| fresh13.z29.web.core.windows.net/werrx01USAHTML/main.js |  20.150.114.100 | 200 OK | 1.1 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/main.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeJavaScript source, ASCII text, with very long lines (1270), with no line terminators Hasha8a1da52f31c3e126ed06deccf3bfeb6 110bf96bfd64ccf4f370053175b4e01f1c6b2208 d6f195130576c195c0dbd08f3ebf40d72b02364bf2eab30318b5fdc92d87e60e
GET /werrx01USAHTML/main.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1144
Content-Type: text/javascript
Content-MD5: GUgQvPCXzIBJsO7ymsIssg==
Last-Modified: Fri, 04 Apr 2025 11:18:53 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7B7D7C3A"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9015312-f01e-0067-5723-a6ee21000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/mnc.png | 20.150.114.100 | 200 OK | 166 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/mnc.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 140 x 30, 1-bit colormap, non-interlaced Hash51ebbb1879093893b39bbb6e970217ae 196aa8f9ae46c8a46b2a997904abeafad817fcee 1901eeec960650f0c4c31673dde13f934f4e22bcb702383aefacaf00bdd743c7
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/mnc.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 166
Content-Type: image/png
Content-MD5: Ueu7GHkJOJOzm7tulwIXrg==
Last-Modified: Fri, 04 Apr 2025 11:18:54 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7C12101F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4c793219-601e-0028-0323-a69f75000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/bx1.png | 20.150.114.100 | 200 OK | 119 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/bx1.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 1056 x 908, 8-bit/color RGBA, non-interlaced Size119 kB (119079 bytes) Hash375f2aedc7a2c955f3a3d6086ab9560b 585c0154809d7513811bc4030254926c6ab8738e 02b2f65af6dc9b2d3ce4524cc0df3939a2cc8f851ec39439f417faf7729bda35
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/bx1.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 119079
Content-Type: image/png
Content-MD5: N18q7ceiyVXzo9YIarlWCw==
Last-Modified: Fri, 04 Apr 2025 11:18:47 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A77EB3B40"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c9757729-b01e-002b-1223-a67e11000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/web1.png | 20.150.114.100 | 200 OK | 60 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/web1.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 956 x 816, 8-bit/color RGBA, non-interlaced Hash3c4478d9526bbac9186ed7b1f68a228d 572e33f91c67c295020e5d1b04e9debc5590a96b 20b06790b46a305c70cdd9837e24abaa5511aed95df8fa54ad0c9ff117c6042d
GET /werrx01USAHTML/web1.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 59561
Content-Type: image/png
Content-MD5: PER42VJruskYbtex9ooijQ==
Last-Modified: Fri, 04 Apr 2025 11:19:03 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A81E2B99D"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2d5ea17d-001e-003e-6f23-a669a2000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/msmm.png | 20.150.114.100 | 200 OK | 148 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/msmm.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 31 x 30, 4-bit colormap, non-interlaced Hash786e451b89111d04cb1fba3d32c398fa cbcbacb13686702d2ff96c749c0c08e4913ee24e 7064eadfcd3291fcb65d7cd1ca36820581f5b54826d68024dfc29dc203907ad6
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/msmm.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 148
Content-Type: image/png
Content-MD5: eG5FG4kRHQTLH7o9MsOY+g==
Last-Modified: Fri, 04 Apr 2025 11:18:58 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7ECE90B0"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2d5ea5c5-001e-003e-7823-a669a2000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:16 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/f24.png | 20.150.114.100 | 200 OK | 1.8 MB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/f24.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 3016 x 1888, 8-bit/color RGBA, non-interlaced Size1.8 MB (1832599 bytes) Hasha5291229d2ccab0316e62ea05282f335 9a4358bb92ec5bc848a43f0a93f5c2375e580967 58ad7ea2ca500817266dd0a83b8c4edb0739fd456664b5a2da132204a2240419
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/f24.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1832599
Content-Type: image/png
Content-MD5: pSkSKdLMqwMW5i6gUoLzNQ==
Last-Modified: Fri, 04 Apr 2025 11:18:58 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7E91308E"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 43d151dd-901e-0003-5f23-a61fb9000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:16 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/bxs.png | 20.150.114.100 | 200 OK | 4.8 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/bxs.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 840 x 32, 8-bit/color RGBA, non-interlaced Hashdd1acbd9435c4415ce503a98d8a5ff2b f10046f388d944ce798706919c9d78423aa1d29b 689cfc046cb7a6b6e6f85452bfe224b645ae827d50fb80498326502465327199
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/bxs.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 4776
Content-Type: image/png
Content-MD5: 3RrL2UNcRBXOUDqY2KX/Kw==
Last-Modified: Fri, 04 Apr 2025 11:18:46 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A77C03CF7"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2d5ea2bb-001e-003e-2123-a669a2000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/webs.mp4 | 20.150.114.100 | 206 Partial Content | 8.4 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/webs.mp4 IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeAudio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural Hash8618fbb0911e3b8fc96725dee8bfd81f 1bbcb78922946d0cf18fbf3a9e092e36453eb767 0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/webs.mp4 HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Length: 8405
Content-Type: video/mp4
Content-Range: bytes 0-8404/8405
Last-Modified: Fri, 04 Apr 2025 11:19:03 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A81CE5E2E"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4c793341-601e-0028-0e23-a69f75000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:16 GMT
|
|
| ipwho.is/?lang=en |  195.201.57.90 | 200 OK | 669 B |
IP195.201.57.90:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerGoGetSSL Subjectipwho.is Fingerprint23:45:4F:91:B0:11:6E:44:AE:44:5A:2A:A3:B7:9E:11:6A:17:40:9D ValidityMon, 03 Mar 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (790), with no line terminators Hash692526990bd89f042ff786add099ab84 9479e5adc50c4cb2750b9e427c317c63de85e422 26e883788b603f9d796c792cd2784e9c3a1573fa9883701e1e099fd3d602b2ba
GET /?lang=en HTTP/1.1
Host: ipwho.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fresh13.z29.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Apr 2025 12:09:16 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: ipwhois
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
X-Robots-Tag: noindex
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/index.html | 20.150.114.100 | 206 Partial Content | 16 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/index.html IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /werrx01USAHTML/index.html HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Length: 15753
Content-Type: text/html
Content-Range: bytes 0-15752/15753
Last-Modified: Fri, 04 Apr 2025 11:18:52 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7ACA5F2F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b7c41a90-001e-0001-1d23-a6a101000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:16 GMT
|
|
| code.jquery.com/jquery-1.4.4.min.js |  151.101.66.137 | 200 OK | 79 kB |
URL GET code.jquery.com/jquery-1.4.4.min.js IP151.101.66.137:443
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (820) Hash73a9c334c5ca71d70d092b42064f6476 b75990598ee8d3895448ed9d08726af63109f842 517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c
GET /jquery-1.4.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-13309"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 05 Apr 2025 12:09:15 GMT
age: 4501808
x-served-by: cache-lga21980-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 606, 3509
x-timer: S1743854955.365726,VS0,VE0
vary: Accept-Encoding
content-length: 27078
X-Firefox-Spdy: h2
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/msmm.png | 20.150.114.100 | 200 OK | 148 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/msmm.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 31 x 30, 4-bit colormap, non-interlaced Hash786e451b89111d04cb1fba3d32c398fa cbcbacb13686702d2ff96c749c0c08e4913ee24e 7064eadfcd3291fcb65d7cd1ca36820581f5b54826d68024dfc29dc203907ad6
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/msmm.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 148
Content-Type: image/png
Content-MD5: eG5FG4kRHQTLH7o9MsOY+g==
Last-Modified: Fri, 04 Apr 2025 11:18:58 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7ECE90B0"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b7c418f7-001e-0001-2b23-a6a101000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:16 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/vsc.png | 20.150.114.100 | 200 OK | 752 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/vsc.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 128 x 128, 1-bit colormap, non-interlaced Hash87073644990cb240bcc9aca429af2670 0e452e1f87d811c459d5c7084861f16076c71359 23e2636c586a13f6dba4730d4d92fccd80ef8d0358e9c266e7cdd1d5123057f7
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/vsc.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 752
Content-Type: image/png
Content-MD5: hwc2RJkMskC8yaykKa8mcA==
Last-Modified: Fri, 04 Apr 2025 11:19:03 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A81A11888"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4c7932cd-601e-0028-1f23-a69f75000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/dm.png | 20.150.114.100 | 200 OK | 347 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/dm.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 100 x 100, 1-bit colormap, non-interlaced Hash4a39876d0660cfe5b1f5cb073498c66d 174e953eb12a558f9ebdd2a276fc6b544cb8dbee 1062361de4627c89f8ea0541b529769540a46687daa3f4b5c9e4a84e3de604d5
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/dm.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 347
Content-Type: image/png
Content-MD5: SjmHbQZgz+Wx9csHNJjGbQ==
Last-Modified: Fri, 04 Apr 2025 11:18:48 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A78C9F22B"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 43d150c1-901e-0003-5b23-a61fb9000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:16 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/nvidia.js | 20.150.114.100 | 200 OK | 2.1 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/nvidia.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeJavaScript source, ASCII text, with very long lines (2124), with no line terminators Hash0afda3e6b3e6d92ecd1e7d28b79604bd af4b98337baf8f6037acb756ec2ed79481ad24b9 ce5b1fcff8fab61dceddda93645d0dd91d67e48fa01b2b28183c3a6a97cb7b31
GET /werrx01USAHTML/nvidia.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 2054
Content-Type: text/javascript
Content-MD5: kh4BPTYUAYef4yTlEdHHZg==
Last-Modified: Fri, 04 Apr 2025 11:19:00 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7FFEB569"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b90151ba-f01e-0067-2223-a6ee21000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/jupiter.js | 20.150.114.100 | 200 OK | 503 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/jupiter.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeJavaScript source, ASCII text, with very long lines (545), with no line terminators Hashd64718a85daf432be5f8d3c9fe3a45bd d1b2721f29e5a1a6e6344a53162f32c53eb98e1e de0997f0917e44e1840ce9d82cc86fd7f6cae542f906c62d78ae71c6af0ee303
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/jupiter.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 503
Content-Type: text/javascript
Content-MD5: zWwz+8Ih0CcckQr5EObr7Q==
Last-Modified: Fri, 04 Apr 2025 11:18:52 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7B5A3D68"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b7c41592-001e-0001-2d23-a6a101000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 | 20.150.114.100 | 200 OK | 16 kB |
URL User Request GET fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /werrx01USAHTML/?bcda=1-844-610-4656 HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 15753
Content-Type: text/html
Content-MD5: OIyqcw31+WvkpiYVekcasw==
Last-Modified: Fri, 04 Apr 2025 11:18:52 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7ACA5F2F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9014ce6-f01e-0067-5123-a6ee21000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:14 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/noir.js | 20.150.114.100 | 200 OK | 84 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/noir.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeJavaScript source, ASCII text, with very long lines (32180) Hasha8325a8dddc75eb4cd78a4c9d207aaf3 5a956570fbffd26b497f38ea3a28f0bc075d5efc 46b5242c5eb6b3b71ef2606f2d0d700142ae58b53c6d018e6bf06bab62437e1b
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/noir.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 84272
Content-Type: text/javascript
Content-MD5: qDJajd3HXrTNeKTJ0geq8w==
Last-Modified: Fri, 04 Apr 2025 11:18:59 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7F436438"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 43d14e96-901e-0003-6923-a61fb9000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/pheduNYbdTgst.js | 20.150.114.100 | 200 OK | 139 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/pheduNYbdTgst.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeASCII text, with no line terminators Hash28518e0e1d1a3ceffd2717cbb3800e19 a4d3b37d9e53ca353040b6ea7a6eeebbd1f89a4f b1c21eb73be34e5a20a03b8381a6768c4600a66aa84556685232bd88ea94b073
GET /werrx01USAHTML/pheduNYbdTgst.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 139
Content-Type: text/javascript
Content-MD5: 9WLj8ZbbKCZW8LnnkHwJFQ==
Last-Modified: Fri, 04 Apr 2025 11:19:00 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7FF41301"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4c793036-601e-0028-4323-a69f75000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/set.png | 20.150.114.100 | 200 OK | 360 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/set.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 12 x 12, 8-bit/color RGB, non-interlaced Hash07b254d9ba665e8fdfa1a577851a4942 08a88fd66d8677240ce3c16a06ece9af54e54663 d78dca445132754bf14e22d2dd76a8273a5c77e9a084b12e17ca76d500d3b6e3
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/set.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 360
Content-Type: image/png
Content-MD5: B7JU2bpmXo/foaV3hRpJQg==
Last-Modified: Fri, 04 Apr 2025 11:19:02 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A810CAB8C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2d5ea240-001e-003e-2b23-a669a2000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/index.html | 20.150.114.100 | 200 OK | 16 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/index.html IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /werrx01USAHTML/index.html HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 15753
Content-Type: text/html
Content-MD5: OIyqcw31+WvkpiYVekcasw==
Last-Modified: Fri, 04 Apr 2025 11:18:52 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7ACA5F2F"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 43d1595c-901e-0003-4c23-a61fb9000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:17 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/ques.png | 20.150.114.100 | 200 OK | 349 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/ques.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 13 x 13, 8-bit/color RGB, non-interlaced Hash7454c652e0733d92de6c920c2d646ae0 34a5bd8c7401f95e346895b0e5ccffbf0e9ad638 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/ques.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 349
Content-Type: image/png
Content-MD5: dFTGUuBzPZLebJIMLWRq4A==
Last-Modified: Fri, 04 Apr 2025 11:19:01 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A802F799B"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b7c419d1-001e-0001-7023-a6a101000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:16 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/re.gif | 20.150.114.100 | 200 OK | 15 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/re.gif IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeGIF image data, version 89a, 193 x 71 Hash6fcb78e0cd7933a70eea2cf071f82118 70364bffd62fe33360abe70ecc7f7c0541b3b54c 4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/re.gif HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 14751
Content-Type: image/gif
Content-MD5: b8t44M15M6cO6izwcfghGA==
Last-Modified: Fri, 04 Apr 2025 11:19:01 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A80940BCA"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b7c417d2-001e-0001-2423-a6a101000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/visudk.mp4 | 20.150.114.100 | 206 Partial Content | 201 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/visudk.mp4 IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeAudio file with ID3 version 2.3.0, contains:
- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural Size201 kB (200832 bytes) Hash0116152611dd51432e852781f8cc7e82 2408d3d281b25649894f78a4e19f7f8a8ac735f9 fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/visudk.mp4 HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Length: 200832
Content-Type: video/mp4
Content-Range: bytes 0-200831/200832
Last-Modified: Fri, 04 Apr 2025 11:19:03 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A81860DD5"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2d5ea327-001e-003e-0623-a669a2000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/frwisYbsyBWa.js | 20.150.114.100 | 200 OK | 7.6 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/frwisYbsyBWa.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeJavaScript source, ASCII text, with very long lines (8115), with no line terminators Hash2575f8202d36b64bacaedd684618eb3f 819e2653f522e10fcc0163127f33ac941ab68e4b 13f2e9a779dd5d950201c24aa3c3529128bbfb8cb42d682c99411eacdcdb972d
GET /werrx01USAHTML/frwisYbsyBWa.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 7617
Content-Type: text/javascript
Content-MD5: ZqhVjDT9Nipli7l5tomIZQ==
Last-Modified: Fri, 04 Apr 2025 11:18:52 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7ACB6F67"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2d5ea051-001e-003e-6b23-a669a2000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:14 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/custom.js | 20.150.114.100 | 200 OK | 2.9 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/custom.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeJavaScript source, ASCII text, with very long lines (3083), with no line terminators Hash7546b9022eac9f61ac2d9a345261cc3b 456aec62f5e5fe23f20d4c06393e968b6a418adc ba8458b425ba802a6c094382972419230de3cb688138134dea711c9f132a5478
GET /werrx01USAHTML/custom.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 2854
Content-Type: text/javascript
Content-MD5: +4Utu6Z7TY995u2yMrW/MA==
Last-Modified: Fri, 04 Apr 2025 11:18:48 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7880DF71"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c97575cd-b01e-002b-5b23-a67e11000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/info.js | 20.150.114.100 | 200 OK | 140 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/info.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeASCII text, with no line terminators Hashab8e54e0d71fc09fae10e1dcb28d7173 96ebbceef0995fbc7710528ecd67883da2928085 321d477f834cf91da35c5ef1be0a5fd378e4215402091b22cb53de78e05cfccc
GET /werrx01USAHTML/info.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 140
Content-Type: text/javascript
Content-MD5: CPpKEDOLgzKB9xIZFRRh1A==
Last-Modified: Fri, 04 Apr 2025 11:18:51 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7AB98233"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2d5ea0c6-001e-003e-4723-a669a2000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:14 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/cs.png | 20.150.114.100 | 200 OK | 3.2 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/cs.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 520 x 520, 8-bit colormap, non-interlaced Hash911f04c21d791a20574a4b287b60d3af 4cef2ee054e7a08fbf9692fded2d9cf1f1700cf8 b1e9d0861c6671644ad118df8150e394f8cba36b9536f64898bd35919e5515b4
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/cs.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 3152
Content-Type: image/png
Content-MD5: kR8Ewh15GiBXSksoe2DTrw==
Last-Modified: Fri, 04 Apr 2025 11:18:47 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A785CB730"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4c79317d-601e-0028-6f23-a69f75000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/esc.js | 20.150.114.100 | 200 OK | 87 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/esc.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeASCII text, with no line terminators Hash0eb04907b792b275d8241a9cfd5a5509 25679e2e583f165e61199c1fb6490be9add57821 27297273051ab9301c4fcdfc5c6afce8167c53fd7524fdf9c4ffbac2ccf2750c
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/esc.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 87
Content-Type: text/javascript
Content-MD5: MzWhQFDU9gV7sBnPcFhDtA==
Last-Modified: Fri, 04 Apr 2025 11:18:49 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7909250C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9015261-f01e-0067-3a23-a6ee21000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/tapa.css | 20.150.114.100 | 200 OK | 20 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/tapa.css IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeassembler source, ASCII text, with CRLF line terminators Hash50709174280689209e0a1ce4290818cc 5b6115fb99094c21081cc559690bc9d3a8acd5de 863547e9f5235aa4208737d9d86f4d62aa4146acb258399089842f30e79627de
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/tapa.css HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 19500
Content-Type: text/css
Content-MD5: UHCRdCgGiSCeChzkKQgYzA==
Last-Modified: Fri, 04 Apr 2025 11:19:02 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A80C15161"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9015110-f01e-0067-0123-a6ee21000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:15 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/def.gif | 20.150.114.100 | 200 OK | 170 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/def.gif IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeGIF image data, version 89a, 668 x 331 Size170 kB (169529 bytes) Hash1b7d291318f642858a53057da140019a c1086f1918121d173bdb5b52cea2cdd8f449a5eb 35872af4a794ff3d791b41c4eb58879f4a382d634c7668cd6a5ff42d947c6eb2
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/def.gif HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 169529
Content-Type: image/gif
Content-MD5: G30pExj2QoWKUwV9oUABmg==
Last-Modified: Fri, 04 Apr 2025 11:18:50 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A79A1AC1D"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9015577-f01e-0067-7d23-a6ee21000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:16 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/winlo.png | 20.150.114.100 | 200 OK | 12 kB |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/winlo.png IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typePNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced Hash20fc730f7b1ae7b900f66dbc7ddc3fc3 06b0abaca87ae75f8ed24d043b84f84e8ce8a473 250008e9dc0fe4d75cdb46c8ba05ad92f49496361419cc526ebbddaefa2f84d2
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/winlo.png HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 12386
Content-Type: image/png
Content-MD5: IPxzD3sa57kA9m28fdw/ww==
Last-Modified: Fri, 04 Apr 2025 11:19:04 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A826E2FF6"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b901548a-f01e-0067-2323-a6ee21000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:16 GMT
|
|
| fresh13.z29.web.core.windows.net/werrx01USAHTML/bxsafe.js | 20.150.114.100 | 200 OK | 334 B |
URL GET fresh13.z29.web.core.windows.net/werrx01USAHTML/bxsafe.js IP20.150.114.100:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656 CertificateIssuerMicrosoft Corporation Subject*.web.core.windows.net Fingerprint79:EE:EE:4D:8A:A7:F9:8D:68:77:8D:1C:B7:11:6A:53:69:4E:7A:AE ValidityMon, 27 Jan 2025 11:03:21 GMT - Sat, 26 Jul 2025 11:03:21 GMT
File typeJavaScript source, ASCII text, with very long lines (362), with no line terminators Hash2a752673bf2cbdb91737433b29ddd174 279fa9fb45f855940b241e37a279e7481b7625b8 efff394ebd655989c01079fa4910b6ae5a071245103377edd577629197ce06b1
| Analyzer | Verdict | Alert |
|---|
| urlquery | scam | Scam - Fake AntiVirus / Security software |
GET /werrx01USAHTML/bxsafe.js HTTP/1.1
Host: fresh13.z29.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fresh13.z29.web.core.windows.net/werrx01USAHTML/?bcda=1-844-610-4656
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 334
Content-Type: text/javascript
Content-MD5: TMuv4ylK0MM9wiCZ2aZqyA==
Last-Modified: Fri, 04 Apr 2025 11:18:47 GMT
Accept-Ranges: bytes
ETag: "0x8DD736A7824A83A"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c9757542-b01e-002b-5f23-a67e11000000
x-ms-version: 2018-03-28
Date: Sat, 05 Apr 2025 12:09:14 GMT
|
|