d77f9ef416ee58
5e7a2650a477495975f4582dd7fda915eddc6636c280c814b3c340eac9e7991e

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/close.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 204
Content-Type: image/png
Content-MD5: 5A0bHLVR6zqkOeOqWGhFBg==
Last-Modified: Sat, 04 May 2024 05:09:53 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86ECE4869"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 25037cd8-501e-0051-6ff9-9d2f5e000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

bahgytui.z28.web.core.windows.net/img/microsoft-label.png

20.60.13.228

200 OK

465 B

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/microsoft-label.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 74 x 74, 8-bit/color RGBA, non-interlaced
Size
465 B (465 bytes)
Hash
589b99962054369d67ea1d275036c643
09cd975587a064b882e39bbd9f40eb6b46bb23ff
e4d3fcff9172df28321591ccdad3d9ee643df0719e38300f35576ef45760e474

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/microsoft-label.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 465
Content-Type: image/png
Content-MD5: WJuZliBUNp1n6h0nUDbGQw==
Last-Modified: Sat, 04 May 2024 05:09:52 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86E7678F4"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 78a5a286-601e-0028-19f9-9dd37a000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:03 GMT

bahgytui.z28.web.core.windows.net/img/speed-min.png

20.60.13.228

200 OK

2.8 kB

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/speed-min.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 65 x 65, 8-bit/color RGBA, non-interlaced
Size
2.8 kB (2808 bytes)
Hash
85699ed3cd3def081b0180e34efed9c8
960b4cff42e0300ea66d8d99c2faaa266e6a5c09
76674a6ea02c18a1c146b4b7175cf365e51cff9762eb85fe22f056c25bcae9d6

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/speed-min.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2808
Content-Type: image/png
Content-MD5: hWme08097wgbAYDjTv7ZyA==
Last-Modified: Sat, 04 May 2024 05:09:52 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86E4C63EF"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c694c671-901e-003c-1ef9-9d9b15000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

bahgytui.z28.web.core.windows.net/img/comp.png

20.60.13.228

200 OK

1.3 kB

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/comp.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 132 x 105, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1324 bytes)
Hash
8544bdb08aeab60824f3274e1b23d72c
a954a9b151155df801eba5eea1f6cb20b349e8c4
9887fc4cc99951ee5242c8138ac47b175a793819af078f20364603d839be556c

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/comp.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 1324
Content-Type: image/png
Content-MD5: hUS9sIrqtggk8ydOGyPXLA==
Last-Modified: Sat, 04 May 2024 05:09:53 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86E90C140"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3465494b-701e-000b-30f9-9d49b9000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

www.googletagmanager.com/gtag/js?id=UA-176875146-1

142.250.74.168

200 OK

75 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-176875146-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
75 kB (74651 bytes)
Hash
5cd0e2d309b9f939423cf934acb40ecc
c13a77173ffcb95f3c98bf2d328015f7c8ee6d88
4cbaa62fa3b492881a7fab35cf0e847e16ba9f3193efe42b750e8edcf875cb13

HTTP Headers

GET /gtag/js?id=UA-176875146-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 08:00:04 GMT
expires: Sat, 04 May 2024 08:00:04 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74651
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bahgytui.z28.web.core.windows.net/takashi.mp3

20.60.13.228

206 Partial Content

232 kB

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/takashi.mp3
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
Audio file with ID3 version 2.4.0, contains: - MPEG ADTS, layer III, v2, 48 kbps, 22.05 kHz, Monaural
Size
232 kB (231542 bytes)
Hash
111d7c5ab3c31515e383a9ed1d214a3c
fb2bc54e6ce1d206abf56d423f1d1cc2d4c9f6a6
e3a8cebfbfeeb5d546b3f958b83a0371024436eef276133832ce697be3f81284

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /takashi.mp3 HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Content-Length: 231542
Content-Type: audio/mpeg
Content-Range: bytes 0-231541/231542
Last-Modified: Sat, 04 May 2024 05:09:52 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86E229CB1"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 78a5a2f4-601e-0028-7ff9-9dd37a000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

www.googletagmanager.com/gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c

142.250.74.168

200 OK

90 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
90 kB (89750 bytes)
Hash
75d248c274b08d29f36d8fcfe26acdc9
77d7d6bcdc5ea6f8024597b18a0cffea8e00bc1c
9bebb9466b0eee7a963fc00924086609f255d0a97d128d5419dff859675fa47f

