Windows Analysis Report
http://review-page-violation-issue-meta-center.vercel.app/

Overview

General Information

Sample URL:	http://review-page-violation-issue-meta-center.vercel.app/
Analysis ID:	1466497
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://review-page-violation-issue-meta-center.vercel.app/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://review-page-violation-issue-meta-center.vercel.app/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://review-page-violation-issue-meta-center.vercel.app/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://review-page-violation-issue-xi.vercel.app/index-user.css	Avira URL Cloud: Label: phishing
Source: https://verified-badge.surge.sh/static/media/fbVideo.png.1fd476160a3ed7a2f565.png	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://review-page-violation-issue-xi.vercel.app

LLM: Score: 9 brands: Facebook Reasons: The URL 'https://review-page-violation-issue-xi.vercel.app' is highly suspicious as it does not match the legitimate domain name 'facebook.com' associated with the Facebook brand. The page prominently displays a login form requesting sensitive information (c_user and xs), which is a common tactic used in phishing attacks. The page also uses social engineering techniques by claiming there is a 'Page Violation' to create a sense of urgency and trick users into providing their credentials. Additionally, the domain name is hosted on 'vercel.app', which is not associated with Facebook. There is no CAPTCHA present, which is often used on legitimate sites to prevent automated attacks. Based on these factors, it is highly likely that this site is a phishing site. DOM: 1.1.pages.csv

Phishing site detected (based on favicon image match)

