Click to jump to signature section
| Source: http://foristika.ru//?u=bt1k60t&o=xq063q5&t=cid:6599&cid=6599-9304-20220316171917f717c5 | SlashNext: Label: Internet Scam type: Phishing & Social Engineering |
| Source: http://foristika.ru/media/gambling/en/slots/loader.gif | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/util/pgamble.js?v=8 | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/web/ | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/jquery-1.11.3.min.js | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/util/utils-gmb.js | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/overlay.png | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/de1.png | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/web/2 | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/de2.png | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/1.png | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/backbutton_gmb.js | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/mainstream/alert.mp3 | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/icon.js | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/cookie/js.cookie9.js | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/de3.png | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/overlay2.png | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/style1.css | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/confetti.js | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru//?u=bt1k60t&o=xq063q5&t=cid:6599&cid=6599-9304-20220316171917f717c52 | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/sound.js | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/777.png | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/1.css | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/gambling/en/slots/ProgressiveJackpotTicker.min.js | Avira URL Cloud: Label: malware |
| Source: http://foristika.ru/media/mainstream/js1.js | Avira URL Cloud: Label: malware |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfXiRobAAAAAOanHBELMdzNwhUpK8VNf2sQ97GX&co=aHR0cHM6Ly93d3cudmVnYXNwbHVzLW1ham9yLmNvbTo0NDM.&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=eik961aauotv |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: Iframe src: https://dispatchvegasplus.com/?user_id=0&domain=https%3A%2F%2Fwww.vegasplus-major.com%2Fde%2F |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: Iframe src: https://dispatchvegasplus.com/localstorage.html?1647469191151 |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfXiRobAAAAAOanHBELMdzNwhUpK8VNf2sQ97GX&co=aHR0cHM6Ly93d3cudmVnYXNwbHVzLW1ham9yLmNvbTo0NDM.&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=eik961aauotv |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: Iframe src: https://dispatchvegasplus.com/?user_id=0&domain=https%3A%2F%2Fwww.vegasplus-major.com%2Fde%2F |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: Iframe src: https://dispatchvegasplus.com/localstorage.html?1647469191151 |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: HTML title missing |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: HTML title missing |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: No <meta name="author".. found |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: No <meta name="author".. found |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: No <meta name="copyright".. found |
