Click to jump to signature section
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | Joe Sandbox AI: Score: 7 Reasons: The URL 'www.facebook.com' is a legitimate domain associated with Facebook, not Auckland Transport., Auckland Transport is a known brand associated with the domain 'at.govt.nz'., The presence of input fields for 'Email address or phone number' and 'Password' on a domain not associated with Auckland Transport is suspicious., The URL does not match the legitimate domain for Auckland Transport, indicating a potential phishing attempt. DOM: 2.1.pages.csv |
Source: 0.45.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: http://smandorys.com/page/bouncy.php?&bpae=GbhGcr0... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to a suspicious domain. The script appears to be obfuscated and is attempting to forward the user to a potentially malicious URL. This combination of factors strongly suggests that this script is highly suspicious and likely malicious in nature. |
Source: 0.44.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: http://smandorys.com/l/pl--a----2/?author=1... The provided JavaScript snippet exhibits several high-risk behaviors, including the use of obfuscated URLs and potential data exfiltration. The script appears to be redirecting the user to a suspicious domain, which raises concerns about its legitimacy and potential malicious intent. While the script may have some legitimate functionality, such as detecting if it's running in an iframe or a popup, the overall behavior and the use of heavily encoded URLs suggest a medium to high-risk scenario that requires further investigation. |
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | HTTP Parser: <input type="password" .../> found |
Source: https://gobazaar.click/ | HTTP Parser: No favicon |
Source: http://fywiei.com/f.php?e=TOvMWErhvpfrl%2FFg01dFl349fjdZd0VhWWRUbHFNeXA1ZlhtemZBYU16N3RGMVFYSzJXODMvbG9UaHdTSjB0S2xXdzFrbXJCYWh5cXA5dndaT2hRUi83cmlKWEZmeGp6ZlRqWm1FYjFLWllWQ1lmMXJVeEp2aUdONEdFWXVOekk1cDFZOGxFU1BvZUZRTnBBdXFpOXFhUUdtMGd4Tmh5b1FXTUZleS94SzBkby9QK1NuNm1vdTMya2JEL05mSEhrbHhHOU9wWDZGUGY4Mlc5R09PemdDbzB3dFkvVEN5T0lLcDduZVBGdUpsbVdvRWRzdXFRUHhuOEgwdDFyL3lUODcvZXFCekJ4NlljWFBXY1BhbDkyVjVybm5uc3VDVDBuNnNsYnZma0lnVGxNKzZQZXZIS09YRlpYSnA1SHU0VVZIdkxjaUlmZE9NbDRCUUo3Q1NKemhDWm13bEFWc2RlQVd0OUVOYWtmbjJtWmJ5SDhrNi80WkRMZGMvbW8yNU9sTEZPRWFIRWxEN1lHTFl0ZTR0QkUvbDdySW5XTWREMUNVZGRvMGhtdWtSamF3UG9rdklVckRPYVFWTEtYY08zWUZQRkJEejA0cytmbzZyUkxjSHQ%3D | HTTP Parser: No favicon |
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | HTTP Parser: No <meta name="author".. found |
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | HTTP Parser: No <meta name="author".. found |
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | HTTP Parser: No <meta name="author".. found |
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | HTTP Parser: No <meta name="author".. found |
