Click to jump to signature section
| Source: https://url.us.m.mimecastprotect.com/s/cx8GCJ6Aj8C8mZ33UVfXHy0nVz?domain=canva.com | SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL '6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev' does not match the legitimate domain 'microsoft.com'., The domain 'ar-io.dev' is not associated with Microsoft and appears to be a third-party domain., The URL contains a long, random-looking subdomain which is a common tactic used in phishing to obscure the true nature of the site., The presence of a random string in the subdomain is suspicious and indicative of phishing. DOM: 2.8.pages.csv |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL '6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev' does not match the legitimate domain 'microsoft.com'., The URL contains a random string and a domain extension '.dev', which is unusual for a Microsoft-related domain., The presence of a random string in the subdomain is a common tactic used in phishing to obscure the true nature of the site., The domain 'ar-io.dev' does not have any known association with Microsoft. DOM: 2.9.pages.csv |
| Source: https://www.canva.com/design/DAGXBQfQ3AM/BvO9V97vV3Qk87FqBY6pdQ/view?utm_content=DAGXBQfQ3AM&utm_campaign=designshare&utm_medium=link&utm_source=editor | Joe Sandbox AI: Page contains button: 'Download' Source: '1.4.pages.csv' |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: Number of links: 0 |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: <input type="password" .../> found but no <form action="... |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: Total embedded image size: 123322 |
| Source: https://www.canva.com/design/DAGXBQfQ3AM/BvO9V97vV3Qk87FqBY6pdQ/view?utm_content=DAGXBQfQ3AM&utm_campaign=designshare&utm_medium=link&utm_source=editor | HTTP Parser: Base64 decoded: 1732114887.000000 |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: Title: Sharing Link Validation does not match URL |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: Invalid link: Privacy & Cookies |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: Invalid link: Privacy & Cookies |
| Source: https://cdn.metadata.io/site-insights.js | HTTP Parser: (function () { /** * @type {string} key for the visitor id cookie. */ const visitoridkey = "metadata_visitor_id"; /** * @type {string} key for the session id cookie. */ const sessionidkey = "metadata_session_id"; /** * @type {string} ip address of the client. */ let ip; /** * account configuration object. */ const config = { invalid: true }; /** * options object. */ const opts = { /** * @type {string} base url for the cdn. */ cdnbaseurl: "https://cdn.metadata.io/pixel/config", /** * @type {string} base url for the api. */ baseurl: "https://api-gw.metadata.io", /** * @type {string} account id. */ accountid: null }; /** * get the value of a cookie. * @param {string} key - the key of the cookie. * @returns {string|null} the value of the cookie, or null if not found. */ const getcookievalue = (key) => { const cookie = document.cookie.split("; ").find(function (cookie) { ... |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: <input type="password" .../> found |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: No favicon |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: No favicon |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: No favicon |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: No <meta name="author".. found |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: No <meta name="author".. found |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: No <meta name="copyright".. found |
| Source: https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8CGeYTDpQv6SFNO4jcQyvZPSCjxO2TkhfxZ3B76bmuI | HTTP Parser: No <meta name="copyright".. found |