| Source: https://www.vegasplus-major.com/de/ | HTTP Parser: No <meta name="copyright".. found |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic | Jump to behavior |
| Source: unknown | HTTPS traffic detected: 188.114.96.7:443 -> 192.168.2.3:49989 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 188.114.96.7:443 -> 192.168.2.3:49990 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 172.67.10.139:443 -> 192.168.2.3:49991 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 172.67.10.139:443 -> 192.168.2.3:49992 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 172.67.10.139:443 -> 192.168.2.3:50005 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 172.67.10.139:443 -> 192.168.2.3:50077 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.21.8.246:443 -> 192.168.2.3:50153 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 188.114.96.7:443 -> 192.168.2.3:50195 version: TLS 1.2 |
| Source: unknown | DNS traffic detected: queries for: clients2.google.com |
| Source: global traffic | HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 16 Mar 2022 14:19:17 GMTContent-Type: text/cssConnection: closeLast-Modified: Wed, 19 May 2021 13:09:04 GMTVary: Accept-EncodingETag: W/"60a50df0-2f20"Content-Encoding: gzipCache-Control: no-transformData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 5a 49 8f db 38 16 fe 2b 42 07 85 2a 4f 24 45 fb 66 74 4d d2 5d 19 60 0e 7d 99 ee c3 60 6e 94 44 d9 44 49 a2 46 a2 6b 89 e1 ff de 5c b4 d0 12 ed aa ae a4 9d 40 f0 22 92 6f e5 c7 47 f2 91 1f 51 d5 e0 96 68 bb b6 bc d9 12 d2 74 c9 87 0f 05 ae 49 67 6e 30 de 94 10 34 a8 33 33 5c 7d c8 ba ee 9f 05 a8 50 f9 fc f3 7f 70 8a 09 7e ff 2b ae 73 58 77 30 5f ad cd b4 c4 d9 bd 6e 12 dc ec 1f 51 4e b6 49 ec 5d ad 53 dc e6 b0 4d ec e6 49 eb 70 89 72 ad 43 e5 03 6c 0f 26 a6 df 25 78 76 74 b3 db b5 0f f0 79 9f a3 ae a1 05 49 8d 6b 78 30 d3 1d 21 b8 ee f4 14 e7 cf 7b a6 8c 21 04 27 d7 7f b4 30 dd 65 5b 48 b4 df 7e bf d6 3b 50 77 46 07 5b 54 8c 34 5a d7 80 3a d9 32 01 ba 59 a4 25 ba 87 e2 6d 4f e0 13 31 72 98 e1 16 10 84 eb 64 47 95 6f 4b 44 e5 fd 63 5f 81 76 83 ea c4 5a 37 20 cf 51 bd 49 ac 03 97 9d 82 ec 7e d3 62 da d4 c8 70 89 db e4 dd 9d 7b 17 dc fd 72 a8 00 aa 29 d5 93 21 8c f5 2d ab 79 5a f7 5c c0 8e e0 c3 16 02 ca 5e c1 a0 28 62 c7 b2 d6 e3 5b 31 c8 34 a8 4f 09 ae 92 80 72 e2 36 77 e8 0b 4c cc 00 56 87 de 10 dd 64 df dd 5e aa 8d 7d 58 ad b3 5d db 51 66 0d 46 35 a1 de 15 a2 6f b7 f6 68 96 c6 1e 9b a9 38 c8 a2 fd 94 78 cd d3 81 77 98 4a c9 62 b0 86 b6 d2 98 45 fc 6b 50 db 75 dd d1 55 3e 63 53 a4 69 b9 83 fa 4c d1 a1 75 e6 83 38 38 08 8c 48 d2 8e cc 67 7c 34 f6 b1 e7 ae 64 e8 ab 20 45 a4 4e f2 fd 91 d4 ae c4 64 30 d2 3f d2 53 74 8b 13 cb 36 f7 fe a5 0d 07 60 fa 23 30 db 4d 0a 6e ec 30 d6 87 8f 19 85 ab 35 de 11 06 90 44 c0 b6 6f 6a 33 c9 3d 80 f5 11 c9 fb 06 77 88 e3 0a a4 b4 dd 8e c0 41 87 88 75 e8 16 a2 cd 96 24 8e 25 49 77 46 e9 ef dc 5f fc 38 8e d6 5f 0c 44 41 f9 94 b8 d3 08 31 5b 98 ef 97 04 c0 b7 02 8b ba b4 6b 50 5d c3 b6 db cb 06 2f fb d3 09 7c 2f 72 0e 62 8c 8c 3e 5c 7a ba 85 b0 dc 1b 8f 30 bd 47 c4 20 2d 1d 5e 05 6e ab 84 ff 2b 01 81 5f 6e ac d5 da a8 f0 97 33 95 dd e9 3a 7c b2 ea 44 b9 30 d0 d6 f9 8f 23 7e 5c f1 e3 89 1f ff 9c ba ff e3 2c 98 51 19 e8 e0 7e ec 04 66 37 73 70 51 e2 c7 64 8b 72 1a c5 d6 43 04 42 35 eb 72 83 63 55 d0 72 d7 0e 51 cd 62 bd 3f 00 72 c0 1e 73 a4 04 3e f5 78 7a 39 2c b2 90 73 9b a3 87 91 ff 6d 06 d9 88 be 65 03 fe 96 80 b4 84 b7 84 37 22 ed 2d c9 59 d3 5e 03 a3 84 05 49 16 23 9c 0d 12 de 9e 85 ab 63 ce f4 e5 88 3b ff ea |
Edit tour
chrome.exe (PID: 6212 cmdline: 