HTTP Headers

GET /gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 08:00:04 GMT
expires: Sat, 04 May 2024 08:00:04 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89750
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

bahgytui.z28.web.core.windows.net/img/supportmicrosoft2.png

20.60.13.228

200 OK

505 kB

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/supportmicrosoft2.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Size
505 kB (505377 bytes)
Hash
407d49fce150772038b651dc3807ce92
866cc35542ea4fb302048ba37365a92a8aedb224
1ff2dc3acf8cc925c20b6d0fd9918d51daf441bfc96bf0ee1db2c254f5b1dab8

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/supportmicrosoft2.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 505377
Content-Type: image/png
Content-MD5: QH1J/OFQdyA4tlHcOAfOkg==
Last-Modified: Sat, 04 May 2024 05:09:53 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86EA370F4"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c694c6d0-901e-003c-74f9-9d9b15000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

bahgytui.z28.web.core.windows.net/favicon.ico

20.60.13.228

404 The requested content does not exist.

9.4 kB

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/favicon.ico
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
9.4 kB (9434 bytes)
Hash
3bde50ee5df5b3ef000b4e161e32697c
3e84dcac9406ccd57ddce7fb57f8ee18a6d2d675
c4e829c43a84b0ff7ac533f6a31abe345392b2f65e70c4abf4a2d24267cfcb5c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Cookie: _ga_9JLZ2BGNP7=GS1.1.1714809605.1.0.1714809605.0.0.0; _ga=GA1.1.1434019344.1714809605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 9434
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: c694c790-901e-003c-22f9-9d9b15000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:04 GMT

www.clarity.ms/tag/i6wbidqrri

13.107.213.53

200 OK

667 B

URL GET HTTP/2
www.clarity.ms/tag/i6wbidqrri
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerDigiCert Inc
Subjectwww.clarity.ms
FingerprintAE:77:25:80:38:B8:E2:8F:C3:B2:EE:B5:0D:9C:7C:30:7E:30:75:2C
ValidityThu, 07 Dec 2023 00:00:00 GMT - Sat, 07 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (667), with no line terminators
Size
667 B (667 bytes)
Hash
1fb06db52df62cb8911ad131c42341c8
72aba8eb6087aa9c886aeaff588febd4b0fc9f0f
2e85a1896323616af16d8db134e2658704e7315b734e77ccd56dfa13e38f9563

HTTP Headers

GET /tag/i6wbidqrri HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:00:05 GMT
content-type: application/x-javascript
content-length: 667
cache-control: no-cache, no-store
expires: -1
set-cookie: CLID=5a44f14f28ea49759567991ac72f9ac5.20240504.20250504; expires=Sun, 04 May 2025 08:00:05 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
x-azure-ref: 20240504T080005Z-er15bb998b7gprm2wbgxb8rz7g00000001q0000000006eg8
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
X-Firefox-Spdy: h2

c.clarity.ms/c.gif

68.219.88.97

302 Found

0 B

URL GET HTTP/2
c.clarity.ms/c.gif
IP
68.219.88.97:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subjectc.msn.com
FingerprintD1:5C:88:F3:E8:11:5E:F3:50:B0:DE:BD:B8:F5:7F:C3:BA:12:BE:EC
ValidityTue, 27 Feb 2024 20:55:40 GMT - Fri, 21 Feb 2025 20:55:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=20B566A61809475789664784351FCAA8&RedC=c.clarity.ms&MXFR=1FD219CC0FA06A752D900DB90BA06406
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=1FD219CC0FA06A752D900DB90BA06406; domain=.clarity.ms; expires=Thu, 29-May-2025 08:00:05 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sat, 04 May 2024 08:00:05 GMT
content-length: 0
X-Firefox-Spdy: h2

c.bing.com/c.gif?ctsa=mr&CtsSyncId=20B566A61809475789664784351FCAA8&RedC=c.clarity.ms&MXFR=1FD219CC0FA06A752D900DB90BA06406

13.107.21.237

302 Found

0 B

URL GET HTTP/2
c.bing.com/c.gif?ctsa=mr&CtsSyncId=20B566A61809475789664784351FCAA8&RedC=c.clarity.ms&MXFR=1FD219CC0FA06A752D900DB90BA06406
IP
13.107.21.237:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58
ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif?ctsa=mr&CtsSyncId=20B566A61809475789664784351FCAA8&RedC=c.clarity.ms&MXFR=1FD219CC0FA06A752D900DB90BA06406 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bahgytui.z28.web.core.windows.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=20B566A61809475789664784351FCAA8&MUID=23D5B96B2C0D65FD187CAD1E2DF864E6
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=23D5B96B2C0D65FD187CAD1E2DF864E6; domain=.bing.com; expires=Thu, 29-May-2025 08:00:05 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.bing.com; expires=Sat, 11-May-2024 08:00:05 GMT; path=/; SameSite=None; Secure;
SRM_B=23D5B96B2C0D65FD187CAD1E2DF864E6; domain=c.bing.com; expires=Thu, 29-May-2025 08:00:05 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2535577859DE41AD84F909D7BB54AE82 Ref B: OSL30EDGE0111 Ref C: 2024-05-04T08:00:05Z
date: Sat, 04 May 2024 08:00:05 GMT
content-length: 0
X-Firefox-Spdy: h2

c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=20B566A61809475789664784351FCAA8&MUID=23D5B96B2C0D65FD187CAD1E2DF864E6

68.219.88.97

200 OK

42 B

URL GET HTTP/2
c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=20B566A61809475789664784351FCAA8&MUID=23D5B96B2C0D65FD187CAD1E2DF864E6
IP
68.219.88.97:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subjectc.msn.com
FingerprintD1:5C:88:F3:E8:11:5E:F3:50:B0:DE:BD:B8:F5:7F:C3:BA:12:BE:EC
ValidityTue, 27 Feb 2024 20:55:40 GMT - Fri, 21 Feb 2025 20:55:40 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

HTTP Headers

GET /c.gif?ctsa=mr&CtsSyncId=20B566A61809475789664784351FCAA8&MUID=23D5B96B2C0D65FD187CAD1E2DF864E6 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bahgytui.z28.web.core.windows.net/
DNT: 1
Connection: keep-alive
Cookie: SM=T; MUID=1FD219CC0FA06A752D900DB90BA06406
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Fri, 01 Mar 2024 22:54:48 GMT
accept-ranges: bytes
etag: "3e26b762b6cda1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=C; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=23D5B96B2C0D65FD187CAD1E2DF864E6; domain=.clarity.ms; expires=Thu, 29-May-2025 08:00:05 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.clarity.ms; expires=Sat, 11-May-2024 08:00:05 GMT; path=/; SameSite=None; Secure;
ANONCHK=0; domain=c.clarity.ms; expires=Sat, 04-May-2024 08:10:05 GMT; path=/; SameSite=None; Secure;
date: Sat, 04 May 2024 08:00:05 GMT
content-length: 42
X-Firefox-Spdy: h2

bahgytui.z28.web.core.windows.net/img/microsoft-bg.png

20.60.13.228

200 OK

200 B

URL GET HTTP/1.1
bahgytui.z28.web.core.windows.net/img/microsoft-bg.png
IP
20.60.13.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint5C:06:4B:CF:AA:07:6C:29:24:62:84:3F:8B:87:6E:61:27:AC:96:EB
ValidityMon, 01 Apr 2024 07:03:23 GMT - Thu, 27 Mar 2025 07:03:23 GMT

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
Size
200 B (200 bytes)
Hash
36ab0d6aef47162ecbc940362b8ec85a
360769d836fe40560d961d13ee24d4a39db098ab
9f8994aa205cd008cbc2b9abac9d2c84d3e3635bb26e304e7221ead9cdad315d