| Source: unknown | HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.12:49720 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.12:49722 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.12:49739 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.12:49930 version: TLS 1.2 |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | HTTP traffic: Redirect from: www.canva.com to https://6aqz4yjq5fbp5equ2o4i3rbsxwj5ecr4j3mtsil7cz3qppu3tlra.ar-io.dev/8cgeytdpqv6sfno4jcqyvzpscjxo2tkhfxz3b76bmui |
| Source: Network traffic | Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.12:49911 -> 172.217.21.36:443 |
| Source: Network traffic | Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.12:49923 -> 142.250.181.68:443 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.60 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.60 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.60 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.60 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.60 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.60 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.60 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.218.208.109 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: global traffic | HTTP traffic detected: GET /s/cx8GCJ6Aj8C8mZ33UVfXHy0nVz?domain=canva.com HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /r/Vg0t0PTdWB03w6YzIYq7rjxC1YfGqzMu5H-q2MB0uKh_5gy4emB1DoIFuQ3HEQLzivQGoOZ2z4WTQGj9iVnnpR5ZhFgtsRAmFNXaDTdRAJ8s8QSfI8YK7NGFWFAWLDD2heW0VODyavLe3Bu5Zdfbozkx5FM3afQVtBX39N06ZhcEN_SJmRVmYf10wKDEShZOqG5BIQq8uLK02EdFpfO0SgWdzbZth6KXT8qb4iC7K69snz3DOYU6_3vYNXrL06op70oVsW7TQWlI3darB4rifqJASQHCJM_CjneVLpDbLfxCiwizyLdH4ZNS-QzNKw68KzB0PJKAQoR9DbvHrsxPKyybDt4j4KTcrAZwxtzSLjpGAkmtC8NXcO-xI3a4XqHxAvUASfMtUeAMXtFmFBJuLTAMXM_QlZbswiKfoyNBlGriVPS5BNKhpISP6aTJHk1zLdejH-gynqhCTWsdOtrYUEcmCSFBgJrGpcJhs_stD1Ij6_k1Z0vug2JnjN5Mym3jVe6s_uzyVkW90OSQfNtMZWl0bAab6LP6JQrxZQFHuygoEdcWvfXxcNGxLS1RhVxrdgBuOFj3qA74_t4T6pN71XuPhjq5jU37orHc8jWouDTiSWFqobE7TebeML11i0som-mVtQK38RqT6gIAfEdvBVzy1-eNfNDGpduRqpdQSWDtx82wAW02hb5SEVoOs3aCQy_fzWXWVcT6jjbr3_qllB1DzaiJRUXt6hJv19SCRHUMGIv1k6caAa7xCmiCxUdH-97vJm1IEUnXKqMX-Yfa74t_-QZQLeIsbJs8CJEDB9JP_qF18g1BTqoS7SuEpnnNQ4ZaWqziQOnCi7roJmKXErvckq9oX9dUBQZTqcO9nZK3X6lGTQZYhxuSLJpfqnplxhOGaiF0TST8rJNmx1jN1ctGsa5ZC0CYgf1-OF7OYDkbWJdR5BeGgpzCv_Iz-BSFaQC2opCP62Dk9z_h8jBGUnE3a8z484fBTuYyqriky8DNZHUi5Bw71laziuQ7gyt3iuIDjBKcPW3bZRgWQ-8U0TELrLjW_LHCXhR6y_uFgK5qvTkQbZFwvvtvmbAwHJBcd1eZb628-jRVkzEWidMv8GSbBZyzAVL-XBLixifHjbj5fjNociqv1F5uTFGRWa1rEA1y_6xvlNg_CTXm3JQYEIt5HtUIq892bBAcfmwwmEbSrfr0UJVJgOh7OpzrL03XOQZNfvmbXkOBDwjDo4Qf7H0XlKZDXbN8b0ffV7c35KbW0PSJx1ohy4xryPXQUpxaIuCBb_ep5my3NzZPUWs_y_xSfHA8BE-Z8d6uEGTBOR2cdWYZaMusqRZwGsY4fISNGmsOT1m5ZtqoWyHsBOMfFP2QCPAKh4ehQNYdjMcLjgHU3NzE-BIvy9ABX3-eu-vDK-kkwOITNvghXqP35ivEcPvuqMBw9C8d1qiEIXsKG5hST3JbdFkcYkegmsuUq6fo0BHBAJLDbt0fzI0MWXrgP2uHGMjb_iCHIbXoewck-QZPhukUgCheT9ZVmDpnIKulfbaFgdu1FTB4nCinhSPA34UtoM1OS8OnmvIC5efQ5PFNWtYRHwLJCqqzsMbIXV-aa0me2aX7PaIQebcp6SjNfOYQxARGK1khbGzjy7cEIeYicSy0omo4ExHomq52Z4C6v0TIXGeTG7FLlVmFgvIWqh7b4NlJNUgD-foVWnIDJXcrikOsZDkFx0ONJvqNZdxvPz0mmA6la205cIv7gmgPk51J3TGctzl94R7JtfrOXIcBuOLFQVuOMWHeQzWe9EuxMNizlOYr9RRjXEBufhr3tOWdeJk9kxr3nue2m83KYUWRIbkq5gfJRraJx6JkrwJcO2wdt42fD3QrqykHLtjCYL_fujYdHDiY1FYhfM4VyDmdnx1ZHfJjjWrvFVzjVSH1hFegtTd1ShX4wuw4r8m0SHNcqW3dEAxD5hRAMkSnyQtVqpALFhaA95asZ7j2TPka_lfzLz3fj18D23QKb51Wl2EtBjGebabDlGHPswsev5lokDiOlw_Mvd92QG97oARtu8LHtyptBPuTZ7cbCZVyvw-ZRLOzGjSR6hGBu_LPNk790EPom4CrukrSeOmse1qRIMgvzO8ZqO9D39_ec76aJK-U-LFwJZ6R3plpvHvfmtlU3E98pbzwgH2hGsTh8pKmGNKFqT0925ebNXhTWcu-ydNeoKbmWvw-IuuLyFz3Y-2Eb20ITAJFY5rJ09nn_G6zcx0K0EI4axS6tQzVojV6SWFbvpdKfPXumUBkz0AiQVq9liKRLKCTNjiCYso90j0AvLqOzYC0mQko3mWKVLu9Nqu3_TuuoQTD5McrxKkC4JSJ5OZIEY_uCvL17D4LGzp9YgSSINWQ9jRoggtI7kXJKWhNB4HNTMUWQu3Repn3iWqqtYv0UiQZmHfoZfNIqWC-AaUkfX5RxM9JWuKT_9mOc |
Edit tour
chrome.exe (PID: 616 cmdline: 
