Source: Yara match | File source: 30509.0.pages.csv, type: HTML |
Source: file:///C:/Users/user/Downloads/Payment-Receipt.html | Matcher: Template: microsoft matched |
Source: file:///C:/Users/user/Downloads/Payment-Receipt.html | HTTP Parser: Has password / email / username input fields |
Source: file:///C:/Users/user/Downloads/Payment-Receipt.html | HTTP Parser: Has password / email / username input fields |
Source: file:///C:/Users/user/Downloads/Payment-Receipt.html | HTTP Parser: HTML title missing |
Source: file:///C:/Users/user/Downloads/Payment-Receipt.html | HTTP Parser: HTML title missing |
Source: file:///C:/Users/user/Downloads/Payment-Receipt.html | HTTP Parser: No <meta name="author".. found |
Source: file:///C:/Users/user/Downloads/Payment-Receipt.html | HTTP Parser: No <meta name="author".. found |
Source: file:///C:/Users/user/Downloads/Payment-Receipt.html | HTTP Parser: No <meta name="copyright".. found |
Source: file:///C:/Users/user/Downloads/Payment-Receipt.html | HTTP Parser: No <meta name="copyright".. found |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic | Jump to behavior |
Source: unknown | HTTPS traffic detected: 104.19.142.111:443 -> 192.168.2.3:49781 version: TLS 1.2 |
Source: unknown | DNS traffic detected: queries for: clients2.google.com |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49766 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49765 |
Source: unknown | Network traffic detected: HTTP traffic on port 49783 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49763 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49762 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49783 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49781 |
Source: unknown | Network traffic detected: HTTP traffic on port 49766 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49762 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49781 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49770 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49771 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49770 |
Source: unknown | Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49765 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49763 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: unknown | Network traffic detected: HTTP traffic on port 49771 -> 443 |
Source: global traffic | HTTP traffic detected: GET /view/vs4xxnasd8xu75by HTTP/1.1Host: docsend.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /960ba84347db823b8e7fc9cd4369a4cc.png HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /d1b2270a564efe0c37d2e01ed1c647a8.png HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Gyazo_cfwoker=i |
Source: global traffic | HTTP traffic detected: GET /960ba84347db823b8e7fc9cd4369a4cc.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.gyazo.com |
Source: global traffic | HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: data_3.2.dr | String found in binary or memory: Content-Security-Policy: default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' blob: https://d2qvtfnm75xrxf.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://*.kissmetrics.com https://*.kissmetrics.io https://api.segment.io https://cdn.segment.com https://*.id.opendns.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://*.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://*.nr-data.net https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://risk.clearbit.com https://forms.hubspot.com https://*.pubnub.com; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://*.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://*.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://*.okta.com https://*.oktapreview.com https://*.jumpcloud.com https://*.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; frame-src 'self' https://d2qvtfnm75xrxf.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://ifttt.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://d2qvtfnm75xrxf.cloudfront.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://*.id.opendns.com https://js-agent.newrelic.com https://*.nr-data.net https://www.youtube.com https://*.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://w |