r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4217
Expires: Thu, 08 Dec 2022 08:41:55 GMT
Date: Thu, 08 Dec 2022 07:31:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12479
Expires: Thu, 08 Dec 2022 10:59:37 GMT
Date: Thu, 08 Dec 2022 07:31:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10072
Expires: Thu, 08 Dec 2022 10:19:30 GMT
Date: Thu, 08 Dec 2022 07:31:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 07:08:10 GMT
content-type: application/json
age: 1408
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fhap04ooXLHPPSrxBw8dEo09anTJn1+dzgy6Kfi5yxp0UwNOWjWr5WNU5EqMO52bDDdFVLNOhvE=
x-amz-request-id: VXXHXJ2NV6H99F0E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 06:49:41 GMT
age: 2517
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
20.118.40.6301 Moved Permanently 0 B URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID} HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Date: Thu, 08 Dec 2022 07:31:38 GMT
Location: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 07:31:38 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 07:07:55 GMT
age: 1423
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2961
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:39 GMT
Last-Modified: Thu, 08 Dec 2022 06:42:18 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
20.118.40.6200 OK 3.4 kB URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash b84123c05874ee2e85bbbb7f11d9f686
71443b480b99ad4f68cd5f1834550fd205c90a63
481f487a670e432ad1be8ad5d2108bcc96e79035fc737aae23e17daecbe593c3
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID} HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Content-Type: text/html
Date: Thu, 08 Dec 2022 07:31:39 GMT
Server: nginx/1.22.0
Content-Encoding: gzip
ETag: W/"6391928f-2462"
Last-Modified: Thu, 08 Dec 2022 07:30:23 GMT
Transfer-Encoding: chunked
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
142.250.74.42200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (32061)
Hash b90b3d2618cce9d766152cd3092b5c27
496339457cd00caab8118e2e1f30ea18dc05b9f4
b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41
GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 23:44:14 GMT
expires: Wed, 06 Dec 2023 23:44:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 114445
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-176875146-1
172.217.21.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-176875146-1
IP 172.217.21.168:0
File type ASCII text, with very long lines (1921)
Hash 9c03f6f2e4e7645d709dd2fe1c55ab5a
758903279b2067c79bb15a4ff16ce39b9420d303
ef2a83d4c66ea3812c6198c02008abb1c0110b4ed31f7b6048039c39f6933011
GET /gtag/js?id=UA-176875146-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 07:31:39 GMT
expires: Thu, 08 Dec 2022 07:31:39 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43633
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Montserrat:wght@600;700&display=swap
142.250.74.106200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css2?family=Montserrat:wght@600;700&display=swap
IP 142.250.74.106:0
Hash c3c5e9db0fae38b935dc860bc4a8be7f
c18ad54793e32094739e06b7dbea85c8a270988a
631ba6ae3be989939ff28fd7215f35b1cc94d194da21e586b1d644aaadbb8f5f
GET /css2?family=Montserrat:wght@600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Dec 2022 07:31:39 GMT
date: Thu, 08 Dec 2022 07:31:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.240.57.100101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.57.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: z3Y3yICv/9d/CGIUB8x71w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pgZBbKR8+0mviN5smw7uYnQbExA=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/css/style-browser-reset.css
20.118.40.6200 OK 7.3 kB URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/css/style-browser-reset.css
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with CRLF line terminators
Hash 8b8d2fca9d2818fd6ea6052e442d698f
676554c2734d121fdb90ac00b684cad817ba4f2f
cd631fc118f99d0ff1db87ee6866a0a1e04e9c7a3f4648e2fd04353e753a1544
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/css/style-browser-reset.css HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 7322
Content-Type: text/css
Date: Thu, 08 Dec 2022 07:31:39 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "63919294-1c9a"
Last-Modified: Thu, 08 Dec 2022 07:30:28 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/css/style.css
20.118.40.6200 OK 13 kB URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/css/style.css
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with CRLF line terminators
Hash 349fa1c0a8e0fed432fac067ea6f5e61
a32bc7d59d0276d5544d849c54680a25c029d08f
cdf2491b30d5a46bb3e73845090fff6cc146ff20396ff89f7c9a284de74e3840
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/css/style.css HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 12867
Content-Type: text/css
Date: Thu, 08 Dec 2022 07:31:39 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "6391929a-3243"
Last-Modified: Thu, 08 Dec 2022 07:30:34 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/comp.png
20.118.40.6200 OK 1.3 kB URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/comp.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 132 x 105, 8-bit/color RGBA, non-interlaced\012- data
Hash 8544bdb08aeab60824f3274e1b23d72c
a954a9b151155df801eba5eea1f6cb20b349e8c4
9887fc4cc99951ee5242c8138ac47b175a793819af078f20364603d839be556c
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/comp.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 1324
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "6391929f-52c"
Last-Modified: Thu, 08 Dec 2022 07:30:39 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/comp-min.png
20.118.40.6200 OK 724 B URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/comp-min.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 79 x 63, 8-bit/color RGBA, non-interlaced\012- data
Hash db0e6825a0f394cc119f9dce51e87d0d
14ad5c784c8793da6d1793023d29a2ed941f999e
d23448df7f1a2f0e32540a23dace5883a040f3934eda711ccbb786a9a3f85586
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/comp-min.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 724
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "6391929c-2d4"
Last-Modified: Thu, 08 Dec 2022 07:30:36 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/close.png
20.118.40.6200 OK 204 B URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/close.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash e40d1b1cb551eb3aa439e3aa58684506
360fd35b4a6a2a41220fb3a886d77f9ef416ee58
5e7a2650a477495975f4582dd7fda915eddc6636c280c814b3c340eac9e7991e
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/close.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 204
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "639192a1-cc"
Last-Modified: Thu, 08 Dec 2022 07:30:41 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/microsoft-min.png
20.118.40.6200 OK 358 B URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/microsoft-min.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced\012- data
Hash b70b61fbaef16f92eda0c249926b3ffc
fd089d0504c8e655fcda642ea23e970f9cb1fce2
0f76835451427509c2c509c34d7da48a0b3d3eba777be73f519e6853796b1987
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/microsoft-min.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 358
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "63919299-166"
Last-Modified: Thu, 08 Dec 2022 07:30:33 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/microsoft-label.png
20.118.40.6200 OK 465 B URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/microsoft-label.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 74 x 74, 8-bit/color RGBA, non-interlaced\012- data
Hash 589b99962054369d67ea1d275036c643
09cd975587a064b882e39bbd9f40eb6b46bb23ff
e4d3fcff9172df28321591ccdad3d9ee643df0719e38300f35576ef45760e474
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/microsoft-label.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 465
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "6391929e-1d1"
Last-Modified: Thu, 08 Dec 2022 07:30:38 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/speed-min.png
20.118.40.6200 OK 2.8 kB URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/speed-min.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 65 x 65, 8-bit/color RGBA, non-interlaced\012- data
Hash 85699ed3cd3def081b0180e34efed9c8
960b4cff42e0300ea66d8d99c2faaa266e6a5c09
76674a6ea02c18a1c146b4b7175cf365e51cff9762eb85fe22f056c25bcae9d6
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/speed-min.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2808
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "6391929d-af8"
Last-Modified: Thu, 08 Dec 2022 07:30:37 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/icon-chat.png
20.118.40.6200 OK 3.5 kB URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/icon-chat.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 117 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b1f21dd040a850687d989f804c982cb
fc1697a3622ca7ebe68d15e3e59b1e5b693e2f35
148394202d5a332a7813d94e3911853e3ba70ea18cd4391d3e188ee8b60ba02e
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/icon-chat.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 3526
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "639192a1-dc6"
Last-Modified: Thu, 08 Dec 2022 07:30:41 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/skip.svg
20.118.40.6200 OK 156 B URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/skip.svg
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash a557f48b3ccbe9b92dc585387bb9a347
dbe25ae11448a150dd360e81f651d2f7677b9d52
c756c3c28d439ae60766c7e008fed57ad055ec943cdb793cf4de825cf4128651
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/skip.svg HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 156
Content-Type: image/svg+xml
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "63919298-9c"
Last-Modified: Thu, 08 Dec 2022 07:30:32 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/world-min.png
20.118.40.6200 OK 2.3 kB URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/world-min.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 55 x 65, 8-bit/color RGBA, non-interlaced\012- data
Hash 6c9518d26a8fce8b5476854e26bf9bb5
b86604406df94513dc752331a3bc816cf618a26a
48ba31e331db64e10973ac1ea694095891cb555ec7122e4d3d70b92beaf269a2
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/world-min.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 2334
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "639192a0-91e"
Last-Modified: Thu, 08 Dec 2022 07:30:40 GMT
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4356
Expires: Thu, 08 Dec 2022 08:44:16 GMT
Date: Thu, 08 Dec 2022 07:31:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4356
Expires: Thu, 08 Dec 2022 08:44:16 GMT
Date: Thu, 08 Dec 2022 07:31:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4356
Expires: Thu, 08 Dec 2022 08:44:16 GMT
Date: Thu, 08 Dec 2022 07:31:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fbdf939d23b987fd36a86b7a1258b10d
2cad45ad8e56699db3457501cf1e488fe85d479a
285a8a3d3ec439f493ca5d586477c3e3ed3b9e5d7a0133da73c426b69e112cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10861
x-amzn-requestid: ad568a35-9eba-4c6d-a09d-97e518fbf503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gIFN4oAMFqrw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-434ca8281e48538e69e72e05;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4MrxT27cyrFqR70ofprhh4FbJAfVpKb787jT3TsH0l7BxQOf2tWh6g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:02:15 GMT
age: 34165
etag: "2cad45ad8e56699db3457501cf1e488fe85d479a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EeYw3qxRNMEhtLkUrHQe5b1H_f2k-5BWSZV4LEZ9U64rqm7Addv_Dw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 06:56:32 GMT
age: 2108
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:24:13 GMT
age: 32847
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d44d17585c9a536c8da0e75ed90d175
9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1
6d14a5b5c43b39244434560a83a2bfea6604a4d072943b6147293b7adfd1b7b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10164
x-amzn-requestid: a0cb7259-0a07-44f5-91cd-e96b8d9c9cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnAPOGSnoAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c472e-799b6ee425e29fb70ff7e4ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Q2LRCrEYVZz_KldQARUQ26O1mv0G7rMAPQXGkBzUnERF-WjtZPMJA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 12:11:17 GMT
age: 69623
etag: "9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3236488e-3e39-44b6-b864-0f7ede8ee3f5.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3236488e-3e39-44b6-b864-0f7ede8ee3f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3cbac0c7e45d3f33c38dbf3af4de05ba
e9106fec14ddda290951c61eda64a69ada9a244a
98d3785eb167ea6bbba3782ab3cfd8cc9c7715f493265ac6d59494c00d3b002e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3236488e-3e39-44b6-b864-0f7ede8ee3f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: bf2f33a6-7f13-4f5b-ba9c-da33282135b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctERHFRSoAMFgYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb406-121af6ba1b7b6a3066ffa103;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yTLFIBUWHjudn2h6VKM79RUnXfuUTmQBkYSCFrRuY7_biVW5bEKZfA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 18:39:08 GMT
age: 46352
etag: "e9106fec14ddda290951c61eda64a69ada9a244a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:35:32 GMT
age: 28568
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 08 Dec 2022 06:41:08 GMT
expires: Thu, 08 Dec 2022 08:41:08 GMT
cache-control: public, max-age=7200
age: 3032
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=1063438425&t=pageview&_s=1&dl=https%3A%2F%2Fe87vvvv67ytue77779emnjhgh.azurewebsites.net%2Febahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot%2F%3FSource%3D%7BBV_SRCID%7D%26CampId%3D%7BBV_CAMPID%7D&ul=en-us&de=UTF-8&dt=%E3%82%A6%E3%82%A3%E3%83%B3%E3%83%89%E3%82%A6%E3%82%BA%E3%82%A8%E3%83%A9%E3%83%BC%E3%83%9D%E3%83%83%E3%83%97%E3%82%A2%E3%83%83%E3%83%97&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=387659811&gjid=173501396&cid=517885511.1670484700&tid=UA-176875146-1&_gid=1675864935.1670484700&_r=1>m=2oubu0&z=112884515
142.250.74.110200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1063438425&t=pageview&_s=1&dl=https%3A%2F%2Fe87vvvv67ytue77779emnjhgh.azurewebsites.net%2Febahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot%2F%3FSource%3D%7BBV_SRCID%7D%26CampId%3D%7BBV_CAMPID%7D&ul=en-us&de=UTF-8&dt=%E3%82%A6%E3%82%A3%E3%83%B3%E3%83%89%E3%82%A6%E3%82%BA%E3%82%A8%E3%83%A9%E3%83%BC%E3%83%9D%E3%83%83%E3%83%97%E3%82%A2%E3%83%83%E3%83%97&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=387659811&gjid=173501396&cid=517885511.1670484700&tid=UA-176875146-1&_gid=1675864935.1670484700&_r=1>m=2oubu0&z=112884515
IP 142.250.74.110:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=1063438425&t=pageview&_s=1&dl=https%3A%2F%2Fe87vvvv67ytue77779emnjhgh.azurewebsites.net%2Febahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot%2F%3FSource%3D%7BBV_SRCID%7D%26CampId%3D%7BBV_CAMPID%7D&ul=en-us&de=UTF-8&dt=%E3%82%A6%E3%82%A3%E3%83%B3%E3%83%89%E3%82%A6%E3%82%BA%E3%82%A8%E3%83%A9%E3%83%BC%E3%83%9D%E3%83%83%E3%83%97%E3%82%A2%E3%83%83%E3%83%97&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=387659811&gjid=173501396&cid=517885511.1670484700&tid=UA-176875146-1&_gid=1675864935.1670484700&_r=1>m=2oubu0&z=112884515 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net
date: Thu, 08 Dec 2022 07:31:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e87vvvv67ytue77779emnjhgh.azurewebsites.net/favicon.ico
20.118.40.6404 Not Found 114 B URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/favicon.ico
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash b9841984dca9ab290d79563f36ae6d8d
35a6cc4edf0c92bd155144871968659dafb4d1c3
546c212f587bf539f97ed64bbc3ae6c09bd7ee64976e71f091df859c217a0c14
GET /favicon.ico HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Content-Encoding: gzip
Transfer-Encoding: chunked
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/supportmicrosoft2.png
20.118.40.6200 OK 505 kB URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/supportmicrosoft2.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 505 kB (505377 bytes)
Hash 407d49fce150772038b651dc3807ce92
866cc35542ea4fb302048ba37365a92a8aedb224
1ff2dc3acf8cc925c20b6d0fd9918d51daf441bfc96bf0ee1db2c254f5b1dab8
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/supportmicrosoft2.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 505377
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "6391929c-7b621"
Last-Modified: Thu, 08 Dec 2022 07:30:36 GMT
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.35200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 06:30:11 GMT
expires: Sat, 02 Dec 2023 06:30:11 GMT
cache-control: public, max-age=31536000
age: 522090
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 07:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/microsoft-bg.png
20.118.40.6200 OK 200 B URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/microsoft-bg.png
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 36ab0d6aef47162ecbc940362b8ec85a
360769d836fe40560d961d13ee24d4a39db098ab
9f8994aa205cd008cbc2b9abac9d2c84d3e3635bb26e304e7221ead9cdad315d
Analyzer Verdict Alert urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
urlquery malware Scam - Fake AntiVirus
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/img/microsoft-bg.png HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/css/style.css
Cookie: _ga=GA1.3.517885511.1670484700; _gid=GA1.3.1675864935.1670484700; _gat_gtag_UA_176875146_1=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 200
Content-Type: image/png
Date: Thu, 08 Dec 2022 07:31:41 GMT
Server: nginx/1.22.0
Accept-Ranges: bytes
ETag: "6391929d-c8"
Last-Modified: Thu, 08 Dec 2022 07:30:37 GMT
e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/takashi.mp3
20.118.40.6206 Partial Content 0 B URL HTTP/1.1 e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/takashi.mp3
IP 20.118.40.6:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/takashi.mp3 HTTP/1.1
Host: e87vvvv67ytue77779emnjhgh.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://e87vvvv67ytue77779emnjhgh.azurewebsites.net/ebahchainkaekechainliyajatahain-aisehinpyarkiyajajatahaichroti-sambhasehogapossiblegot/?Source={BV_SRCID}&CampId={BV_CAMPID}
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Content-Length: 231542
Content-Type: audio/mpeg
Date: Thu, 08 Dec 2022 07:31:40 GMT
Server: nginx/1.22.0
Content-Range: bytes 0-231541/231542
ETag: "63919290-38876"
Last-Modified: Thu, 08 Dec 2022 07:30:24 GMT