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | HTTP Parser: No <meta name="copyright".. found |
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | HTTP Parser: No <meta name="copyright".. found |
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | HTTP Parser: No <meta name="copyright".. found |
Source: https://www.facebook.com/61571877805803/posts/122095292948729260/?rdid=n8weykmBJH8xlSs8 | HTTP Parser: No <meta name="copyright".. found |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | HTTP traffic detected: HTTP/1.1 200 OKdate: Sun, 12 Jan 2025 20:44:03 GMTserver: Apachevary: Accept-Encodingcontent-encoding: gzipcontent-length: 1144content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 56 5d 73 e2 36 14 7d 4e 66 f2 1f 34 ec b4 90 d9 2e d8 21 6c 43 82 d3 09 f1 07 21 c1 04 7f e3 97 8e 6d c9 d8 58 fe 58 59 38 98 9d fc f7 ca 40 76 bb ed 43 fb b8 0f f1 8b 6d e9 5c dd 73 a5 73 cf 68 14 d1 14 df 9e 9d 8e 22 e4 c1 e6 4d 63 8a d1 6d 99 7a 19 cc 49 5d 76 83 3c 1d f5 0e 83 6c b6 0c 48 5c 50 40 eb 02 09 2d 8a b6 b4 b7 f6 2a ef 30 da 02 25 09 84 56 6f 5d f6 c2 38 5b 21 52 90 38 a3 bd 38 0e 51 37 8d b3 ee ba 6c dd 8e 7a 07 ec 7f ae c5 00 95 47 00 41 30 26 28 a0 7f e2 38 4b 80 00 da 11 a5 c5 75 af 17 d6 2f 31 8a 1b 72 bd b0 5b 44 c5 1f 48 30 e6 d5 cc 96 48 54 15 21 c1 bf 5c c8 f2 8a e3 a1 8c fb 97 c3 70 0d 5d c8 59 91 6d 6b a6 3f 91 55 e4 dc f1 2e 8e 28 4a dd f1 d2 e4 3f ab 7d 4d 99 59 f2 52 df 4d 9d b9 38 ab 7c 65 68 7a 13 68 e8 eb 31 a7 5f 6c 1d b8 93 89 ef 4c ef 97 76 34 08 9c bb 01 cc a0 67 5c 44 9a 19 5f f5 83 14 3f da 92 9b 22 a5 f8 ec 62 ed 8b 9d f2 f2 72 2d 3f d9 18 db 0b 1e a7 33 67 6a 21 a9 b8 f0 4c 38 57 25 28 db 8e 35 47 49 c2 07 a2 ec ce 95 ad 6c f2 e3 ca 35 5d cd c8 c6 63 e8 c8 c5 dc 91 23 d3 84 74 a6 c0 4b 23 8d 06 3e 2f 3b 86 e9 62 a4 0f 2f f5 dd 38 f1 eb e1 e2 91 57 37 6a ca 57 d0 98 d5 de c5 54 7a e2 06 a9 2e 45 c4 9f 44 93 b9 39 7c b1 45 57 31 95 e5 e5 0c 07 03 8d 1b 3e a3 14 8a fe 6e dc 87 72 52 59 92 3a 30 38 fc 14 88 70 e3 5a 63 05 9a 45 e9 5b b0 d2 6c 6d c7 f2 6b e6 24 da cc a5 d5 0b 14 e5 fa a9 8f cd b9 18 54 ae 23 df a3 64 7a a9 62 bc b6 e5 b1 b3 e4 c7 91 2f 26 b5 b5 b6 6a 3f 1d 6c 82 be 25 5a e2 78 a3 66 6a b9 cc dc d4 e3 70 66 29 5b f5 71 e7 2e 5c c7 7d d0 b9 e1 52 c3 c5 52 cf ee 78 7d 62 72 96 e5 3e c0 64 bb f6 4c 9c ba d2 50 f5 45 ed de 34 f3 fe 82 57 1f 51 1a 89 6c 0f fb be 24 db c1 85 86 17 16 e4 e6 a6 35 5f da 34 f5 d7 53 6a a7 d3 81 2e 46 44 8d af 38 3b d1 66 ae c2 ce cb be aa 55 73 58 1a 92 fb ac d9 f2 83 66 6f 25 95 c7 13 43 c6 9c 6b 68 dc 22 31 2b 5f 84 b5 6e 0f 1c c3 d6 a4 99 a9 5a ae a2 55 33 25 a2 d0 a6 ba 97 ca 7d 53 19 12 98 60 2b 48 b4 e7 a5 25 db 86 44 97 4b ee 6a 67 9b ee 42 4b a6 12 5a df 71 41 cd 38 ec dc da 64 dc f5 c9 e2 97 be f8 6b fb e6 ec f4 ec b4 d7 03 3a a2 c0 03 34 4e 51 be a1 20 0f 41 9f e3 40 1a 63 1c 97 28 c8 33 58 02 9a 03 b4 45 c1 86 22 06 7c d3 35 88 43 40 23 04 fe d6 30 a0 20 79 ca a2 40 e8 c5 b8 04 61 4e 40 99 a7 88 85 78 65 9e 9d 9d 86 9b 2 |