Source: https://review-page-violation-issue-xi.vercel.app/form.html

Matcher: Template: facebook matched with high similarity

Source: https://review-page-violation-issue-meta-center.vercel.app/	HTTP Parser: No favicon
Source: https://cdn.glitch.global/07e008b6-db29-44ab-8f97-cf6860d16bfe/detailed%20video.mp4?v=1719424079780	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49714 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: review-page-violation-issue-meta-center.vercel.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: review-page-violation-issue-meta-center.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://review-page-violation-issue-meta-center.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /form.html HTTP/1.1Host: review-page-violation-issue-xi.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://review-page-violation-issue-meta-center.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index-user.css HTTP/1.1Host: review-page-violation-issue-xi.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://review-page-violation-issue-xi.vercel.app/form.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /static/media/fbVideo.png.1fd476160a3ed7a2f565.png HTTP/1.1Host: verified-badge.surge.shConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://review-page-violation-issue-xi.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQEAEmFo5b5hYO+GYWTv/mFk7/5hZO/+YWTv/mFg74ZhaOW+AQEAEAAAAAAAAAAAAAAAAAAAAAAAAAACWWjwRmFg7wphZO/+YWTv/oWhN/7uRff+ufWb/mFk7/5hZO/+YWTv/mFg7wpZaPBEAAAAAAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/7SGcP//////2sS5/5hZO/+YWTv/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAmFo5b5hZO/+YWTv/mFk7/5hZO/+0hnD//////9rEuf+YWTv/mFk7/5hZO/+YWTv/mFk7/5haOW8AAAAA/wAAAZhYO+GYWTv/mFk7/5hZO/+YWTv/tIZw///////axLn/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWDvh/wAAAZdXOiyYWTv/mFk7/5hZO/+YWTv/mFk7/7SGcP//////2sS5/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5dXOiyYVzpPmFk7/5hZO/+YWTv/mFk7/6x6Yv/Nr6D//////+fY0f+6kX3/qnZd/5hZO/+YWTv/mFk7/5hZO/+YVzpPmFc6T5hZO/+YWTv/mFk7/5hZO//VvLD//////////////////////9G1qP+YWTv/mFk7/5hZO/+YWTv/mFc6T5dXOiyYWTv/mFk7/5hZO/+YWTv/tYhz/9fAtP//////7ODb/8iomP+1iHL/mFk7/5hZO/+YWTv/mFk7/5dXOiz/AAABmFg74ZhZO/+YWTv/mFk7/5hZO/+0hnD//////9rEuv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hYO+H/AAABAAAAAJhaOW+YWTv/mFk7/5hZO/+YWTv/rnxk///////x6eX/xKGQ/7CAav+YWTv/mFk7/5hZO/+YWjlvAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/5haPP/i0Mj////////////TuKz/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAAAAAAJZaPBGYWDvCmFk7/5hZO/+YWTv/mVo8/7CAaf+6kHz/qnZd/5hZO/+YWDvCllo8EQAAAAAAAAAAAAAAAAAAAAAAAAAAgEBABJhaOW+YWDvhmFk7/5hZO/+YWTv/mFk7/5hYO+GYWjlvgEBABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAACAAAABAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZZjMFm1g7PZdZOnOYWTqVl1k6p5dZOqeYWTqVl1k6c5tYOz2ZZjMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZWTkol1k7mJhZO++YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO++XWTuYmVk5KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPYEAQmFg6mZhZO/yYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv8mFg6mY9gQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmFg7NJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74ZhYOzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJhZO0WZWTv0mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/vpeE/97KwP/eysD/3srA/6x6Yv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JhZO0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVVzo1mVk79JhZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO//Qs6b/////////////////tol0/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JVXOjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn2BAEJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/9Czpv////////////////+2iXT/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74Z9gQBAAAAAAAAAAAAAAAAA
Source: global traffic	HTTP traffic detected: GET /AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQEAEmFo5b5hYO+GYWTv/mFk7/5hZO/+YWTv/mFg74ZhaOW+AQEAEAAAAAAAAAAAAAAAAAAAAAAAAAACWWjwRmFg7wphZO/+YWTv/oWhN/7uRff+ufWb/mFk7/5hZO/+YWTv/mFg7wpZaPBEAAAAAAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/7SGcP/2sS5/5hZO/+YWTv/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAmFo5b5hZO/+YWTv/mFk7/5hZO/+0hnD/9rEuf+YWTv/mFk7/5hZO/+YWTv/mFk7/5haOW8AAAAA/wAAAZhYO+GYWTv/mFk7/5hZO/+YWTv/tIZw/axLn/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWDvh/wAAAZdXOiyYWTv/mFk7/5hZO/+YWTv/mFk7/7SGcP/2sS5/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5dXOiyYVzpPmFk7/5hZO/+YWTv/mFk7/6x6Yv/Nr6D/+fY0f+6kX3/qnZd/5hZO/+YWTv/mFk7/5hZO/+YVzpPmFc6T5hZO/+YWTv/mFk7/5hZO/VvLD/9G1qP+YWTv/mFk7/5hZO/+YWTv/mFc6T5dXOiyYWTv/mFk7/5hZO/+YWTv/tYhz/9fAtP/7ODb/8iomP+1iHL/mFk7/5hZO/+YWTv/mFk7/5dXOiz/AAABmFg74ZhZO/+YWTv/mFk7/5hZO/+0hnD/9rEuv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hYO+H/AAABAAAAAJhaOW+YWTv/mFk7/5hZO/+YWTv/rnxk/x6eX/xKGQ/7CAav+YWTv/mFk7/5hZO/+YWjlvAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/5haPP/i0Mj/TuKz/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAAAAAAJZaPBGYWDvCmFk7/5hZO/+YWTv/mVo8/7CAaf+6kHz/qnZd/5hZO/+YWDvCllo8EQAAAAAAAAAAAAAAAAAAAAAAAAAAgEBABJhaOW+YWDvhmFk7/5hZO/+YWTv/mFk7/5hYO+GYWjlvgEBABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAACAAAABAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZZjMFm1g7PZdZOnOYWTqVl1k6p5dZOqeYWTqVl1k6c5tYOz2ZZjMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZWTkol1k7mJhZO++YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO++XWTuYmVk5KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPYEAQmFg6mZhZO/yYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv8mFg6mY9gQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmFg7NJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74ZhYOzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJhZO0WZWTv0mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/vpeE/97KwP/eysD/3srA/6x6Yv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JhZO0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVVzo1mVk79JhZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/Qs6b/tol0/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JVXOjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn2BAEJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/9Czpv/+2iXT/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74Z9gQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYWDqZmFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/0LOm/7aJdP+YWTv/mFk7/5hZO/+YWTv/mFk7/5
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/6/6c/Facebook_Logo_2023.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://review-page-violation-issue-xi.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/media/fbVideo.png.1fd476160a3ed7a2f565.png HTTP/1.1Host: verified-badge.surge.shConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/6/6c/Facebook_Logo_2023.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: review-page-violation-issue-meta-center.vercel.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: review-page-violation-issue-meta-center.vercel.app
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: review-page-violation-issue-xi.vercel.app
Source: global traffic	DNS traffic detected: DNS query: time.windows.com
Source: global traffic	DNS traffic detected: DNS query: cdn.glitch.global
Source: global traffic	DNS traffic detected: DNS query: verified-badge.surge.sh
Source: global traffic	DNS traffic detected: DNS query: upload.wikimedia.org

