Windows Analysis Report
https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

Overview

General Information

Sample URL:	https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html
Analysis ID:	1447751
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

AI detected suspicious javascript

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Multi AV Scanner detection for submitted file

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

Virustotal: Detection: 11%

Perma Link

Phishing

AI detected phishing page

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

LLM: Score: 9 brands: MetaMask Reasons: The URL 'https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html' does not match the legitimate domain for MetaMask, which is typically 'metamask.io'. The page requests the Secret Recovery Phrase, which is highly sensitive information and should not be entered on unverified sites. The domain name is suspicious and does not align with the official MetaMask domain. These factors strongly indicate that this is a phishing site. DOM: 0.0.pages.csv

AI detected suspicious javascript

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

LLM: Score: 8 Reasons: The JavaScript code reads text from the clipboard and automatically fills multiple input fields with the copied text. This behavior is often associated with phishing attacks, where users might be tricked into pasting sensitive information such as passwords or recovery phrases. The code also disables buttons based on this input, which could be used to manipulate user actions. DOM: 0.0.pages.csv

HTML body contains low number of good links

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

HTTP Parser: Title: MetaMask does not match URL

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html	HTTP Parser: No <meta name="author".. found

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ghupl.html HTTP/1.1Host: pub-dde186d3ef204edd89e847d256cdf5bd.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /full.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /confirm.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /eye-close.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tada.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /eye-close.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /confirm.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /full.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tada.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "e750678c869a938dddf312693503c986-ssl"
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "e750678c869a938dddf312693503c986-ssl"

Source: global traffic	DNS traffic detected: DNS query: pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: bestfilltype.netlify.app
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_67.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_66.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_70.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/confirm.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/eye-close.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/eye-open.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/full.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/icon.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/logo.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/tada.png
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_67.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_70.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_70.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_70.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: chromecache_67.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_67.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_67.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins:wght
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_67.2.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_67.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_67.2.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_67.2.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_70.2.dr	String found in binary or memory: https://mercifuljigga4real123.publicvm.com/fuc.php
Source: chromecache_70.2.dr	String found in binary or memory: https://metamask.io/
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_67.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_67.2.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@16/38@12/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2292,i,1715129150495164896,17283152211503269286,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2292,i,1715129150495164896,17283152211503269286,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.3.35	pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev	United States	13335	CLOUDFLARENETUS	true
18.192.231.252	bestfilltype.netlify.app	United States	16509	AMAZON-02US	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.156.224.161	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev	104.18.3.35	true
bg.microsoft.map.fastly.net	199.232.214.172	true
code.jquery.com	151.101.130.137	true
cdnjs.cloudflare.com	104.17.24.14	true
www.google.com	142.250.186.68	true
bestfilltype.netlify.app	18.192.231.252	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bestfilltype.netlify.app/full.png	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://bestfilltype.netlify.app/confirm.png	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false	URL Reputation: safe	unknown
https://code.jquery.com/jquery-3.3.1.js	false	URL Reputation: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://bestfilltype.netlify.app/icon.png	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://bestfilltype.netlify.app/logo.png	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html	true		unknown
https://bestfilltype.netlify.app/eye-close.png	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://bestfilltype.netlify.app/tada.png	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 54	Web Open Font Format (Version 2), TrueType, length 5552, version 1.0	AA42A9A3D4FC9951ED37945FF1AF85DC	6CD63D09CC1F526ABA20B654EF5B55F8104586C6	A526DAC26FCC645D428764B07FD6AE2AD3399129B75C22C8E149278157291189
Chrome Cache Entry: 55	Web Open Font Format (Version 2), TrueType, length 7884, version 1.0	9212F6F9860F9FC6C69B02FEDF6DB8C3	AC6D71B4D5FDD2B3DABC9A06FF6C001E4251DA0B	7D93459D86585BFCDBB7E0376056226ADB25821EE54B96236FE2123E9560929F
Chrome Cache Entry: 56	PNG image data, 51 x 51, 8-bit/color RGBA, non-interlaced	F419183716DF0C9BCEFFF5389522958C	CF56E3EF9C5B162BECE6DFFE9E1B220526F7AC7E	0DFA5859ACD573CAF7190FA333E1551503CC295EBABE5C7051C90CFBF9D190A9
Chrome Cache Entry: 57	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	94AB490CA05B42DCDFAF9252B8E81AB4	FFF88ED7570440539F9C26C54D8EF509ADC539D1	68BA91DB08E7F6E67D5AA7C6314427E93475C351F08131961B244D173E92E460
Chrome Cache Entry: 58	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	70F6CE04FAFBDD42AE82F89667156B97	566E9805C141E94477463232279D70117B2B3C2C	1F7FA9E9C13E554F4777775B767FD61834DAD108D696F6CE518122D629E62AF6
Chrome Cache Entry: 59	ASCII text, with very long lines (1100), with no line terminators	8E4F858DC43CE5CD88CB1EB0C7FBBB00	66A55745B6E025FBD0D919858F04B87FBB977D6E	2158C29A6D4F27D87634D2EA188345FECEB5D744A666EF20B079F3DB00A06344
Chrome Cache Entry: 60	PNG image data, 30 x 28, 8-bit/color RGBA, non-interlaced	5FDBA10B3DD02AB00A4746C1C1FDAB89	584F3275D15147C3CBE5B99468D6EFC9E407B45B	88746BDB585F8BF1DAA92CE979DBECF942F98C36E9E33AF52D5EE0BA43157306
Chrome Cache Entry: 61	Web Open Font Format (Version 2), TrueType, length 7816, version 1.0	25B0E113CA7CCE3770D542736DB26368	CB726212D5D525021752A1D8470A0FB593E0C49E	9338E65FC077355C7A87AE0D64CC101E23B9BF8AD78AE65F0F319C857311B526
Chrome Cache Entry: 62	PNG image data, 440 x 87, 8-bit/color RGBA, non-interlaced	658377D041ADD6DFF531446D93372623	6BC1F737C58EA71E6FC193D868D7C56E515D38C7	461EF0864ED3D660C3F24B34676A3704F4609BDF6EFC82720C9119C1606CB0A1
Chrome Cache Entry: 63	ASCII text, with very long lines (32030)	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
Chrome Cache Entry: 64	PNG image data, 30 x 28, 8-bit/color RGBA, non-interlaced	5FDBA10B3DD02AB00A4746C1C1FDAB89	584F3275D15147C3CBE5B99468D6EFC9E407B45B	88746BDB585F8BF1DAA92CE979DBECF942F98C36E9E33AF52D5EE0BA43157306
Chrome Cache Entry: 65	PNG image data, 197 x 46, 8-bit/color RGBA, non-interlaced	DFB72BACBB061E094FC7A7CDE620FD00	9799F5A0CA2AC4FF12A91C885380B8C74E99E879	8EF89F39E8D91C95215C408083A0F88791FA85DA70D5B68680B9E53A28D4C21E
Chrome Cache Entry: 66	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 67	ASCII text	6A07DA9FAE934BAF3F749E876BBFDD96	46A436EBA01C79ACDB225757ED80BF54BAD6416B	D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
Chrome Cache Entry: 68	PNG image data, 51 x 51, 8-bit/color RGBA, non-interlaced	F419183716DF0C9BCEFFF5389522958C	CF56E3EF9C5B162BECE6DFFE9E1B220526F7AC7E	0DFA5859ACD573CAF7190FA333E1551503CC295EBABE5C7051C90CFBF9D190A9
Chrome Cache Entry: 69	PNG image data, 197 x 46, 8-bit/color RGBA, non-interlaced	DFB72BACBB061E094FC7A7CDE620FD00	9799F5A0CA2AC4FF12A91C885380B8C74E99E879	8EF89F39E8D91C95215C408083A0F88791FA85DA70D5B68680B9E53A28D4C21E
Chrome Cache Entry: 70	HTML document, Unicode text, UTF-8 text, with very long lines (2144), with CRLF line terminators	DC3FEDCDB4005EAABF4255B4D2BF32E3	04C00F76B1CE3A7DF3DF96B2B6229F684D7B566F	9095ABB93543C00B147F3B463A0BEED2E9664F8D9D01DFD33C070543C03A53EA
Chrome Cache Entry: 71	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	70F6CE04FAFBDD42AE82F89667156B97	566E9805C141E94477463232279D70117B2B3C2C	1F7FA9E9C13E554F4777775B767FD61834DAD108D696F6CE518122D629E62AF6
Chrome Cache Entry: 72	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	94AB490CA05B42DCDFAF9252B8E81AB4	FFF88ED7570440539F9C26C54D8EF509ADC539D1	68BA91DB08E7F6E67D5AA7C6314427E93475C351F08131961B244D173E92E460
Chrome Cache Entry: 73	PNG image data, 440 x 87, 8-bit/color RGBA, non-interlaced	658377D041ADD6DFF531446D93372623	6BC1F737C58EA71E6FC193D868D7C56E515D38C7	461EF0864ED3D660C3F24B34676A3704F4609BDF6EFC82720C9119C1606CB0A1
Chrome Cache Entry: 74	ASCII text	3B584B90739AC2DE5A21FF884FFE5428	DDAE0070CBC299E32AB0F61A3BDEFA3A4D4D07BE	B54469A21994F21A482F3A8E006B7F887A973E9519C3D7D55D379FF2ACD33C87
Chrome Cache Entry: 75	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Multi AV Scanner detection for submitted file

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

Virustotal: Detection: 11%

Perma Link

Phishing

AI detected phishing page

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

AI detected suspicious javascript

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

HTML body contains low number of good links

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

HTTP Parser: Title: MetaMask does not match URL

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html	HTTP Parser: No <meta name="author".. found

Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ghupl.html HTTP/1.1Host: pub-dde186d3ef204edd89e847d256cdf5bd.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /full.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /confirm.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /eye-close.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tada.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /eye-close.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /confirm.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /full.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tada.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "e750678c869a938dddf312693503c986-ssl"
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "e750678c869a938dddf312693503c986-ssl"

Source: global traffic	DNS traffic detected: DNS query: pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: bestfilltype.netlify.app
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_67.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_66.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_70.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/confirm.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/eye-close.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/eye-open.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/full.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/icon.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/logo.png
Source: chromecache_70.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/tada.png
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: chromecache_67.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_67.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_70.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_70.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_70.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: chromecache_67.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_67.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_67.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins:wght
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_74.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_67.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_67.2.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_67.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_67.2.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_67.2.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_70.2.dr	String found in binary or memory: https://mercifuljigga4real123.publicvm.com/fuc.php
Source: chromecache_70.2.dr	String found in binary or memory: https://metamask.io/
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_67.2.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_67.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_67.2.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@16/38@12/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2292,i,1715129150495164896,17283152211503269286,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2292,i,1715129150495164896,17283152211503269286,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1447751
Product:	CloudBasic
Start time:	00:43:29
Start date:	27.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.html