Click to jump to signature section
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 1.0.pages.csv |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | Tab title: Secure Registered Envelope: KEY123 ELAVON: Sales Automation Tool login credentials |
| Source: securedoc_20241209T071703.html | HTTP Parser: document.write |
| Source: securedoc_20241209T071703.html | HTTP Parser: location.href |
| Source: securedoc_20241209T071703.html | HTTP Parser: .location |
| Source: securedoc_20241209T071703.html | HTTP Parser: .location |
| Source: securedoc_20241209T071703.html | HTTP Parser: "Cox, Dylan W" <Dylan.Cox@elavon.com> |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | HTTP Parser: {'name':null,'msgID':'|1__022ea7ce00000193ab5a02e70a67814293085d0d@vmamnaj9c01dtt.servers.global.prv','flags':3073,'rid':'ImJyaWFuLmN1bW1pbmdzQGViaXpjaGFyZ2UuY29tIiA8YnJpYW4uY3VtbWluZ3NAZWJpemNoYXJnZS5jb20+','algnames':{'encryption':{'data':'AES'},'keyHash':'SHA-256'},'algparams':{'encryption':{'data':{'IV':'YO1d/DYKlTgiwTcGN/2+Tw=='}}},'keyserverhost':'res.cisco.com:443','securereplyhost':'res.cisco.com:443','openerhost':'res.cisco.com:443','toc':[['Body-1733746623211.txt',1,'','',3,[0,4946],'Body-1733746623211.txt','ISO-8859-1'],['MessageBar.html',4,'','',1,[4946,32418],'MessageBar.html','ISO-8859-1']],'salt':'l9o5D2AuIS/1bGsLngZ0GQNpn2A=','data':['','','']} |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | HTTP Parser: brian.cummings@ebizcharge.com |
| Source: https://res.cisco.com/websafe/register?uuid=31fb2ff900000193abfe6483ac2b6421fc261705&localeUI=en | HTTP Parser: <input type="password" .../> found but no <form action="... |
| Source: securedoc_20241209T071703.html | HTTP Parser: Base64 decoded: Zeppelin rules! |
| Source: securedoc_20241209T071703.html | HTTP Parser: Title: Secure Registered Envelope:KEY123 ELAVON: Sales Automation Tool login credentials does not match URL |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | HTTP Parser: Title: Secure Registered Envelope:KEY123 ELAVON: Sales Automation Tool login credentials does not match URL |
| Source: https://res.cisco.com/websafe/register?uuid=31fb2ff900000193abfe6483ac2b6421fc261705&localeUI=en | HTTP Parser: Title: New User Registration does not match URL |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | HTTP Parser: Has password / email / username input fields |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | HTTP Parser: On click: ph() |
| Source: securedoc_20241209T071703.html | HTTP Parser: <input type="password" .../> found |
| Source: https://res.cisco.com/websafe/register?uuid=31fb2ff900000193abfe6483ac2b6421fc261705&localeUI=en | HTTP Parser: <input type="password" .../> found |
| Source: securedoc_20241209T071703.html | HTTP Parser: No favicon |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | HTTP Parser: No favicon |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | HTTP Parser: No favicon |
| Source: https://res.cisco.com/websafe/register?uuid=31fb2ff900000193abfe6483ac2b6421fc261705&localeUI=en | HTTP Parser: No favicon |
| Source: securedoc_20241209T071703.html | HTTP Parser: No <meta name="author".. found |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | HTTP Parser: No <meta name="author".. found |