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: public, max-age=0, must-revalidateContent-Length: 39Content-Type: text/plain; charset=utf-8Date: Tue, 02 Jul 2024 22:40:28 GMTServer: VercelStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Vercel-Error: NOT_FOUNDX-Vercel-Id: iad1::6595n-1719960028877-ede2e134a771Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: public, max-age=0, must-revalidateContent-Length: 39Content-Type: text/plain; charset=utf-8Date: Tue, 02 Jul 2024 22:40:36 GMTServer: VercelStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Vercel-Error: NOT_FOUNDX-Vercel-Id: iad1::rrb99-1719960036294-2e6b462ce874Connection: close

Source: chromecache_75.2.dr	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: chromecache_68.2.dr	String found in binary or memory: https://api.web3forms.com/submit
Source: chromecache_71.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=935729
Source: chromecache_71.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=999088
Source: chromecache_71.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=195016)
Source: chromecache_71.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=201297)
Source: chromecache_71.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=190655)
Source: chromecache_68.2.dr	String found in binary or memory: https://cdn.glitch.global/07e008b6-db29-44ab-8f97-cf6860d16bfe/detailed%20video.mp4?v=1719424079780
Source: chromecache_68.2.dr	String found in binary or memory: https://cdn.glitch.global/38680663-fd6c-4cfc-921a-6d69fd66649d/images-removebg-preview.png?v=1704368
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/jensimmons/cssremedy/issues/14#issuecomment-634934210)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/14)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/4)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/mozilla/gecko-dev/blob/2f9eacd9d3d995c937b4251a5557d95d494c9be1/layout/style/res/
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/tailwindcss/tailwindcss/pull/116)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/tailwindlabs/tailwindcss/issues/3300)
Source: chromecache_80.2.dr	String found in binary or memory: https://review-page-violation-issue-xi.vercel.app/form.html
Source: chromecache_71.2.dr	String found in binary or memory: https://tailwindcss.com
Source: chromecache_68.2.dr	String found in binary or memory: https://transparency.meta.com/en-gb/policies/community-standards/
Source: chromecache_68.2.dr	String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/6/6c/Facebook_Logo_2023.png
Source: chromecache_68.2.dr	String found in binary or memory: https://verified-badge.surge.sh/static/media/fbVideo.png.1fd476160a3ed7a2f565.png

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49714 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@21/53@25/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2180,i,14074570221467818592,8360864355931828750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://review-page-violation-issue-meta-center.vercel.app/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4424 --field-trial-handle=2180,i,14074570221467818592,8360864355931828750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2180,i,14074570221467818592,8360864355931828750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4424 --field-trial-handle=2180,i,14074570221467818592,8360864355931828750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
76.76.21.123	review-page-violation-issue-xi.vercel.app	United States	16509	AMAZON-02US	true
138.197.235.123	verified-badge.surge.sh	United States	14061	DIGITALOCEAN-ASNUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.15.59.240	upload.wikimedia.org	Netherlands	14907	WIKIMEDIAUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
76.76.21.93	review-page-violation-issue-meta-center.vercel.app	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.7
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
verified-badge.surge.sh	138.197.235.123	true
www.google.com	142.250.186.164	true
review-page-violation-issue-xi.vercel.app	76.76.21.123	true
review-page-violation-issue-meta-center.vercel.app	76.76.21.93	true
upload.wikimedia.org	185.15.59.240	true
time.windows.com	unknown	unknown
cdn.glitch.global	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://review-page-violation-issue-meta-center.vercel.app/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://upload.wikimedia.org/wikipedia/commons/6/6c/Facebook_Logo_2023.png	false	Avira URL Cloud: safe	unknown
https://cdn.glitch.global/07e008b6-db29-44ab-8f97-cf6860d16bfe/detailed%20video.mp4?v=1719424079780	false		unknown
https://review-page-violation-issue-xi.vercel.app/index-user.css	true	Avira URL Cloud: phishing	unknown
https://review-page-violation-issue-meta-center.vercel.app/	false		unknown
https://review-page-violation-issue-xi.vercel.app/form.html	true		unknown
http://review-page-violation-issue-meta-center.vercel.app/	true		unknown
https://verified-badge.surge.sh/static/media/fbVideo.png.1fd476160a3ed7a2f565.png	false	Avira URL Cloud: phishing	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 65	data	7F439D8C7B708AEF67BA7912B3D91F14	E944527D04E8EC74283E1E2C7008F57B774E9CEA	8326FBB48FFCAC4E7FFFFC020E2E52F6F558E990ACEBDE4C65C4019A0F295E95
Chrome Cache Entry: 66	PNG image data, 2084 x 2084, 8-bit/color RGBA, non-interlaced	E4DA23704F27C9DF07E6C21A13E28BFD	AF6F06778B34A6B7844168F257FFF50611BC7DD9	2ADFD474D91FD20C51084309ED000C1AE6CC7F5F70AF14D375930F5A71301308
Chrome Cache Entry: 67	PNG image data, 466 x 275, 8-bit/color RGB, non-interlaced	F530BCADF85C359AC2472FF403A5AF4D	106DEDE0B761C9C3C8CE43BBE4D525A065C50FAF	EE8F03C7BC16DD1848838907E76672FE2043F2EFD7B3124C50FBD7E1CDF1A2BD
Chrome Cache Entry: 68	HTML document, ASCII text, with very long lines (35922)	752D850FD3237368955E1283E534851C	A89D26F39D4A5B1DA104FAF06AC317FF36DB4980	6E1D365F9AD8981B173733EB030927D77C27EE77F773958A4A839C13A5F09F45
Chrome Cache Entry: 69	ASCII text	D4AC7F1BBA70BA87C56E6D93092B7CCA	96492A95A7F9153EED58A3598C4CCE56EDC6F8D1	91218093A08027E8F69C8051F9DEEF1FE6C22B278B3F6BDF761E7587CB272774
Chrome Cache Entry: 70	data	7284B4814D17C4DE764F59B5036A36FE	914ED34C72EC3168E7FBD5A274BE2E9B543BDB2B	EEAB7D92590A957C5305B9CA789363FFACA1545923C688004B5CFBB38000EC2C
Chrome Cache Entry: 71	ASCII text	7616967CBB9D6FB41CC888E53048EC3F	EA21BDA6ABCE5AD82D2BB03EBF00943105D1567F	51A5BFE2C0863B87AB76777C871FADCD1DD32A0B1485560725814887EB13F325
