eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
20.150.125.196200 OK 23 kB URL User Request GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (604)
Hash 36c44cb1bb045efb5bfd59c5c6e81af8
c032c9b570bc6673d63a43bc08b4084869e0bc20
ef5668dd2847185f07e71993125f5a3e90eafc9e994798c895fc1a746b3f9def
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/?bcda=+1-855-234-0167 HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 22662
Content-Type: text/html
Content-MD5: NsRMsbsEXvtb/VnFxuga+A==
Last-Modified: Mon, 15 Apr 2024 15:31:56 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D612F22726F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 77193cbb-f01e-0032-1a89-90a4d3000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:26 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/css/styles.css
20.150.125.196200 OK 9.0 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/css/styles.css
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type assembler source, ASCII text, with very long lines (1266)
Hash 6ef2560453a7b6bff8ea7ec4265a9816
1ed7044a0579bb751b10ba7353a36e9d208c659e
a072681ff11d60e33eb625e1d75e828542f80c9362d905c3eb9626063e27b4cc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/css/styles.css HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 8998
Content-Type: text/css
Content-MD5: bvJWBFOntr/46n7EJlqYFg==
Last-Modified: Mon, 15 Apr 2024 15:31:57 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D612F8E28A2"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 77193d25-f01e-0032-7c89-90a4d3000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/js/jquery.min.js
20.150.125.196200 OK 85 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/js/jquery.min.js
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type JavaScript source, ASCII text, with very long lines (32478)
Hash 20c129bedb4a26db02fc0f54d026c3f5
093b9d2728788de24a728742070a348b2848573f
436ecc90fab5ed1034b68a4a0e924e0132d93d9e7fb59b4fe23018eb7d9242c1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/jquery.min.js HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 84817
Content-Type: text/javascript
Content-MD5: IMEpvttKJtsC/A9U0CbD9Q==
Last-Modified: Mon, 15 Apr 2024 15:32:07 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6135E8C45F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 77193d31-f01e-0032-0789-90a4d3000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/js/main.js
20.150.125.196200 OK 1.4 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/js/main.js
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash da6aacc1ca8eaa4902d9fee5c9c984b7
a06f41817583ce6182dd7121460c0bd16ea8b088
989120d05b8f3d703fd6e63b49b94845d7e038d536dd27723619e1f00623683f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/main.js HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1358
Content-Type: text/javascript
Content-MD5: 2mqswcqOqkkC2f7lycmEtw==
Last-Modified: Mon, 15 Apr 2024 15:32:07 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6135C38BF9"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaf62123-a01e-0000-6e89-90a4a4000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/js/scripts.js
20.150.125.196200 OK 464 B URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/js/scripts.js
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type JavaScript source, ASCII text
Hash 2856b9008b89d67be19d586e43ae8521
d47ac3f1328fb58b19584d77d2e3acc93663fb10
19e9aaa12f8478366b3707ff49b0e3cfc4818f9343b48f5d43890c943d1b1a3d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/scripts.js HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 464
Content-Type: text/javascript
Content-MD5: KFa5AIuJ1nvhnVhuQ66FIQ==
Last-Modified: Mon, 15 Apr 2024 15:32:07 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6135CDE09B"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 041aeabb-d01e-000a-5f89-900013000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
20.150.125.196200 OK 27 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type ASCII text, with very long lines (27265)
Hash fd1609eb97e739683acf23120fd6f6c9
19b2e83fe8df09b85e74835c398aefee816bdfcb
ce26d1b76dae2f3b5d0ccc8d0ecd88d2edb411101b8a4c5edc4d9aa7008c9b04
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/css/font-awesome.min.css HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 27428
Content-Type: text/css
Content-MD5: /RYJ65fnOWg6zyMSD9b2yQ==
Last-Modified: Mon, 15 Apr 2024 15:31:57 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D612FADC207"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b28adc6c-b01e-0033-0289-90fb0f000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/kxFy-clip.png
20.150.125.196200 OK 542 B URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/kxFy-clip.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 66 x 68, 8-bit colormap, non-interlaced