| Source: file:///C:/Users/user/Desktop/securedoc_20241209T071703.html | HTTP Parser: No <meta name="author".. found |
| Source: https://res.cisco.com/websafe/register?uuid=31fb2ff900000193abfe6483ac2b6421fc261705&localeUI=en | HTTP Parser: No <meta name="author".. found |
| Source: https://res.cisco.com/websafe/register?uuid=31fb2ff900000193abfe6483ac2b6421fc261705&localeUI=en | HTTP Parser: No <meta name="copyright".. found |
| Source: unknown | HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49903 version: TLS 1.0 |
| Source: global traffic | HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4xNzA3OjExOTMy/.AgeOpRcZbtMEDzFwNLlpo.VF6p-rIHlM8wIMhfs6AkjT0EIP5I111JCVsS41YWVL5.AnVK9IcQL95vT3vYuW-M59zjZS2ytmA!!/?p=0&d=%7B%27name%27%3Anull,%0D%0A%27msgID%27%3A%27%7C1__022ea7ce00000193ab5a02e70a67814293085d0d%40vmamnaj9c01dtt%2Eservers%2Eglobal%2Eprv%27,%0D%0A%27flags%27%3A3073,%0D%0A%27rid%27%3A%27ImJyaWFuLmN1bW1pbmdzQGViaXpjaGFyZ2UuY29tIiA8YnJpYW4uY3VtbWluZ3NAZWJpemNoYXJnZS5jb20%2B%27,%0D%0A%27algnames%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%27AES%27%7D,%27keyHash%27%3A%27SHA-256%27%7D,%0D%0A%27algparams%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%7B%27IV%27%3A%27YO1d%2FDYKlTgiwTcGN%2F2%2BTw%3D%3D%27%7D%7D%7D,%0D%0A%27keyserverhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27securereplyhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27openerhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27toc%27%3A%5B%0D%0A%5B%27Body-1733746623211%2Etxt%27,1,%0D%0A%27%27,%0D%0A%27%27,%0D%0A3,%5B0,4946%5D,%27Body-1733746623211%2Etxt%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27MessageBar%2Ehtml%27,4,%0D%0A%27%27,%0D%0A%27%27,%0D%0A1,%5B4946,32418%5D,%27MessageBar%2Ehtml%27,%0D%0A%27ISO-8859-1%27%5D%0D%0A%5D,%0D%0A%27salt%27%3A%27l9o5D2AuIS%2F1bGsLngZ0GQNpn2A%3D%27,%0D%0A%27data%27%3A%5B%0D%0A%27%27,%27KVMG6gmi0LZWbA0DkFidCvkZ9sxpXvama1pAgkXAh0DeZzDLAsnteICIGQb%2FaxxNeCvs80EHJsEUO1OgGjrCZVUqwL3M81Y4Yh1%2FMDhT4Yo2uIJlVBxbqBGGZJWGMNnA0pXPiumdPzmHsnmBUhcx4yoGczZBYFhO2NIUU%2BSd8z7QoVr0AzB23jNW7fR68W8Gz5mDVeCervi80SFzNiFt0JMbDYquB642zdDeFBQf%2BDf6SjiyeE4GPbuCFzNXGu4xcErBtR91sNcRtyt8NP1gk%2B9g6GskpEwoVgSspoq4ykJHPr80V%2FFtxAPQwsB9YkcwTBvT2cuHltr%2BCOJOpIKahuvP9Fa0HLAjYm1UQrTX%2BTD2f8XQ7OeAGfpC%2FJ6BPcaE0cW4SdjZER%2FbziqMnH%2FtTNO5U4JTQ6owVuG7q2d2daomnq5LXeEESFdAiR3Vw0aTpO9qWN7LX9bkxMUNvKRRHKztn3YQ0GFGc9XhGYaf7tOVbuDLb7Sk%2F%2F7H7ftVffy%2Fx%2F4XW50TY%2FlYqz8DrdNoDN3QntzjGFISEzXwaNIlgUtCBwyiT%2BtqpKk%2BlHOf%2BHLsTrzbz1%2Bnqy2IMAcaMM5Srqtvl3vno%2B%2FOHEa8lA9hP2gG1eifX0ylFc6Ite6z%2F%2BF3bR9nNw8q1utNtnfFXCxpsVmgCxbyKNJERbtTMdBurVhODrIA4s4jtbUyeSTVoKiBLKmTSHjBkaqXeScseVmgrZJX520eQlFLmacG1mds7BHXVTjoSe62MfTg8oaZea0JEtzim5sXRAbtUteR%2Bg2RwU5Y%2FH%2BbB2bQoUDAYndfXwavVvvs2NXh%2FE7AIxPYzfh72lHB6ayUftH6iUre97SM1zc4fykRlThrexLWKXK%2BrQMrMerVtQVSgSFrSKfKch5qlLLF8whDeoFtD2xPYYt49Muei1Qcvzls1KZEQkbarxpr8JwTCmnaHx1o9HGuNiTfFo1PKUJjzA4llyxWtmA5MX9CnnTyJzw0tJBzT%2BwwBvm55zDrksDIyKUGOxx6FvcgOVJ%2FAInWRm%2Fz%2FIgIzRGDgnKnMOEsCka9mXwQmSJmcexjVIrRXGPsx0E4oxBrXNZaGUeENLjwMWfoX7dfEGgXvgqPjAjLcwTnBXaGfJZ9iFBJ5sResCSiOBbGARvm0Z9M |
Edit tour
chrome.exe (PID: 5328 cmdline: 