Chrome Cache Entry: 72	data	D9DB92223D0DD204FFF6C50CBBEA155D	241E13878EDAB084AF34DBD36BEDC9D40419FFC8	F6E3294410AB70EBF6E49748B53C1C5CDCCD1A8467A44D38EBAFAAD3B43F9F39
Chrome Cache Entry: 73	data	4BAA0ADE1B489EB24A83E1585862F9F0	CDEDAEA4EB3B5BED2F411E1EEC3D8D7B8ACEADAB	F6E405A4F20D7819D423AC0F6CA965ADE98642B984A4ABAF6759AD11B0538CEF
Chrome Cache Entry: 74	PNG image data, 2084 x 2084, 8-bit/color RGBA, non-interlaced	E4DA23704F27C9DF07E6C21A13E28BFD	AF6F06778B34A6B7844168F257FFF50611BC7DD9	2ADFD474D91FD20C51084309ED000C1AE6CC7F5F70AF14D375930F5A71301308
Chrome Cache Entry: 75	ISO Media, MP4 v2 [ISO 14496-14]	DD3247B63BD73BEF167A104CF6B93F90	207290BC761ABC79EFD11EAD3743BFF2DD167296	DA64764314B16BD5D578F4BE773E7FFF23381537300CDAEF2A5059F6C6A78E69
Chrome Cache Entry: 76	ASCII text, with no line terminators	E06C387C193DE08A9E889BAE6C33CAA0	204F9792EAA0B809FECA59F462ED47EE32543830	3C61E05D4FD5150E07EB08721BF4CC97FCAD7D6FA5E8CC057DD90D5D72CAD160
Chrome Cache Entry: 77	data	73246004079A58489FAE5EAF2B135370	C2DFB987F7BD899B2015FDCBC5BC997BF2658996	6BFB6651D02208ED2C8B100234AD6DECCD340DBA766F7691871A00999608DB11
Chrome Cache Entry: 80	HTML document, ASCII text	54739C1FC056382F73C213572F494BE2	A17F2B21352441563148139FD0CBC501CD1CDE24	F7E133B9A4B80B9AA3DE9EA7ADE28F7158155EC4E722383E22D0946C9EDFAF14
Chrome Cache Entry: 81	data	04095854A528A7301A749F6E0CF531BE	E4A12A364365FBD6C30A56A8B495F0F6FE170D12	14F534F9913B87D6F66E1A71FD09B0D3B418AC5486E01B5FF677568B4D129DA2
Chrome Cache Entry: 82	data	606F86AC340B35CBB7577FD009B2DDB7	D8AB0752F1D24AF6E6F473D50589F986194F752A	E0FCA6C164A380332585D531F124BA33A4A379AF579141D6905BDEDBFB37A3E5
Chrome Cache Entry: 83	data	F522F816E11F5F32037C23DF00A2FAAB	5D6C4B05E25969A463F2A2A2DC1BDC392325D274	2C0CC4BD0BCBC9EA8390D951ACAD53C253B8B88D28ABF5DED7C9F43620A9F5AD
Chrome Cache Entry: 84	ASCII text	D4AC7F1BBA70BA87C56E6D93092B7CCA	96492A95A7F9153EED58A3598C4CCE56EDC6F8D1	91218093A08027E8F69C8051F9DEEF1FE6C22B278B3F6BDF761E7587CB272774
Chrome Cache Entry: 85	PNG image data, 466 x 275, 8-bit/color RGB, non-interlaced	F530BCADF85C359AC2472FF403A5AF4D	106DEDE0B761C9C3C8CE43BBE4D525A065C50FAF	EE8F03C7BC16DD1848838907E76672FE2043F2EFD7B3124C50FBD7E1CDF1A2BD
Chrome Cache Entry: 86	PNG image data, 225 x 224, 8-bit/color RGBA, non-interlaced	4E51E07483C97F85A2F8EFA893633AC7	F63C4174F2E4C85C6A7AD0EE5F10316EDE74F802	780218A74810758B68FB25F47896CCC39A8E5FB97A7E1003BC14EB24EAB108C9
Chrome Cache Entry: 87	data	5AC3FFE8067BD202819C337B6F41C0DF	D33633F650C823F86E027AAA82F84E769CE5850F	A5F323FFF445CDCDD3DE0F5EC03A6398F29722B21C3538EEBCAAFCC65751DEA5
Chrome Cache Entry: 88	PNG image data, 225 x 224, 8-bit/color RGBA, non-interlaced	4E51E07483C97F85A2F8EFA893633AC7	F63C4174F2E4C85C6A7AD0EE5F10316EDE74F802	780218A74810758B68FB25F47896CCC39A8E5FB97A7E1003BC14EB24EAB108C9
Chrome Cache Entry: 89	data	F0044FFDB2DBB3C4ADED0262C8462EC1	B8E6F197CA5C7DFE982579AC0C7E3191D5393517	E450B34620FF2C0F529B7FBB3749AD0240806EEF9688E8074DFFFAEDDE1717CC
Chrome Cache Entry: 90	data	DC51B15FE5907CFCA8AB02DB1D7BFC68	922052E3AA790BF3D995EA034DB510F395C1EBCC	F274CEB8DCEC3984BF15B97F7D2A00A655CB6B55C43F9435D61D8DEA3531E716
Chrome Cache Entry: 91	data	273651951AC9AD3038CCCF2B1D9B8C41	60364D94E0093A2BBC7AC48004C36262BB3FC0F6	6179B232B1B6CEA7793BA5816D667727E1647AC57C5196FC8A067BEA03441779
Chrome Cache Entry: 92	data	B1C79A8E6ABEA922D4A06146FBE1FAC5	B77BDA0D25D6FE43F6605459C7FE213E44EA3AF5	7AC7A0C37BCE6ACB4A34AE3D998E50EB2001B9C76A836756115CC08D5A51A361
Chrome Cache Entry: 93	ASCII text, with no line terminators	DF85724122986C36CF566394A7630EB5	25A66395B2BC1367E52B5C8906D87B3203436DDA	3805627B2B903BF76A38B44002E6867810B92EBA0DE2EF328B91022641A8B6E4
Chrome Cache Entry: 94	data	109C546F61DA4C55D5DD9F9BF4754458	E541337ECB2CD52E72D497EC338BB8BBE6E814DF	EE4BE29649F5B2EF71BEE46975DCD0044DEA7F6E5B9A985B0781C8E79D1B2123

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://review-page-violation-issue-meta-center.vercel.app/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://review-page-violation-issue-meta-center.vercel.app/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://review-page-violation-issue-meta-center.vercel.app/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://review-page-violation-issue-xi.vercel.app/index-user.css	Avira URL Cloud: Label: phishing
Source: https://verified-badge.surge.sh/static/media/fbVideo.png.1fd476160a3ed7a2f565.png	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://review-page-violation-issue-xi.vercel.app

Phishing site detected (based on favicon image match)

Source: https://review-page-violation-issue-xi.vercel.app/form.html

Matcher: Template: facebook matched with high similarity

Source: https://review-page-violation-issue-meta-center.vercel.app/	HTTP Parser: No favicon
Source: https://cdn.glitch.global/07e008b6-db29-44ab-8f97-cf6860d16bfe/detailed%20video.mp4?v=1719424079780	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49714 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: review-page-violation-issue-meta-center.vercel.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: review-page-violation-issue-meta-center.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://review-page-violation-issue-meta-center.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /form.html HTTP/1.1Host: review-page-violation-issue-xi.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://review-page-violation-issue-meta-center.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index-user.css HTTP/1.1Host: review-page-violation-issue-xi.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://review-page-violation-issue-xi.vercel.app/form.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /static/media/fbVideo.png.1fd476160a3ed7a2f565.png HTTP/1.1Host: verified-badge.surge.shConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://review-page-violation-issue-xi.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQEAEmFo5b5hYO+GYWTv/mFk7/5hZO/+YWTv/mFg74ZhaOW+AQEAEAAAAAAAAAAAAAAAAAAAAAAAAAACWWjwRmFg7wphZO/+YWTv/oWhN/7uRff+ufWb/mFk7/5hZO/+YWTv/mFg7wpZaPBEAAAAAAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/7SGcP//////2sS5/5hZO/+YWTv/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAmFo5b5hZO/+YWTv/mFk7/5hZO/+0hnD//////9rEuf+YWTv/mFk7/5hZO/+YWTv/mFk7/5haOW8AAAAA/wAAAZhYO+GYWTv/mFk7/5hZO/+YWTv/tIZw///////axLn/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWDvh/wAAAZdXOiyYWTv/mFk7/5hZO/+YWTv/mFk7/7SGcP//////2sS5/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5dXOiyYVzpPmFk7/5hZO/+YWTv/mFk7/6x6Yv/Nr6D//////+fY0f+6kX3/qnZd/5hZO/+YWTv/mFk7/5hZO/+YVzpPmFc6T5hZO/+YWTv/mFk7/5hZO//VvLD//////////////////////9G1qP+YWTv/mFk7/5hZO/+YWTv/mFc6T5dXOiyYWTv/mFk7/5hZO/+YWTv/tYhz/9fAtP//////7ODb/8iomP+1iHL/mFk7/5hZO/+YWTv/mFk7/5dXOiz/AAABmFg74ZhZO/+YWTv/mFk7/5hZO/+0hnD//////9rEuv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hYO+H/AAABAAAAAJhaOW+YWTv/mFk7/5hZO/+YWTv/rnxk///////x6eX/xKGQ/7CAav+YWTv/mFk7/5hZO/+YWjlvAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/5haPP/i0Mj////////////TuKz/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAAAAAAJZaPBGYWDvCmFk7/5hZO/+YWTv/mVo8/7CAaf+6kHz/qnZd/5hZO/+YWDvCllo8EQAAAAAAAAAAAAAAAAAAAAAAAAAAgEBABJhaOW+YWDvhmFk7/5hZO/+YWTv/mFk7/5hYO+GYWjlvgEBABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAACAAAABAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZZjMFm1g7PZdZOnOYWTqVl1k6p5dZOqeYWTqVl1k6c5tYOz2ZZjMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZWTkol1k7mJhZO++YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO++XWTuYmVk5KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPYEAQmFg6mZhZO/yYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv8mFg6mY9gQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmFg7NJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74ZhYOzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJhZO0WZWTv0mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/vpeE/97KwP/eysD/3srA/6x6Yv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JhZO0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVVzo1mVk79JhZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO//Qs6b/////////////////tol0/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JVXOjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn2BAEJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/9Czpv////////////////+2iXT/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74Z9gQBAAAAAAAAAAAAAAAAA
Source: global traffic	HTTP traffic detected: GET /AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQEAEmFo5b5hYO+GYWTv/mFk7/5hZO/+YWTv/mFg74ZhaOW+AQEAEAAAAAAAAAAAAAAAAAAAAAAAAAACWWjwRmFg7wphZO/+YWTv/oWhN/7uRff+ufWb/mFk7/5hZO/+YWTv/mFg7wpZaPBEAAAAAAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/7SGcP/2sS5/5hZO/+YWTv/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAmFo5b5hZO/+YWTv/mFk7/5hZO/+0hnD/9rEuf+YWTv/mFk7/5hZO/+YWTv/mFk7/5haOW8AAAAA/wAAAZhYO+GYWTv/mFk7/5hZO/+YWTv/tIZw/axLn/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWDvh/wAAAZdXOiyYWTv/mFk7/5hZO/+YWTv/mFk7/7SGcP/2sS5/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5dXOiyYVzpPmFk7/5hZO/+YWTv/mFk7/6x6Yv/Nr6D/+fY0f+6kX3/qnZd/5hZO/+YWTv/mFk7/5hZO/+YVzpPmFc6T5hZO/+YWTv/mFk7/5hZO/VvLD/9G1qP+YWTv/mFk7/5hZO/+YWTv/mFc6T5dXOiyYWTv/mFk7/5hZO/+YWTv/tYhz/9fAtP/7ODb/8iomP+1iHL/mFk7/5hZO/+YWTv/mFk7/5dXOiz/AAABmFg74ZhZO/+YWTv/mFk7/5hZO/+0hnD/9rEuv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hYO+H/AAABAAAAAJhaOW+YWTv/mFk7/5hZO/+YWTv/rnxk/x6eX/xKGQ/7CAav+YWTv/mFk7/5hZO/+YWjlvAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/5haPP/i0Mj/TuKz/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAAAAAAJZaPBGYWDvCmFk7/5hZO/+YWTv/mVo8/7CAaf+6kHz/qnZd/5hZO/+YWDvCllo8EQAAAAAAAAAAAAAAAAAAAAAAAAAAgEBABJhaOW+YWDvhmFk7/5hZO/+YWTv/mFk7/5hYO+GYWjlvgEBABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAACAAAABAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZZjMFm1g7PZdZOnOYWTqVl1k6p5dZOqeYWTqVl1k6c5tYOz2ZZjMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZWTkol1k7mJhZO++YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO++XWTuYmVk5KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPYEAQmFg6mZhZO/yYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv8mFg6mY9gQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmFg7NJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74ZhYOzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJhZO0WZWTv0mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/vpeE/97KwP/eysD/3srA/6x6Yv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JhZO0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVVzo1mVk79JhZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/Qs6b/tol0/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JVXOjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn2BAEJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/9Czpv/+2iXT/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74Z9gQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYWDqZmFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/0LOm/7aJdP+YWTv/mFk7/5hZO/+YWTv/mFk7/5
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/6/6c/Facebook_Logo_2023.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://review-page-violation-issue-xi.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/media/fbVideo.png.1fd476160a3ed7a2f565.png HTTP/1.1Host: verified-badge.surge.shConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/6/6c/Facebook_Logo_2023.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: review-page-violation-issue-meta-center.vercel.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: review-page-violation-issue-meta-center.vercel.app
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: review-page-violation-issue-xi.vercel.app
Source: global traffic	DNS traffic detected: DNS query: time.windows.com
Source: global traffic	DNS traffic detected: DNS query: cdn.glitch.global
Source: global traffic	DNS traffic detected: DNS query: verified-badge.surge.sh
Source: global traffic	DNS traffic detected: DNS query: upload.wikimedia.org

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: public, max-age=0, must-revalidateContent-Length: 39Content-Type: text/plain; charset=utf-8Date: Tue, 02 Jul 2024 22:40:28 GMTServer: VercelStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Vercel-Error: NOT_FOUNDX-Vercel-Id: iad1::6595n-1719960028877-ede2e134a771Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: public, max-age=0, must-revalidateContent-Length: 39Content-Type: text/plain; charset=utf-8Date: Tue, 02 Jul 2024 22:40:36 GMTServer: VercelStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Vercel-Error: NOT_FOUNDX-Vercel-Id: iad1::rrb99-1719960036294-2e6b462ce874Connection: close

Source: chromecache_75.2.dr	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: chromecache_68.2.dr	String found in binary or memory: https://api.web3forms.com/submit
Source: chromecache_71.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=935729
Source: chromecache_71.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=999088
Source: chromecache_71.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=195016)
Source: chromecache_71.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=201297)
Source: chromecache_71.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=190655)
Source: chromecache_68.2.dr	String found in binary or memory: https://cdn.glitch.global/07e008b6-db29-44ab-8f97-cf6860d16bfe/detailed%20video.mp4?v=1719424079780
Source: chromecache_68.2.dr	String found in binary or memory: https://cdn.glitch.global/38680663-fd6c-4cfc-921a-6d69fd66649d/images-removebg-preview.png?v=1704368
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/jensimmons/cssremedy/issues/14#issuecomment-634934210)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/14)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/4)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/mozilla/gecko-dev/blob/2f9eacd9d3d995c937b4251a5557d95d494c9be1/layout/style/res/
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/tailwindcss/tailwindcss/pull/116)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/tailwindlabs/tailwindcss/issues/3300)
Source: chromecache_80.2.dr	String found in binary or memory: https://review-page-violation-issue-xi.vercel.app/form.html
Source: chromecache_71.2.dr	String found in binary or memory: https://tailwindcss.com
Source: chromecache_68.2.dr	String found in binary or memory: https://transparency.meta.com/en-gb/policies/community-standards/
Source: chromecache_68.2.dr	String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/6/6c/Facebook_Logo_2023.png
Source: chromecache_68.2.dr	String found in binary or memory: https://verified-badge.surge.sh/static/media/fbVideo.png.1fd476160a3ed7a2f565.png

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49714 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@21/53@25/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2180,i,14074570221467818592,8360864355931828750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://review-page-violation-issue-meta-center.vercel.app/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4424 --field-trial-handle=2180,i,14074570221467818592,8360864355931828750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2180,i,14074570221467818592,8360864355931828750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4424 --field-trial-handle=2180,i,14074570221467818592,8360864355931828750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1466497
Product:	CloudBasic
Start time:	00:39:31
Start date:	03.07.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://review-page-violation-issue-meta-center.vercel.app/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://review-page-violation-issue-meta-center.vercel.app/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://review-page-violation-issue-meta-center.vercel.app/