Windows Analysis Report
https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm

Overview

General Information

Sample URL: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm
Analysis ID: 1448174
Infos:

Detection

HTMLPhisher
Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Snort IDS alert for network traffic
Yara detected HtmlPhish10
Yara detected HtmlPhish44
AI detected suspicious javascript
HTML page contains obfuscate javascript
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Invalid 'forgot password' link found
Invalid T&C link found
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm Avira URL Cloud: detection malicious, Label: phishing
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
Yara detected HtmlPhish10
Source: Yara match File source: 0.0.pages.csv, type: HTML
Yara detected HtmlPhish44
Source: Yara match File source: dropped/chromecache_75, type: DROPPED
AI detected suspicious javascript
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The code collects sensitive information such as customer number, PIN, passwords, and IP address, and sends it to a Telegram bot. This behavior is indicative of phishing or other malicious activity. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The JavaScript code captures sensitive user information such as customer number, PIN, full password, OTP, and IP address, and sends it to a Telegram bot. This behavior is indicative of phishing or other malicious activity aimed at stealing user credentials. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The JavaScript code captures sensitive user information such as customer number, PIN, passwords, and IP address, and sends it to an external server via a Telegram bot API. This behavior is indicative of phishing or other malicious activity. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The JavaScript code captures sensitive user information such as customer number, PIN, full password, OTP, and IP address, and sends it to a Telegram bot. This behavior is indicative of phishing or other malicious activity aimed at stealing user credentials. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The JavaScript code captures sensitive information such as customer number, PIN, full password, OTPs, and IP address, and sends it to an external server via a Telegram bot API. This behavior is indicative of phishing and data exfiltration, which are highly malicious activities. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The code captures sensitive information such as customer number, PIN, full password, and IP address, and sends it to a Telegram chat using a bot token. This behavior is indicative of phishing or malicious activity as it exfiltrates sensitive data to an external server. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The JavaScript code captures sensitive information such as customer number, PIN, full password, and IP address, and sends it to a remote server via a Telegram bot. This behavior is indicative of phishing or other malicious activity. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The JavaScript code captures sensitive information such as customer number, PIN, full password, OTP, and IP address, and sends it to a Telegram bot. This behavior is indicative of phishing and data exfiltration, which is highly malicious. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The JavaScript code captures sensitive information such as customer number, PIN, full password, OTPs, mobile number, and IP address, and sends it to a Telegram bot. This behavior is indicative of phishing or other malicious activity aimed at stealing personal and financial information. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 9 Reasons: The JavaScript code captures user input, including a customer number and IP address, and sends it to a Telegram bot. This behavior is indicative of phishing or data exfiltration, as it sends sensitive information to an external service without user consent. The use of a Telegram bot for data collection is a common tactic in malicious activities. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 8 Reasons: The JavaScript code decodes and writes HTML content dynamically using document.write and unescape, which can be used to inject malicious content. It collects sensitive information such as customer number and IP address, and sends it to an external URL (https://api.telegram.org) using an XMLHttpRequest. This behavior is indicative of phishing or data exfiltration. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The JavaScript code captures user input (customer number and IP address) and sends it to a Telegram bot. This behavior is indicative of phishing or data exfiltration, as it sends sensitive information to an external service without user consent. DOM: 0.0.pages.csv
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm LLM: Score: 10 Reasons: The JavaScript code captures sensitive information such as customer number, PIN, full password, OTPs, mobile number, and IP address, and sends it to a Telegram bot. This behavior is indicative of phishing or malicious activity aimed at stealing user credentials. DOM: 0.0.pages.csv
HTML page contains obfuscate javascript
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: document.write(unescape(%0A%3C%73%63%72%69%70%74%3E%0A%63%6F%6E%73%74%20%66%6F%72%6D%31%30%20%3D%20%
HTML body contains low number of good links
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: <input type="password" .../> found but no <form action="...
HTML title does not match URL
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: Title: Log in to Online Banking does not match URL
Invalid 'forgot password' link found
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: Invalid link: Forgotten your PIN or password?
Invalid T&C link found
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: Invalid link: Legal Info
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: Invalid link: Privacy & Cookies
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: Invalid link: Accessibility
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: <input type="password" .../> found
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: No <meta name="author".. found
Source: https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm HTTP Parser: No <meta name="copyright".. found
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49764 version: TLS 1.0
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49726 version: TLS 1.2

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2029493 ET CURRENT_EVENTS Possible Glitch.me Phishing Domain 192.168.2.5:53333 -> 1.1.1.1:53
Source: Traffic Snort IDS: 2029493 ET CURRENT_EVENTS Possible Glitch.me Phishing Domain 192.168.2.5:65435 -> 1.1.1.1:53
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49764 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /public/n0htu.htm HTTP/1.1Host: plastic-fringe-pentagon.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ip.js?var=userip HTTP/1.1Host: l2.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /master.css HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /master_mobile.css HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /npc.css HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /overlayPromptMaster.css HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /overlayPrompt.css HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /font-awesome.css HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /panel-defaults.css HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /main.css HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-2.2.3.js HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /n-w-logo.svg HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /li5_outer_frame_top_curve.gif HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eclipse.website.yandexcloud.net/master.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /radio-selected.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eclipse.website.yandexcloud.net/npc.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /plogo.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /error-marker.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /white-lock.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eclipse.website.yandexcloud.net/npc.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /RNHouseSansW05-Regular.woff2 HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://plastic-fringe-pentagon.glitch.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://eclipse.website.yandexcloud.net/master.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /RNHouseSansW05-Bold.woff2 HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://plastic-fringe-pentagon.glitch.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://eclipse.website.yandexcloud.net/master.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /n-w-logo.svg HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /down-chevron.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eclipse.website.yandexcloud.net/npc.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /check-box.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eclipse.website.yandexcloud.net/npc.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /combined-shape.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eclipse.website.yandexcloud.net/npc.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /RNHouseSansW05-Regular.woff HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://plastic-fringe-pentagon.glitch.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://eclipse.website.yandexcloud.net/master.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /radio-selected.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /plogo.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /li5_outer_frame_top_curve.gif HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /RNHouseSansW05-Bold.woff HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://plastic-fringe-pentagon.glitch.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://eclipse.website.yandexcloud.net/master.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /error-marker.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /white-lock.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /combined-shape.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /check-box.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /down-chevron.png HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /RNHouseSansW05-Regular.ttf HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://plastic-fringe-pentagon.glitch.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://eclipse.website.yandexcloud.net/master.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /RNHouseSansW05-Bold.ttf HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://plastic-fringe-pentagon.glitch.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://eclipse.website.yandexcloud.net/master.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://plastic-fringe-pentagon.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: eclipse.website.yandexcloud.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: plastic-fringe-pentagon.glitch.me
Source: global traffic DNS traffic detected: DNS query: eclipse.website.yandexcloud.net
Source: global traffic DNS traffic detected: DNS query: l2.io
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1716849843050&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 22:44:27 GMTContent-Type: text/html; charset=utf-8Content-Length: 225Connection: closeX-Amz-Request-Id: b578c83e56e57af3
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 22:44:27 GMTContent-Type: text/html; charset=utf-8Content-Length: 225Connection: closeX-Amz-Request-Id: fb2d6f9c1ae123e1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 22:44:28 GMTContent-Type: text/html; charset=utf-8Content-Length: 225Connection: closeX-Amz-Request-Id: 681f4a51291e1b48
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 22:44:29 GMTContent-Type: text/html; charset=utf-8Content-Length: 225Connection: closeX-Amz-Request-Id: ca79f098a887bab2
Source: chromecache_90.2.dr String found in binary or memory: http://bugs.jquery.com/ticket/12359
Source: chromecache_90.2.dr String found in binary or memory: http://bugs.jquery.com/ticket/13378
Source: chromecache_90.2.dr String found in binary or memory: http://dev.w3.org/csswg/cssom/#resolved-values
Source: chromecache_90.2.dr String found in binary or memory: http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
Source: chromecache_81.2.dr String found in binary or memory: http://fontawesome.io
Source: chromecache_81.2.dr String found in binary or memory: http://fontawesome.io/license
Source: chromecache_90.2.dr String found in binary or memory: http://jquery.com/
Source: chromecache_90.2.dr String found in binary or memory: http://jquery.org/license
Source: chromecache_90.2.dr String found in binary or memory: http://jsperf.com/getall-vs-sizzle/2
Source: chromecache_90.2.dr String found in binary or memory: http://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_90.2.dr String found in binary or memory: http://sizzlejs.com/
Source: chromecache_90.2.dr String found in binary or memory: http://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_76.2.dr String found in binary or memory: http://www.omniture.com
Source: chromecache_76.2.dr String found in binary or memory: http://www.rbs.com/schemas/rates
Source: chromecache_90.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_90.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_90.2.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
Source: chromecache_90.2.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
Source: chromecache_90.2.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_90.2.dr String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=229280
Source: chromecache_90.2.dr String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=378607
Source: chromecache_90.2.dr String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=449857
Source: chromecache_90.2.dr String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=470258
Source: chromecache_90.2.dr String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_90.2.dr String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_90.2.dr String found in binary or memory: https://github.com/jquery/jquery/pull/764
Source: chromecache_90.2.dr String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_90.2.dr String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_90.2.dr String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_76.2.dr String found in binary or memory: https://royalbankofscotland.122.2o7.net/b/ss/rbsnwphase2/1/H.21--NS/0?
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/AOhome
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/AOlifemoments
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/AOsupport
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/FSCSbrochure
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/business.ashx
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/corporate
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/international.ashx
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/onlineguide
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/premier
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/privacy-cookies
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/privacy-cookies&#39;
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/tools/general/nwolb_legals/accessibility.htm
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/tools/general/nwolb_legals/accessibility.htm&#39;
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/tools/general/nwolb_legals/security.htm
Source: chromecache_76.2.dr String found in binary or memory: https://www.natwest.com/tools/general/nwolb_legals/security.htm&#39;
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com//Brands/NWB/images/FSCS_Protected_Logo.png
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/Brands/mm.js
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/Login.aspx
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/PageNotFound.aspx#
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/PageNotFound.aspx#content
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/PageNotFound.aspx#menu
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/ServiceManagement/RedirectOutOfService.aspx?targettag=destination_ExitService&
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/TermsAndConditions.aspx
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/TermsAndConditions.aspx&#39;
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/brands/NWB/images/logo.png
Source: chromecache_76.2.dr String found in binary or memory: https://www.nwolb.com/brands/NWB/images/n-w-logo.svg
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: classification engine Classification label: mal80.phis.win@16/58@10/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2012,i,3164281449563933196,14320066541158217082,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2012,i,3164281449563933196,14320066541158217082,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1448174 URL: https://plastic-fringe-pent... Startdate: 28/05/2024 Architecture: WINDOWS Score: 80 26 Snort IDS alert for network traffic 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 Yara detected HtmlPhish44 2->30 32 3 other signatures 2->32 6 chrome.exe 9 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.5, 443, 49703, 49709 unknown unknown 6->14 16 192.168.2.4 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 website.yandexcloud.net 213.180.193.247, 443, 49714, 49715 YANDEXRU Russian Federation 11->20 22 www.google.com 142.250.185.132, 443, 49721, 49768 GOOGLEUS United States 11->22 24 3 other IPs or domains 11->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
213.180.193.247
 website.yandexcloud.net Russian Federation
13238 YANDEXRU false
142.250.185.132
 www.google.com United States
15169 GOOGLEUS false
34.197.201.171
 plastic-fringe-pentagon.glitch.me United States
14618 AMAZON-AESUS false
239.255.255.250
 unknown Reserved
unknown unknown false
195.80.159.133
 l2.io France
29152 DECKNET-ASFR false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name IP Active
bg.microsoft.map.fastly.net 199.232.214.172 true
l2.io 195.80.159.133 true
website.yandexcloud.net 213.180.193.247 true
www.google.com 142.250.185.132 true
plastic-fringe-pentagon.glitch.me 34.197.201.171 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
eclipse.website.yandexcloud.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://eclipse.website.yandexcloud.net/RNHouseSansW05-Regular.ttf false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/font-awesome.css false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/overlayPromptMaster.css false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/combined-shape.png false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/RNHouseSansW05-Bold.ttf false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/n-w-logo.svg false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/radio-selected.png false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/RNHouseSansW05-Regular.woff2 false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/npc.css false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/favicon.ico false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/down-chevron.png false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/error-marker.png false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/RNHouseSansW05-Regular.woff false
  • Avira URL Cloud: safe
 unknown
https://eclipse.website.yandexcloud.net/white-lock.png false
  • Avira URL Cloud: safe
 unknown
https://plastic-fringe-pentagon.glitch.me/public/n0htu.htm true
    		unknown
    https://l2.io/ip.js?var=userip false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/RNHouseSansW05-Bold.woff false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/master.css false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/master_mobile.css false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/jquery-2.2.3.js false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/main.css false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/panel-defaults.css false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/overlayPrompt.css false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/li5_outer_frame_top_curve.gif false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/plogo.png false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/RNHouseSansW05-Bold.woff2 false
    • Avira URL Cloud: safe
    		 unknown
    https://eclipse.website.yandexcloud.net/check-box.png false
    • Avira URL Cloud: safe
    		 unknown