Hash 0e9558d2d6e8000ce5c6c749c8fc67c2
f7ba9490807ef70bb6195150d6287cd54b7fefd0
91fb42a68a122344fd78cfd5f0cf9d06ff6d307fd4a5c68f40231c5950ece9a1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/kxFy-clip.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 542
Content-Type: image/png
Content-MD5: DpVY0tboAAzlxsdJyPxnwg==
Last-Modified: Mon, 15 Apr 2024 15:32:05 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6134812C21"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaf62130-a01e-0000-7a89-90a4a4000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/uZbx-si.png
20.150.125.196200 OK 5.4 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/uZbx-si.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
Hash 51147eb9734c3c0caf22aa77a80d96f0
dc33807cd0c0c35bb98d8e23efe2d625137a43f5
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/uZbx-si.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 5377
Content-Type: image/png
Content-MD5: URR+uXNMPAyvIqp3qA2W8A==
Last-Modified: Mon, 15 Apr 2024 15:32:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D61356DDD1D"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b28adc7f-b01e-0033-1389-90fb0f000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/qsbs-firewall.png
20.150.125.196200 OK 920 B URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/qsbs-firewall.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 77 x 63, 8-bit colormap, non-interlaced
Hash b0495ede4c875843fec037c794e9ff9a
c813aefba255a5cc53aea7811f987ccb551c3128
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/qsbs-firewall.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 920
Content-Type: image/png
Content-MD5: sEle3kyHWEP+wDfHlOn/mg==
Last-Modified: Mon, 15 Apr 2024 15:32:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6135236C43"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 77193d51-f01e-0032-2589-90a4d3000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/s-S4-acc.png
20.150.125.196200 OK 813 B URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/s-S4-acc.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 77 x 72, 8-bit colormap, non-interlaced
Hash d648c1837d01495eccd63e053491f72a
991d8f6c72777239472410d6129fd5f25ed9d134
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/s-S4-acc.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 813
Content-Type: image/png
Content-MD5: 1kjBg30BSV7M1j4FNJH3Kg==
Last-Modified: Mon, 15 Apr 2024 15:32:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D613569277D"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 65755be9-201e-001e-1589-90487c000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/js/bootstrap.min.js
20.150.125.196200 OK 60 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/js/bootstrap.min.js
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type JavaScript source, ASCII text, with very long lines (59765)
Hash 02d223393e00c273efdcb1ade8f4f8b1
0cc93b8421d89c24a889642428b363cb831de78a
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/js/bootstrap.min.js HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 60044
Content-Type: text/javascript
Content-MD5: AtIjOT4AwnPv3LGt6PT4sQ==
Last-Modified: Mon, 15 Apr 2024 15:32:07 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6135B1EC8F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 134d9961-501e-0014-4289-90eccb000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/Z5BR-network.png
20.150.125.196200 OK 607 B URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/Z5BR-network.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 63 x 70, 8-bit colormap, non-interlaced
Hash 2cd03a547f00cad010f9038619df45de
912f919836a77a514c76b990aceaf5e930a24024
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/Z5BR-network.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 607
Content-Type: image/png
Content-MD5: LNA6VH8AytAQ+QOGGd9F3g==
Last-Modified: Mon, 15 Apr 2024 15:32:07 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D61357F55A4"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaf62134-a01e-0000-7e89-90a4a4000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/re.gif
20.150.125.196200 OK 15 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/re.gif
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type GIF image data, version 89a, 193 x 71
Hash 6fcb78e0cd7933a70eea2cf071f82118
70364bffd62fe33360abe70ecc7f7c0541b3b54c
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/re.gif HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 14751
Content-Type: image/gif
Content-MD5: b8t44M15M6cO6izwcfghGA==
Last-Modified: Mon, 15 Apr 2024 15:32:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D61353E76F7"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b28adc8c-b01e-0033-2089-90fb0f000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/microsoft.png
20.150.125.196200 OK 1.0 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/microsoft.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/microsoft.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1045
Content-Type: image/png
Content-MD5: vytGBZD7udjpYRpukAa4Fg==
Last-Modified: Mon, 15 Apr 2024 15:32:05 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6134CC3885"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 77193d5c-f01e-0032-3089-90a4d3000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/nOxp-sett.png
20.150.125.196200 OK 463 B URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/nOxp-sett.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 33 x 31, 8-bit colormap, non-interlaced
Hash 905d91c276116928fa306ea732723fa9
092604f6a8786e46a7dee06065d29d2896fcf568
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/nOxp-sett.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 463
Content-Type: image/png
Content-MD5: kF2RwnYRaSj6MG6nMnI/qQ==
Last-Modified: Mon, 15 Apr 2024 15:32:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6134EB842A"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 65755bf5-201e-001e-1f89-90487c000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/-EBq-current.png
20.150.125.196200 OK 1.2 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/-EBq-current.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 27 x 28, 8-bit colormap, non-interlaced
Hash 35629cc2adc804353a548305f1217206
cda6e89c5f6a644683aea6999a5d11e00dc64275
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/-EBq-current.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1162
Content-Type: image/png
Content-MD5: NWKcwq3IBDU6VIMF8SFyBg==
Last-Modified: Mon, 15 Apr 2024 15:32:02 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6132D929C9"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 134d9976-501e-0014-5389-90eccb000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
ocsp.usertrust.com/
104.18.38.233 472 B IP 104.18.38.233:0
Hash 5b88503e6e0d4f513bd8f467bdfe0acf
691589292100ab4b10534fcc9168d5aab8624686
a67ba10978f54887df41378614fa0858bb372df3287c1651e8368853f8bfdaaa
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 05:41:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 16 Apr 2024 17:27:49 GMT
Expires: Tue, 23 Apr 2024 17:27:48 GMT
Etag: "691589292100ab4b10534fcc9168d5aab8624686"
Cache-Control: max-age=604180,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 136
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 875a161228c592aa-CPH
eex2.z1.web.core.windows.net/werrx01USAHTML/images/minimize.jpg
20.150.125.196200 OK 17 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/minimize.jpg
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
Hash 4bf52eb9b3efce840add1a90d83a40e5
6348a7617dfce3165e07af53a48df7892d62ffe1
a85f1e749a829c5c909837844c6b53ce0a9ae2adb7c8eac0e7b96c372c679a0d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/minimize.jpg HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 17173
Content-Type: image/jpeg
Content-MD5: S/UuubPvzoQK3RqQ2DpA5Q==
Last-Modified: Mon, 15 Apr 2024 15:32:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D61354DF5F3"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaf62138-a01e-0000-0289-90a4a4000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
m03lm.rdtk.io/postback?format=img&sum={replace}
85.17.54.67400 Bad Request 73 B URL GET HTTP/1.1 m03lm.rdtk.io/postback?format=img&sum={replace}
IP 85.17.54.67:443
ASN #60781 LeaseWeb Netherlands B.V.
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerGoGetSSL
Subject*.rdtk.io
Fingerprint3F:B8:3B:F6:C3:51:99:DC:0C:C4:BD:84:8C:14:9D:BA:06:6F:F8:9F
ValidityWed, 19 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT
Hash 6742622fd8c56312fdeefb1afae72019
f060d7d23c7fbc50993bbf1d4980c0908acfa3e8
68399ccccc0b28cf635b2065f20e239ddbb33cc3a2e755879259e0ab23765795
GET /postback?format=img&sum={replace} HTTP/1.1
Host: m03lm.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 400 Bad Request
Server: nginx/1.20.2
Date: Wed, 17 Apr 2024 05:41:28 GMT
Content-Type: application/json
Content-Length: 73
Connection: keep-alive
eex2.z1.web.core.windows.net/werrx01USAHTML/images/cross.png
20.150.125.196200 OK 386 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/cross.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
Size 386 kB (386359 bytes)
Hash be42ad7752720327d28bf52dbdbb64c2
f4cce31b9236319aa9c87fee038638d1de12c07d
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/cross.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 386359
Content-Type: image/png
Content-MD5: vkKtd1JyAyfSi/Utvbtkwg==
Last-Modified: Mon, 15 Apr 2024 15:32:06 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D613519DA24"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 041aeada-d01e-000a-7b89-900013000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/bg1.jpg
20.150.125.196200 OK 463 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/bg1.jpg
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Size 463 kB (462770 bytes)
Hash ab996ed3b126f2b5f0c1f214b96afe7a
77223f12976d20e06058fe40040e261bd5688f39
4eaf7b7f53ea1a27a22bae168f560d9dc78dc2e2185162be9ee4db59e1e1065a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/bg1.jpg HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 462770
Content-Type: image/jpeg
Content-MD5: q5lu07Em8rXwwfIUuWr+eg==
Last-Modified: Mon, 15 Apr 2024 15:32:05 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D61345B0A52"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 77193d68-f01e-0032-3c89-90a4d3000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
www.googletagmanager.com/gtag/js?id=UA-xxx-x
142.250.147.97200 OK 69 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-xxx-x
IP 142.250.147.97:443
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File type JavaScript source, ASCII text, with very long lines (2165)
Hash 12d6db5ce481136f408cf705f5c3cfaa
0bbd76ce480025b592fca5c47bd630eecc2cf03a
96acb9c3b8dc18e41299576330fad514b4e486e6282f0843e1e05c4b114c70fb
GET /gtag/js?id=UA-xxx-x HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 17 Apr 2024 05:41:28 GMT
expires: Wed, 17 Apr 2024 05:41:28 GMT
cache-control: private, max-age=900
last-modified: Wed, 17 Apr 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68759
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
eex2.z1.web.core.windows.net/werrx01USAHTML/images/bg2.jpg
20.150.125.196200 OK 463 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/bg2.jpg
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Size 463 kB (462770 bytes)
Hash ab996ed3b126f2b5f0c1f214b96afe7a
77223f12976d20e06058fe40040e261bd5688f39
4eaf7b7f53ea1a27a22bae168f560d9dc78dc2e2185162be9ee4db59e1e1065a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/bg2.jpg HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 462770
Content-Type: image/jpeg
Content-MD5: q5lu07Em8rXwwfIUuWr+eg==
Last-Modified: Mon, 15 Apr 2024 15:32:05 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D613482FEC8"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b28adc97-b01e-0033-2a89-90fb0f000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:28 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/media/_Fm7-alert.mp3
20.150.125.196206 Partial Content 201 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/media/_Fm7-alert.mp3
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type Audio file with ID3 version 2.3.0, contains:
- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural
Size 201 kB (200832 bytes)
Hash 0116152611dd51432e852781f8cc7e82
2408d3d281b25649894f78a4e19f7f8a8ac735f9
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/media/_Fm7-alert.mp3 HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Length: 200832
Content-Type: audio/mpeg
Content-Range: bytes 0-200831/200832
Last-Modified: Mon, 15 Apr 2024 15:32:09 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6136EF96C5"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 77193daf-f01e-0032-7e89-90a4d3000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
20.150.125.196200 OK 22 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type Web Open Font Format (Version 2), TrueType, length 21716, version 1.0
Hash d4ff90db5da894c833f356f47a16e408
30606044507d81b996c992895ab16b8a8d68be97
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2 HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Cookie: PHPREFS=full
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 21716
Content-Type: application/octet-stream
Content-MD5: 1P+Q212olMgz81b0ehbkCA==
Last-Modified: Mon, 15 Apr 2024 15:31:58 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6130213794"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aaf6215d-a01e-0000-2589-90a4a4000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/media/speech.mp3
20.150.125.196416 The range specified is invalid for the current size of the resource. 340 B URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/media/speech.mp3
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type HTML document, ASCII text, with very long lines (340), with no line terminators
Hash 49cf858e4d74548a2f72be100f0fd6de
2ba5a3c7e42d094e409efe51e5784908b7873aa3
ccf44cd1026f8c4bfd7547fe4edbdfd7f519f1fc1ab8650d5a22730e8f2bda5d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/media/speech.mp3 HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 416 The range specified is invalid for the current size of the resource.
Content-Length: 340
Content-Type: text/html
Content-Range: bytes */0
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: InvalidRange
x-ms-request-id: 041aeb5d-d01e-000a-7689-900013000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:28 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/_Fm7-alert.mp3
20.150.125.196404 The requested content does not exist. 321 B URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/_Fm7-alert.mp3
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type HTML document, ASCII text, with very long lines (321), with no line terminators
Hash 0a6607e25c22052e9118813d682083cd
ecd307bfe1bdb33df423f9ce6b8e7cfcde2a9573
47b3a98685fd85a2126ba30460b85dc58f70fb7379d620ba31f773fb6f2be1ca
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/_Fm7-alert.mp3 HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: 134d99c4-501e-0014-1889-90eccb000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:27 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/images/microsoft.png
20.150.125.196200 OK 1.0 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/images/microsoft.png
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/images/microsoft.png HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Cookie: PHPREFS=full
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1045
Content-Type: image/png
Content-MD5: vytGBZD7udjpYRpukAa4Fg==
Last-Modified: Mon, 15 Apr 2024 15:32:05 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6134CC3885"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b28add4f-b01e-0033-5189-90fb0f000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:28 GMT
eex2.z1.web.core.windows.net/werrx01USAHTML/fonts/fontawesome-webfont.woff2
20.150.125.196200 OK 67 kB URL GET HTTP/1.1 eex2.z1.web.core.windows.net/werrx01USAHTML/fonts/fontawesome-webfont.woff2
IP 20.150.125.196:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:49:17:12:CC:43:8C:73:1E:EC:79:C6:E4:AB:3B:01:2D:22:3C:71
ValidityMon, 01 Apr 2024 11:54:11 GMT - Thu, 27 Mar 2025 11:54:11 GMT
File type Web Open Font Format (Version 2), TrueType, length 66624, version 4.262
Hash db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /werrx01USAHTML/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: eex2.z1.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
Cookie: PHPREFS=full
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 66624
Content-Type: application/octet-stream
Content-MD5: 24EtinCk6I6Ih0TByaJ+iQ==
Last-Modified: Mon, 15 Apr 2024 15:31:59 GMT
Accept-Ranges: bytes
ETag: "0x8DC5D6131390DD0"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 77193ebc-f01e-0032-7489-90a4d3000000
x-ms-version: 2018-03-28
Date: Wed, 17 Apr 2024 05:41:28 GMT
userstatics.com/get/script.js?referrer=https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
172.67.208.186 800 B URL GET userstatics.com/get/script.js?referrer=https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
IP 172.67.208.186:0
Requested by https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167
Certificate IssuerLet's Encrypt
Subjectuserstatics.com
FingerprintAB:62:24:6D:5D:BB:D9:D8:00:B7:CB:47:DD:7C:74:69:C8:48:16:49
ValidityThu, 28 Mar 2024 13:34:23 GMT - Wed, 26 Jun 2024 13:34:22 GMT
File type ASCII text, with no line terminators
Hash fea7fbf2c619fd4b7716fcaa64070c6c
f192732937981a26f526b7c1293a2ae13bc59a22
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26
GET /get/script.js?referrer=https://eex2.z1.web.core.windows.net/werrx01USAHTML/?bcda=+1-855-234-0167 HTTP/1.1
Host: userstatics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eex2.z1.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:41:29 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.1
access-control-allow-origin: https://eex2.z1.web.core.windows.net
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gw7mbcVnIXK%2Fuadbm%2F%2B%2BZsY%2B9KihUqGw6TSelWGRZpNkdizfdMMpo7FCJe2Pm%2BfvnzQZVL4Onv9qEroaYSe9hSVvPae4aI5H63khPbTqTUfzby3b62lQAG8z03WRUa6Z2tM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875a1619c93692ac-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
35.244.181.201 444 B URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP 35.244.181.201:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type XML 1.0 document, ASCII text, with very long lines (332)
Hash 3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=tGSR4ulCIu_CIc7bXCRpbe0TX23mFxOxvC6LrfDP3Y2Ibt-Q8KB1YrZ2HvbaztN2_MenCNPtgge92BX1jNgnCkGY4FvBjCkVTUWuUojvJT9772HJSFAXFWJl_7MEvT3R
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Wed, 17 Apr 2024 05:40:46 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 60
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2