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /img/microsoft-bg.png HTTP/1.1
Host: bahgytui.z28.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/css/style.css
Cookie: _ga_9JLZ2BGNP7=GS1.1.1714809605.1.0.1714809605.0.0.0; _ga=GA1.1.1434019344.1714809605; _clck=10qvm56%7C2%7Cflh%7C0%7C1585
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 200
Content-Type: image/png
Content-MD5: NqsNau9HFi7LyUA2K47IWg==
Last-Modified: Sat, 04 May 2024 05:09:52 GMT
Accept-Ranges: bytes
ETag: "0x8DC6BF86E57A1F2"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c694c9c3-901e-003c-12f9-9d9b15000000
x-ms-version: 2018-03-28
Date: Sat, 04 May 2024 08:00:05 GMT

y.clarity.ms/collect

104.211.35.148

204 No Content

0 B

URL POST HTTP/1.1
y.clarity.ms/collect
IP
104.211.35.148:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subjecta.clarity.ms
FingerprintFA:A0:06:96:CF:68:F2:24:36:2B:8B:BF:D1:E0:5A:17:AC:96:CD:11
ValiditySun, 14 Jan 2024 10:23:37 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12363
Origin: https://bahgytui.z28.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 08:00:05 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://bahgytui.z28.web.core.windows.net
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bahgytui.z28.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:38:02 GMT
expires: Fri, 02 May 2025 02:38:02 GMT
cache-control: public, max-age=31536000
age: 192124
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bahgytui.z28.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:38:02 GMT
expires: Fri, 02 May 2025 02:38:02 GMT
cache-control: public, max-age=31536000
age: 192124
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

y.clarity.ms/collect

104.211.35.148

204 No Content

0 B

URL POST HTTP/1.1
y.clarity.ms/collect
IP
104.211.35.148:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subjecta.clarity.ms
FingerprintFA:A0:06:96:CF:68:F2:24:36:2B:8B:BF:D1:E0:5A:17:AC:96:CD:11
ValiditySun, 14 Jan 2024 10:23:37 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 425
Origin: https://bahgytui.z28.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Cookie: MUID=23D5B96B2C0D65FD187CAD1E2DF864E6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 08:00:06 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://bahgytui.z28.web.core.windows.net
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

y.clarity.ms/collect

104.211.35.148

204 No Content

0 B

URL POST HTTP/1.1
y.clarity.ms/collect
IP
104.211.35.148:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subjecta.clarity.ms
FingerprintFA:A0:06:96:CF:68:F2:24:36:2B:8B:BF:D1:E0:5A:17:AC:96:CD:11
ValiditySun, 14 Jan 2024 10:23:37 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 444
Origin: https://bahgytui.z28.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Cookie: MUID=23D5B96B2C0D65FD187CAD1E2DF864E6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 08:00:09 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://bahgytui.z28.web.core.windows.net
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

fonts.googleapis.com/css2?family=Montserrat:wght@600;700&display=swap

142.250.74.138

200 OK

3.7 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@600;700&display=swap
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (3750), with no line terminators
Size
3.7 kB (3660 bytes)
Hash
27d380c6f6ae812130dd3b558b2159c2
2091ac73c0a96dee712bab5bce983cee528cd91b
c406d5badd61b281c6681a798364594a2e1653eeb3f7b2f198f85b7b0fe83c8f

HTTP Headers

GET /css2?family=Montserrat:wght@600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 08:00:04 GMT
date: Sat, 04 May 2024 08:00:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.clarity.ms/s/0.7.32/clarity.js

13.107.213.53

200 OK

62 kB

URL GET HTTP/2
www.clarity.ms/s/0.7.32/clarity.js
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bahgytui.z28.web.core.windows.net/
Certificate
IssuerDigiCert Inc
Subjectwww.clarity.ms
FingerprintAE:77:25:80:38:B8:E2:8F:C3:B2:EE:B5:0D:9C:7C:30:7E:30:75:2C
ValidityThu, 07 Dec 2023 00:00:00 GMT - Sat, 07 Dec 2024 23:59:59 GMT

File type

Size
62 kB (62397 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s/0.7.32/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bahgytui.z28.web.core.windows.net/
Cookie: CLID=5a44f14f28ea49759567991ac72f9ac5.20240504.20250504
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:00:05 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 01 May 2024 11:24:58 GMT
etag: W/"0x8DC69D155BAD85E"
x-ms-request-id: d23f8469-801e-0015-7fcf-9c3968000000
x-ms-version: 2018-03-28
access-control-allow-origin: *
x-azure-ref: 20240504T080005Z-er15bb998b7gprm2wbgxb8rz7g00000001q0000000006egc
cache-control: public, max-age=86400
x-fd-int-roxy-purgeid: 51562430
x-cache: TCP_HIT
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL