Report - bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE

Report Overview

Submitted URL
bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
IP
20.60.248.68
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-05-10 04:46:17
Access
public
Website Title
ウィンドウズエラーポップアップ
Final URL
bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Tags
fake_software scam
urlquery detections
Scam - Fake AntiVirus / Security software

Detections

urlquery
23
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	1.1 kB	68 kB	216.58.207.227
www.clarity.ms	1404	2017-04-03	2018-08-22	2024-05-09	920 B	64 kB	13.107.213.53
q.clarity.ms	unknown	2017-04-03	2023-02-13	2024-05-09	1.7 kB	942 B	20.231.53.73
c.clarity.ms	803	2017-04-03	2021-02-04	2024-05-09	1.0 kB	1.5 kB	68.219.88.97
bhftrrrrere.z11.web.core.windows.net	unknown	unknown	No data	No data	9.3 kB	741 kB	20.60.248.68
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-09	919 B	167 kB	142.250.74.72
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	480 B	4.3 kB	142.250.74.106
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-09	451 B	31 kB	142.250.74.170
c.bing.com	247	1996-01-29	2012-05-22	2024-05-09	539 B	1.1 kB	204.79.197.237

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]	309 B	2024-05-10	2024-05-10
Pretty URL bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID] IP 20.60.248.68 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 06:46:24 Last Seen2024-05-10 06:46:24 Times Seen1 Hash 773b23088577f6e81842b61b9166a634 3f215ab128d126900e3e11551ba51d735f06b355 7e708bf048a4024cba0bfc495e3e3de1d6a9d3a89bc1b551350097477072b64d Loading...

	www.googletagmanager.com/gtag/js?id=UA-176875146-1	208 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=UA-176875146-1 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 06:46:24 Last Seen2024-05-10 06:46:24 Times Seen2 Hash 93ced5682c28e7d40e779f9f6ce93760 5bda9a8489d6f6b72ce296b95bcb74e9bdf31c0d f9c3a1f6dd5e60899d656f8abb612cc7fa8ab7d41e8a10c348a2e2924535c0bd Loading...

	bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]	909 B	2024-05-10	2024-05-10
Pretty URL bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID] IP 20.60.248.68 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 06:46:24 Last Seen2024-05-10 06:46:24 Times Seen1 Hash d8bc0eddcd627801b3ec4779565fc8bc fc404f1a5a2ca341e3120b58435ff5ca87dfcc7b e16715718bfc0f9876924c63f49a2971b2ef89f9e9b72eb2ff2eb54a58305c03 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	84 kB	2023-03-07	2024-05-20
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-20 19:07:07 Times Seen14291 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]	1.2 kB	2024-05-10	2024-05-10
Pretty URL bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID] IP 20.60.248.68 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 06:46:24 Last Seen2024-05-10 06:46:24 Times Seen1 Hash b5669ed41931579016f486827e2c8b47 5091a9eb928ce3111e209050fb1829f0e0823ce5 b10d9f2749b485e896dca41632ac44164539b8dc4ddad6e597bfe12fd17d72e5 Loading...

	www.clarity.ms/tag/i6wbidqrri	667 B	2024-05-10	2024-05-10
Pretty URL www.clarity.ms/tag/i6wbidqrri IP 13.107.213.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 06:46:24 Last Seen2024-05-10 06:46:25 Times Seen2 Hash 98d272b4672093a987ec0ab07eca9717 595c1a8f5d0d77722f8ad801d4f42697e367979a efa06e3db6705b868b76fc80410a7fc3b8a2cc88227c8e8ec2475c2e15097ce9 Loading...

	unknown	11 B	2023-08-13	2024-05-10
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-08-13 07:22:44 Last Seen2024-05-10 06:46:24 Times Seen80 Hash 529c730c8c6b8980154402f7c157ba13 05d83d52400e98cfb0c70de312d89c3b7c0125f2 66fe8a578135ac1bd3ad407af310b31b157e76e5a1b9c8fd4f9bc47b1928a73c Loading...

	bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]	0 B	2023-03-07	2024-05-20
Pretty URL bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID] IP 20.60.248.68 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 19:13:12 Times Seen37888396 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-20
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 19:03:20 Times Seen350794 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c	257 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 06:46:24 Last Seen2024-05-10 06:46:24 Times Seen2 Hash 492c75e4022458234352e7a4b197b998 3318cbe6062d1e04b9aa1da17471061b206b476a ce3fcaf5acf41cccc039979c93ec7db02c82b0823e0d75cacecae1284dd1dea4 Loading...

	www.clarity.ms/s/0.7.32/clarity.js	62 kB	2024-05-04	2024-05-11
Pretty URL www.clarity.ms/s/0.7.32/clarity.js IP 13.107.213.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 09:49:37 Last Seen2024-05-11 22:08:31 Times Seen6 Hash b31e76d22da4399db4b8c8eccd35dc2b b36d4554849d3f05df0363366be9133d35eaca98 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e Loading...

	bhftrrrrere.z11.web.core.windows.net/sandbox%20eval%20code	147 B	2023-04-11	2024-05-20
Pretty URL bhftrrrrere.z11.web.core.windows.net/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 19:03:20 Times Seen351309 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

HTTP Transactions (31)

URL IP Response Size

bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]

20.60.248.68

200 OK

14 kB

URL User Request GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
14 kB (14042 bytes)
Hash
b4ffdd1607fdff4953287bdfe31d5a49
d70d263c6de5054b3f030c1a60fabbc6c3872c37
c0f96ab7aeaf4e6b22150fd1ab16dee23f8209e3fa30b0c3109fca095a53711d

HTTP Headers

GET /?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID] HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 14042
Content-Type: text/html
Content-MD5: tP/dFgf9/0lTKHvf4x1aSQ==
Last-Modified: Fri, 10 May 2024 03:44:55 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38EB8CF98"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4a439b37-701e-00b5-6094-a26b1e000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:51 GMT

ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

142.250.74.170

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (32061)
Size
30 kB (29671 bytes)
Hash
e40ec2161fe7993196f23c8a07346306
afb90752e0a90c24b7f724faca86c5f3d15d1178
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

HTTP Headers

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 23:24:50 GMT
expires: Fri, 09 May 2025 23:24:50 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 19262
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bhftrrrrere.z11.web.core.windows.net/styles/style-browser-reset.css

20.60.248.68

200 OK

7.0 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/styles/style-browser-reset.css
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
ASCII text
Size
7.0 kB (6958 bytes)
Hash
6e6f1a0825d8e991c9425026368b5dfc
1c4098af50ba750231d8eaf563aa9550e9500690
6958062d752bd84b03a4389d5caccd7765ba55ecaaf5fff5208c1707931728dc

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /styles/style-browser-reset.css HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 6958
Content-Type: text/css
Content-MD5: bm8aCCXY6ZHJQlAmNotd/A==
Last-Modified: Fri, 10 May 2024 03:44:58 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A390A785D9"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4a439cf6-701e-00b5-6b94-a26b1e000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:51 GMT

www.googletagmanager.com/gtag/js?id=UA-176875146-1

142.250.74.72

200 OK

75 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-176875146-1
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
75 kB (74856 bytes)
Hash
93ced5682c28e7d40e779f9f6ce93760
5bda9a8489d6f6b72ce296b95bcb74e9bdf31c0d
f9c3a1f6dd5e60899d656f8abb612cc7fa8ab7d41e8a10c348a2e2924535c0bd

HTTP Headers

GET /gtag/js?id=UA-176875146-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 04:45:52 GMT
expires: Fri, 10 May 2024 04:45:52 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74856
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bhftrrrrere.z11.web.core.windows.net/styles/ss.css

20.60.248.68

200 OK

23 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/styles/ss.css
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
ASCII text, with very long lines (10746)
Size
23 kB (22900 bytes)
Hash
b8d6c24aeae1c725fa315493f8285d4f
e273cf0177edb070812b963acfb84315dab882da
ef6cbf8944fc1b8d265839051dfe511a249f95ca1bffdb1624c8f3df6201a6c5

HTTP Headers

GET /styles/ss.css HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 22900
Content-Type: text/css
Content-MD5: uNbCSurhxyX6MVST+ChdTw==
Last-Modified: Fri, 10 May 2024 03:44:58 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A39057C3D5"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fe8fcad8-501e-0079-6594-a20428000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:51 GMT

www.googletagmanager.com/gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c

142.250.74.72

200 OK

90 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
90 kB (90479 bytes)
Hash
492c75e4022458234352e7a4b197b998
3318cbe6062d1e04b9aa1da17471061b206b476a
ce3fcaf5acf41cccc039979c93ec7db02c82b0823e0d75cacecae1284dd1dea4

HTTP Headers

GET /gtag/js?id=G-9JLZ2BGNP7&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 04:45:53 GMT
expires: Fri, 10 May 2024 04:45:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90479
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bhftrrrrere.z11.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:38:02 GMT
expires: Fri, 09 May 2025 02:38:02 GMT
cache-control: public, max-age=31536000
age: 94071
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bhftrrrrere.z11.web.core.windows.net/images/image5.png

20.60.248.68

200 OK

465 B

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/image5.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
PNG image data, 74 x 74, 8-bit/color RGBA, non-interlaced
Size
465 B (465 bytes)
Hash
589b99962054369d67ea1d275036c643
09cd975587a064b882e39bbd9f40eb6b46bb23ff
e4d3fcff9172df28321591ccdad3d9ee643df0719e38300f35576ef45760e474

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/image5.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 465
Content-Type: image/png
Content-MD5: WJuZliBUNp1n6h0nUDbGQw==
Last-Modified: Fri, 10 May 2024 03:44:57 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38F9AF827"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4a439e86-701e-00b5-5f94-a26b1e000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:52 GMT

bhftrrrrere.z11.web.core.windows.net/images/image7.svg

20.60.248.68

200 OK

153 B

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/image7.svg
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
SVG Scalable Vector Graphics image
Size
153 B (153 bytes)
Hash
f98aab4e2a400b8b99ede8d0084336bc
e95f5d0ab17a53519b248c9fececd314960604cd
9edaa2b6e53ac5e608b77f5622b1bad2529cee19906688138799e17adc3d0c87

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/image7.svg HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 153
Content-Type: image/svg+xml
Content-MD5: +YqrTipAC4uZ7ejQCEM2vA==
Last-Modified: Fri, 10 May 2024 03:44:56 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38F4A4BE7"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fe8fcbf5-501e-0079-7194-a20428000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:51 GMT

bhftrrrrere.z11.web.core.windows.net/images/image1.png

20.60.248.68

200 OK

204 B

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/image1.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
204 B (204 bytes)
Hash
e40d1b1cb551eb3aa439e3aa58684506
360fd35b4a6a2a41220fb3a886d77f9ef416ee58
5e7a2650a477495975f4582dd7fda915eddc6636c280c814b3c340eac9e7991e

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/image1.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 204
Content-Type: image/png
Content-MD5: 5A0bHLVR6zqkOeOqWGhFBg==
Last-Modified: Fri, 10 May 2024 03:44:57 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38FB7559D"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 57b97426-801e-00a1-4294-a22371000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:53 GMT

bhftrrrrere.z11.web.core.windows.net/images/image3.png

20.60.248.68

200 OK

1.3 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/image3.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
PNG image data, 132 x 105, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1324 bytes)
Hash
8544bdb08aeab60824f3274e1b23d72c
a954a9b151155df801eba5eea1f6cb20b349e8c4
9887fc4cc99951ee5242c8138ac47b175a793819af078f20364603d839be556c

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/image3.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 1324
Content-Type: image/png
Content-MD5: hUS9sIrqtggk8ydOGyPXLA==
Last-Modified: Fri, 10 May 2024 03:44:57 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38FF9AC15"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 28b2792d-601e-0000-6794-a2f80c000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:52 GMT

bhftrrrrere.z11.web.core.windows.net/images/image4.png

20.60.248.68

200 OK

3.5 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/image4.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
PNG image data, 117 x 25, 8-bit/color RGBA, non-interlaced
Size
3.5 kB (3526 bytes)
Hash
9b1f21dd040a850687d989f804c982cb
fc1697a3622ca7ebe68d15e3e59b1e5b693e2f35
148394202d5a332a7813d94e3911853e3ba70ea18cd4391d3e188ee8b60ba02e

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/image4.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 3526
Content-Type: image/png
Content-MD5: mx8h3QQKhQaH2Yn4BMmCyw==
Last-Modified: Fri, 10 May 2024 03:44:56 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38F6DFB5C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 28b2792c-601e-0000-6694-a2f80c000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:52 GMT

bhftrrrrere.z11.web.core.windows.net/images/np.webp

20.60.248.68

200 OK

15 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/np.webp
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
RIFF (little-endian) data, Web/P image
Size
15 kB (14894 bytes)
Hash
1e021d2990a421939a476c93ee260737
70f918df08bcd95398ba86c498d7674369556d98
7decd8479058e70116d086114eb4de025975adb3aa8bb0628866b815380b37da

HTTP Headers

GET /images/np.webp HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 14894
Content-Type: image/webp
Content-MD5: HgIdKZCkIZOaR2yT7iYHNw==
Last-Modified: Fri, 10 May 2024 03:44:56 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38F256433"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fe8fcc16-501e-0079-0f94-a20428000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:52 GMT

www.clarity.ms/tag/i6wbidqrri

13.107.213.53

200 OK

667 B

URL GET HTTP/2
www.clarity.ms/tag/i6wbidqrri
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerDigiCert Inc
Subjectwww.clarity.ms
FingerprintAE:77:25:80:38:B8:E2:8F:C3:B2:EE:B5:0D:9C:7C:30:7E:30:75:2C
ValidityThu, 07 Dec 2023 00:00:00 GMT - Sat, 07 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (667), with no line terminators
Size
667 B (667 bytes)
Hash
98d272b4672093a987ec0ab07eca9717
595c1a8f5d0d77722f8ad801d4f42697e367979a
efa06e3db6705b868b76fc80410a7fc3b8a2cc88227c8e8ec2475c2e15097ce9

HTTP Headers

GET /tag/i6wbidqrri HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:45:53 GMT
content-type: application/x-javascript
content-length: 667
cache-control: no-cache, no-store
expires: -1
set-cookie: CLID=13d1e5f8e39c4d11babb20e4abe9d480.20240510.20250510; expires=Sat, 10 May 2025 04:45:53 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
x-azure-ref: 20240510T044553Z-er15bb998b7cbbjrva4gc3ezws00000006rg0000000048wy
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
X-Firefox-Spdy: h2

bhftrrrrere.z11.web.core.windows.net/images/image2.png

20.60.248.68

200 OK

724 B

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/image2.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
PNG image data, 79 x 63, 8-bit/color RGBA, non-interlaced
Size
724 B (724 bytes)
Hash
db0e6825a0f394cc119f9dce51e87d0d
14ad5c784c8793da6d1793023d29a2ed941f999e
d23448df7f1a2f0e32540a23dace5883a040f3934eda711ccbb786a9a3f85586

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/image2.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 724
Content-Type: image/png
Content-MD5: 2w5oJaDzlMwRn53OUeh9DQ==
Last-Modified: Fri, 10 May 2024 03:44:57 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38FC53649"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 57b97513-801e-00a1-7894-a22371000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:53 GMT

bhftrrrrere.z11.web.core.windows.net/images/img6.png

20.60.248.68

404 The requested content does not exist.

14 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/img6.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
14 kB (14042 bytes)
Hash
b4ffdd1607fdff4953287bdfe31d5a49
d70d263c6de5054b3f030c1a60fabbc6c3872c37
c0f96ab7aeaf4e6b22150fd1ab16dee23f8209e3fa30b0c3109fca095a53711d

HTTP Headers

GET /images/img6.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 14042
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: fe8fccf6-501e-0079-6094-a20428000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:52 GMT

bhftrrrrere.z11.web.core.windows.net/images/image8.png

20.60.248.68

200 OK

2.8 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/image8.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
PNG image data, 65 x 65, 8-bit/color RGBA, non-interlaced
Size
2.8 kB (2808 bytes)
Hash
85699ed3cd3def081b0180e34efed9c8
960b4cff42e0300ea66d8d99c2faaa266e6a5c09
76674a6ea02c18a1c146b4b7175cf365e51cff9762eb85fe22f056c25bcae9d6

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/image8.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2808
Content-Type: image/png
Content-MD5: hWme08097wgbAYDjTv7ZyA==
Last-Modified: Fri, 10 May 2024 03:44:55 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38EA80935"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 28b279f3-601e-0000-2094-a2f80c000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:52 GMT

bhftrrrrere.z11.web.core.windows.net/images/image9.png

20.60.248.68

200 OK

2.3 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/image9.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
PNG image data, 55 x 65, 8-bit/color RGBA, non-interlaced
Size
2.3 kB (2334 bytes)
Hash
6c9518d26a8fce8b5476854e26bf9bb5
b86604406df94513dc752331a3bc816cf618a26a
48ba31e331db64e10973ac1ea694095891cb555ec7122e4d3d70b92beaf269a2

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/image9.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2334
Content-Type: image/png
Content-MD5: bJUY0mqPzotUdoVOJr+btQ==
Last-Modified: Fri, 10 May 2024 03:44:56 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38EF4E56C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 28b279f1-601e-0000-1e94-a2f80c000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:52 GMT

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bhftrrrrere.z11.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:38:02 GMT
expires: Fri, 09 May 2025 02:38:02 GMT
cache-control: public, max-age=31536000
age: 94071
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

q.clarity.ms/collect

20.231.53.73

204 No Content

0 B

URL POST HTTP/1.1
q.clarity.ms/collect
IP
20.231.53.73:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subjecta.clarity.ms
FingerprintFA:A0:06:96:CF:68:F2:24:36:2B:8B:BF:D1:E0:5A:17:AC:96:CD:11
ValiditySun, 14 Jan 2024 10:23:37 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: q.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 15992
Origin: https://bhftrrrrere.z11.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 04:45:53 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://bhftrrrrere.z11.web.core.windows.net
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

bhftrrrrere.z11.web.core.windows.net/favicon.ico

20.60.248.68

404 The requested content does not exist.

14 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/favicon.ico
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
14 kB (14042 bytes)
Hash
b4ffdd1607fdff4953287bdfe31d5a49
d70d263c6de5054b3f030c1a60fabbc6c3872c37
c0f96ab7aeaf4e6b22150fd1ab16dee23f8209e3fa30b0c3109fca095a53711d

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Cookie: _ga_9JLZ2BGNP7=GS1.1.1715316353.1.0.1715316353.0.0.0; _ga=GA1.1.1646240387.1715316353; _clck=1czn2bx%7C2%7Cfln%7C0%7C1591
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 14042
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: fe8fce92-501e-0079-6094-a20428000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:53 GMT

bhftrrrrere.z11.web.core.windows.net/images/background-img2.png

20.60.248.68

200 OK

200 B

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/background-img2.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
Size
200 B (200 bytes)
Hash
36ab0d6aef47162ecbc940362b8ec85a
360769d836fe40560d961d13ee24d4a39db098ab
9f8994aa205cd008cbc2b9abac9d2c84d3e3635bb26e304e7221ead9cdad315d

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/background-img2.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/styles/ss.css
Cookie: _ga_9JLZ2BGNP7=GS1.1.1715316353.1.0.1715316353.0.0.0; _ga=GA1.1.1646240387.1715316353; _clck=1czn2bx%7C2%7Cfln%7C0%7C1591
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 200
Content-Type: image/png
Content-MD5: NqsNau9HFi7LyUA2K47IWg==
Last-Modified: Fri, 10 May 2024 03:44:56 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A38F03D765"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 28b27bf5-601e-0000-7d94-a2f80c000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:53 GMT

bhftrrrrere.z11.web.core.windows.net/images/background-img1.png

20.60.248.68

200 OK

505 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/images/background-img1.png
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Size
505 kB (505377 bytes)
Hash
407d49fce150772038b651dc3807ce92
866cc35542ea4fb302048ba37365a92a8aedb224
1ff2dc3acf8cc925c20b6d0fd9918d51daf441bfc96bf0ee1db2c254f5b1dab8

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /images/background-img1.png HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/styles/ss.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 505377
Content-Type: image/png
Content-MD5: QH1J/OFQdyA4tlHcOAfOkg==
Last-Modified: Fri, 10 May 2024 03:45:02 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A392C66CCC"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4a439f47-701e-00b5-1494-a26b1e000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:52 GMT

c.clarity.ms/c.gif

68.219.88.97

302 Found

0 B

URL GET HTTP/2
c.clarity.ms/c.gif
IP
68.219.88.97:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subjectc.msn.com
FingerprintD1:5C:88:F3:E8:11:5E:F3:50:B0:DE:BD:B8:F5:7F:C3:BA:12:BE:EC
ValidityTue, 27 Feb 2024 20:55:40 GMT - Fri, 21 Feb 2025 20:55:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8E50B2B6E8B046C8B2C502DE8012C713&RedC=c.clarity.ms&MXFR=2E7398EB9569663F17938C90916968BE
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=2E7398EB9569663F17938C90916968BE; domain=.clarity.ms; expires=Wed, 04-Jun-2025 04:45:54 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Fri, 10 May 2024 04:45:54 GMT
content-length: 0
X-Firefox-Spdy: h2

c.bing.com/c.gif?ctsa=mr&CtsSyncId=8E50B2B6E8B046C8B2C502DE8012C713&RedC=c.clarity.ms&MXFR=2E7398EB9569663F17938C90916968BE

204.79.197.237

302 Found

0 B

URL GET HTTP/2
c.bing.com/c.gif?ctsa=mr&CtsSyncId=8E50B2B6E8B046C8B2C502DE8012C713&RedC=c.clarity.ms&MXFR=2E7398EB9569663F17938C90916968BE
IP
204.79.197.237:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58
ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif?ctsa=mr&CtsSyncId=8E50B2B6E8B046C8B2C502DE8012C713&RedC=c.clarity.ms&MXFR=2E7398EB9569663F17938C90916968BE HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bhftrrrrere.z11.web.core.windows.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8E50B2B6E8B046C8B2C502DE8012C713&MUID=10086CC0600762F80D9E78BB61506358
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=10086CC0600762F80D9E78BB61506358; domain=.bing.com; expires=Wed, 04-Jun-2025 04:45:54 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.bing.com; expires=Fri, 17-May-2024 04:45:54 GMT; path=/; SameSite=None; Secure;
SRM_B=10086CC0600762F80D9E78BB61506358; domain=c.bing.com; expires=Wed, 04-Jun-2025 04:45:54 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 341AF2023E644470AB90FFBEA5EFB747 Ref B: OSL30EDGE0312 Ref C: 2024-05-10T04:45:54Z
date: Fri, 10 May 2024 04:45:54 GMT
content-length: 0
X-Firefox-Spdy: h2

c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8E50B2B6E8B046C8B2C502DE8012C713&MUID=10086CC0600762F80D9E78BB61506358

68.219.88.97

200 OK

42 B

URL GET HTTP/2
c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8E50B2B6E8B046C8B2C502DE8012C713&MUID=10086CC0600762F80D9E78BB61506358
IP
68.219.88.97:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subjectc.msn.com
FingerprintD1:5C:88:F3:E8:11:5E:F3:50:B0:DE:BD:B8:F5:7F:C3:BA:12:BE:EC
ValidityTue, 27 Feb 2024 20:55:40 GMT - Fri, 21 Feb 2025 20:55:40 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

HTTP Headers

GET /c.gif?ctsa=mr&CtsSyncId=8E50B2B6E8B046C8B2C502DE8012C713&MUID=10086CC0600762F80D9E78BB61506358 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bhftrrrrere.z11.web.core.windows.net/
DNT: 1
Connection: keep-alive
Cookie: SM=T; MUID=2E7398EB9569663F17938C90916968BE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Fri, 01 Mar 2024 22:54:48 GMT
accept-ranges: bytes
etag: "3e26b762b6cda1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=C; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=10086CC0600762F80D9E78BB61506358; domain=.clarity.ms; expires=Wed, 04-Jun-2025 04:45:54 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.clarity.ms; expires=Fri, 17-May-2024 04:45:54 GMT; path=/; SameSite=None; Secure;
ANONCHK=0; domain=c.clarity.ms; expires=Fri, 10-May-2024 04:55:54 GMT; path=/; SameSite=None; Secure;
date: Fri, 10 May 2024 04:45:54 GMT
content-length: 42
X-Firefox-Spdy: h2

q.clarity.ms/collect

20.231.53.73

204 No Content

0 B

URL POST HTTP/1.1
q.clarity.ms/collect
IP
20.231.53.73:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subjecta.clarity.ms
FingerprintFA:A0:06:96:CF:68:F2:24:36:2B:8B:BF:D1:E0:5A:17:AC:96:CD:11
ValiditySun, 14 Jan 2024 10:23:37 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: q.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 939
Origin: https://bhftrrrrere.z11.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Cookie: MUID=10086CC0600762F80D9E78BB61506358
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 04:45:55 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://bhftrrrrere.z11.web.core.windows.net
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

q.clarity.ms/collect

20.231.53.73

204 No Content

0 B

URL POST HTTP/1.1
q.clarity.ms/collect
IP
20.231.53.73:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subjecta.clarity.ms
FingerprintFA:A0:06:96:CF:68:F2:24:36:2B:8B:BF:D1:E0:5A:17:AC:96:CD:11
ValiditySun, 14 Jan 2024 10:23:37 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: q.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 472
Origin: https://bhftrrrrere.z11.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Cookie: MUID=10086CC0600762F80D9E78BB61506358
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 04:45:57 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://bhftrrrrere.z11.web.core.windows.net
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

bhftrrrrere.z11.web.core.windows.net/src.mp3

20.60.248.68

206 Partial Content

131 kB

URL GET HTTP/1.1
bhftrrrrere.z11.web.core.windows.net/src.mp3
IP
20.60.248.68:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint9D:9F:D1:19:8B:95:C9:F6:B8:68:35:ED:B2:E4:C9:10:9E:57:E6:7F
ValidityWed, 27 Sep 2023 09:15:24 GMT - Fri, 27 Sep 2024 09:15:24 GMT

File type
Audio file with ID3 version 2.4.0, contains: - MPEG ADTS, layer III, v2, 48 kbps, 22.05 kHz, Monaural
Size
131 kB (130686 bytes)
Hash
1c7c140005ed7479422c91e9d77ce8f8
fbe085367fec877fef3635b21c2a49380a6fa06d
5581500a4f3763c401e2e488caa67e5804a0e811d866b9a5569eb595e42e86db

HTTP Headers

GET /src.mp3 HTTP/1.1
Host: bhftrrrrere.z11.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Content-Length: 231542
Content-Type: audio/mpeg
Content-Range: bytes 0-231541/231542
Last-Modified: Fri, 10 May 2024 03:45:00 GMT
Accept-Ranges: bytes
ETag: "0x8DC70A39190161D"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fe8fccdc-501e-0079-4694-a20428000000
x-ms-version: 2018-03-28
Date: Fri, 10 May 2024 04:45:52 GMT

fonts.googleapis.com/css2?family=Montserrat:wght@600;700&display=swap

142.250.74.106

200 OK

3.7 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@600;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (3750), with no line terminators
Size
3.7 kB (3660 bytes)
Hash
27d380c6f6ae812130dd3b558b2159c2
2091ac73c0a96dee712bab5bce983cee528cd91b
c406d5badd61b281c6681a798364594a2e1653eeb3f7b2f198f85b7b0fe83c8f

HTTP Headers

GET /css2?family=Montserrat:wght@600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 04:45:52 GMT
date: Fri, 10 May 2024 04:45:52 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.clarity.ms/s/0.7.32/clarity.js

13.107.213.53

200 OK

62 kB

URL GET HTTP/2
www.clarity.ms/s/0.7.32/clarity.js
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bhftrrrrere.z11.web.core.windows.net/?pub=[PUBLISHER_ID]&campid=[CAMPAIGN_ID]&Creative=[CREATIVE_ID]
Certificate
IssuerDigiCert Inc
Subjectwww.clarity.ms
FingerprintAE:77:25:80:38:B8:E2:8F:C3:B2:EE:B5:0D:9C:7C:30:7E:30:75:2C
ValidityThu, 07 Dec 2023 00:00:00 GMT - Sat, 07 Dec 2024 23:59:59 GMT

File type

Size
62 kB (62397 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s/0.7.32/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bhftrrrrere.z11.web.core.windows.net/
Cookie: CLID=13d1e5f8e39c4d11babb20e4abe9d480.20240510.20250510
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:45:53 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 08 May 2024 21:14:23 GMT
etag: W/"0x8DC6FA3D56B9D1A"
x-ms-request-id: 32d7d42d-701e-0001-1b93-a17107000000
x-ms-version: 2018-03-28
access-control-allow-origin: *
x-azure-ref: 20240510T044553Z-er15bb998b7cbbjrva4gc3ezws00000006rg0000000048x4
cache-control: public, max-age=86400
x-fd-int-roxy-purgeid: 51562430
x-cache: TCP_HIT
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL