Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
Avira URL Cloud: detection malicious, Label: phishing |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css |
Avira URL Cloud: Label: phishing |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
LLM: Score: 9 brands: OneDrive Reasons: The URL is highly suspicious as it does not match the legitimate domain for OneDrive (which is onedrive.live.com). The use of an IPFS (InterPlanetary File System) URL is unusual for a legitimate service like OneDrive. The page mimics the OneDrive interface, which is a common social engineering technique used in phishing attacks to deceive users into thinking they are on a legitimate site. DOM: 0.0.pages.csv |
Source: Yara match |
File source: 0.0.pages.csv, type: HTML |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
LLM: Score: 7 Reasons: The JavaScript code uses 'document.write' with 'unescape' to inject a large block of HTML into the document. This technique can be used to obfuscate malicious content or phishing attempts. Additionally, the inclusion of external stylesheets from potentially untrusted sources (e.g., officedocuments.com.ng) raises concerns about the integrity and safety of the content being loaded. DOM: 0.0.pages.csv |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
LLM: Score: 9 Reasons: The JavaScript code contains several red flags indicative of malicious activity: 1) It captures and sends form data, including potentially sensitive information like passwords, to an external URL (https://lavinosuae.com/yeh.php), which is a common tactic used in phishing attacks. 2) The code manipulates the DOM to display error messages and clear password fields, which can be used to trick users into repeatedly entering their credentials. 3) The code also includes commented-out sections that redirect users to a legitimate site (https://onedrive.com/), which is a common technique to make the malicious site appear more legitimate. DOM: 0.0.pages.csv |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
HTTP Parser: Number of links: 0 |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
HTTP Parser: Total embedded image size: 627461 |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
HTTP Parser: Title: My Files - OneDrive does not match URL |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
HTTP Parser: Invalid link: Sites help you work on projects with your team and share information from anywhere on any device. Create or follow sites to see them here. |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
HTTP Parser: Has password / email / username input fields |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
HTTP Parser: <input type="password" .../> found |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
HTTP Parser: No <meta name="author".. found |
Source: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/ |
HTTP Parser: No <meta name="copyright".. found |
Source: unknown |
HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49745 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49746 version: TLS 1.2 |
Source: global traffic |
TCP traffic: 192.168.2.4:49732 -> 1.1.1.1:53 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.46.162.224 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 2.19.104.72 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /npm/bootstrap@5.3.0-alpha3/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1Host: bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css HTTP/1.1Host: bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.comConnection: keep-aliveOrigin: http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=muvVP1KphtYtuo_loSEnHNzM4ZtDhTcMpJC6PrnAJV4-1716503173-1.0.1.1-76Om5iivMlEhd7837zD_OOjj5WUN1U4x4S5YtdNd7mG9fjkI87ziDqGeAZzXtWotIQlteB9bVd7G_os3znWElw |
Source: global traffic |
DNS traffic detected: DNS query: bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com |
Source: global traffic |
DNS traffic detected: DNS query: cdn.jsdelivr.net |
Source: global traffic |
DNS traffic detected: DNS query: officedocuments.com.ng |
Source: global traffic |
DNS traffic detected: DNS query: www.google.com |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 22:26:14 GMTContent-Type: text/plain; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 88887764ad8842b0-EWRCF-Cache-Status: EXPIREDAccess-Control-Allow-Origin: *Cache-Control: no-storeVary: Accept-Encodingaccess-control-allow-headers: Content-Typeaccess-control-allow-headers: Rangeaccess-control-allow-headers: User-Agentaccess-control-allow-headers: X-Requested-Withaccess-control-allow-methods: GETaccess-control-expose-headers: Content-Lengthaccess-control-expose-headers: Content-Rangeaccess-control-expose-headers: X-Chunked-Outputaccess-control-expose-headers: X-Ipfs-Pathaccess-control-expose-headers: X-Ipfs-Rootsaccess-control-expose-headers: X-Stream-Outputx-cf-ipfs-cache-status: missx-content-type-options: nosniffx-ipfs-path: /ipfs/bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu/cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.cssServer: cloudflareContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 ce 4b 12 82 30 0c 00 d0 bd a7 c8 b8 b7 19 45 65 c6 db f4 93 4a 21 6d 84 50 0a b7 f7 02 ee bc c0 9b 17 6d 62 0a b0 0a 2c a4 c2 1b 01 a6 4f 54 74 36 1e 8e 92 3f 44 6a 37 f7 d3 c3 65 be 0f fb cd cf 47 ea 8f 75 ec 9f 9b 9f de f7 21 52 dd 76 d7 f6 a1 ab ad 9b 79 68 ad a2 0f 65 54 e3 59 6a 88 6c 17 32 5e 32 da d1 ee c8 c9 29 46 29 eb c5 36 52 c9 84 4f 73 35 57 f4 aa 68 99 4d 4e c5 78 d5 17 14 01 4e 65 82 62 33 05 38 ff 12 cf 50 4b a0 05 fe 98 9e be 00 00 00 ff ff 0d 0a 61 0d 0a 03 00 Data Ascii: a5K0EeJ!mPmb,OTt6?Dj7eGu!RvyheTYjl2^2)F)6ROs5WhMNxNeb38PKa |
Source: chromecache_44.2.dr |
String found in binary or memory: https://getbootstrap.com/) |
Source: chromecache_44.2.dr |
String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE) |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49678 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49756 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49756 |
Source: unknown |
HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49745 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49746 version: TLS 1.2 |
Source: classification engine |
Classification label: mal76.phis.win@16/9@9/8 |
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2484,i,13484271707041999364,4180294912672599584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bafybeicyoou3q7k5bml4hx2cqyi7ytj76vckg4hfeuvxbwxh3uw3qlhwwu.ipfs.cf-ipfs.com/" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2484,i,13484271707041999364,4180294912672599584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |