Windows Analysis Report
https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0

Overview

General Information

Sample URL:	https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0
Analysis ID:	1502054
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish20

Yara detected HtmlPhish44

Javascript uses Clearbit API to dynamically determine company logos

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0	Avira URL Cloud: detection malicious, Label: phishing
Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

LLM: Score: 8 Reasons: The domain name'seoservicesiox.firebaseapp.com' is unusual and may be a typo or a misspelling. The presence of the Norton Secured logo indicates that the page is legitimate and secure, but the domain name does not match the legitimate domain associated with Norton. This discrepancy raises concerns about the authenticity of the webpage, making it likely a phishing attempt or a fake sign-in page designed to steal user credentials. The use of Firebase in the domain name, which is not typically used for security software sign-in pages, further supports this conclusion. The visual LLM's analysis is consistent with this assessment, highlighting the unusual domain name and the potential for a typo or misspelling. As a result, the phishing score is 8 out of 10, indicating a high likelihood of the site being a phishing attempt. DOM: 1.2.pages.csv

Yara detected HtmlPhish20

Source: Yara match

File source: 1.2.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match	File source: dropped/chromecache_82, type: DROPPED
Source: Yara match	File source: dropped/chromecache_91, type: DROPPED

Javascript uses Clearbit API to dynamically determine company logos

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48	HTTP Parser: document.write(unescape('%3c!doctype%20html%3e%0a%3chtml%3e%0a%0a%3chead%3e%0a%20%20%20%20%3cmeta%20http-equiv%3d%22content-type%22%20content%3d%22text%2fhtml%3b%20charset%3dwindows-1252%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22robots%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22googlebot%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3ctitle%3ewebmail%20portal%20login%3c%2ftitle%3e%0a%0a%20%20%20%20%3cstyle%3ehtml%2cbody%2cdiv%2cspan%2capplet%2cobject%2ciframe%2ch1%2ch2%2ch3%2ch4%2ch5%2ch6%2cp%2cblockquote%2cpre%2ca%2cabbr%2cacronym%2caddress%2cbig%2ccite%2ccode%2cdel%2cdfn%2cem%2cimg%2cins%2ckbd%2cq%2cs%2csamp%2csmall%2cstrike%2cstrong%2csub%2csup%2ctt%2cvar%2cb%2cu%2ci%2ccenter%2cdl%2cdt%2cdd%2col%2cul%2cli%2cfieldset%2cform%2clabel%2clegend%2ctable%2ccaption%2ctbody%2ctfoot%2cthead%2ctr%2cth%2ctd%2carticle%2caside%2ccanvas%2cdetails%2cembed%2cfigure%2cfigcaption%2cfooter%2cheader%2chgroup%2cmenu%2cnav%2coutput%2cruby%2csection%2csummary%2ctime%2cmark%2caudio...
Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0	HTTP Parser: document.write(unescape('%3c!doctype%20html%3e%0a%3chtml%3e%0a%0a%3chead%3e%0a%20%20%20%20%3cmeta%20http-equiv%3d%22content-type%22%20content%3d%22text%2fhtml%3b%20charset%3dwindows-1252%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22robots%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22googlebot%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3ctitle%3ewebmail%20portal%20login%3c%2ftitle%3e%0a%0a%20%20%20%20%3cstyle%3ehtml%2cbody%2cdiv%2cspan%2capplet%2cobject%2ciframe%2ch1%2ch2%2ch3%2ch4%2ch5%2ch6%2cp%2cblockquote%2cpre%2ca%2cabbr%2cacronym%2caddress%2cbig%2ccite%2ccode%2cdel%2cdfn%2cem%2cimg%2cins%2ckbd%2cq%2cs%2csamp%2csmall%2cstrike%2cstrong%2csub%2csup%2ctt%2cvar%2cb%2cu%2ci%2ccenter%2cdl%2cdt%2cdd%2col%2cul%2cli%2cfieldset%2cform%2clabel%2clegend%2ctable%2ccaption%2ctbody%2ctfoot%2cthead%2ctr%2cth%2ctd%2carticle%2caside%2ccanvas%2cdetails%2cembed%2cfigure%2cfigcaption%2cfooter%2cheader%2chgroup%2cmenu%2cnav%2coutput%2cruby%2csection%2csummary%2ctime%2cmark%2caudio...

Found iframes

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: Iframe src: https://

HTML body contains low number of good links

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: Total embedded image size: 76190

HTML title does not match URL

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: Title: Webmail Portal Login does not match URL

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: <input type="password" .../> found

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: No <meta name="author".. found

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49755 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49752 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49755 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2

Source: global traffic	HTTP traffic detected: GET /&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0 HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/vue@2.6.12 HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/lodash@4.17.21/lodash.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48 HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: seoservicesiox.firebaseapp.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: chromecache_94.2.dr, chromecache_99.2.dr	String found in binary or memory: http://materializecss.com)
Source: chromecache_89.2.dr, chromecache_97.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_90.2.dr, chromecache_98.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_90.2.dr, chromecache_98.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_90.2.dr, chromecache_98.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_94.2.dr, chromecache_99.2.dr	String found in binary or memory: https://raw.githubusercontent.com/Dogfalo/materialize/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49752 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.win@16/36@22/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2008,i,13600479766280448322,827089129448480983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2008,i,13600479766280448322,827089129448480983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.10.207	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.65.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
199.36.158.100	seoservicesiox.firebaseapp.com	United States	15169	GOOGLEUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false
172.217.23.100	www.google.com	United States	15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7
192.168.2.5

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.65.229	true
code.jquery.com	151.101.2.137	true
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.35	true
seoservicesiox.firebaseapp.com	199.36.158.100	true
cdnjs.cloudflare.com	104.17.25.14	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
www.google.com	172.217.23.100	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
windowsupdatebg.s.llnwi.net	46.228.146.0	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48	true		unknown
https://code.jquery.com/jquery-3.6.0.min.js	false	URL Reputation: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.js	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js	false	URL Reputation: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/materialize.min.js	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/lodash@4.17.21/lodash.min.js	false	Avira URL Cloud: safe	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false	URL Reputation: safe	unknown
https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0	true		unknown
https://cdn.jsdelivr.net/npm/vue@2.6.12	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:35:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8C39B35602C2D2A85B1B994F93D04C9D	4A9C912CDEABA50EB25BBAE19534FEAFFB7D6622	EF49FC9CB991C219E79FB5C86C4FC0F9EBDA8EBCFF50F94C8C2E80F5EA10FF9A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:35:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E837ADA00384868F571C4369F73ED488	B2BF1582BA2FC9DF9FE07E189EFC135D75A3B67C	E7C0D79187B8BF0D30ECCCD78591CF92C3C2F2BB8222625B50744D1FAD8B447F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	548C79A01F0E7A30A1780110745A1352	9701116875AF5F62E3E6460255F1F9FAC3EC5196	6AACF2FB1012A563F72E5F6D9E9E8A83314610862F84AE94F5295010E90640A2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:35:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6540CAA253FD5F79B6A932F61AC4DE8C	67F5218083863479377B6F9E08B8C0C4B0956E5A	A0C9D7F85DB80448205AD7B58AB97B413B000B3B66F357C959336AE79AF12B91
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:35:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0D6D896E7956583864C7276A19960682	2F33C1A6DE6377C897569A802DE76490E24ABEB8	1967A629CCCD45897D5980AF46A21C1827F4C52B99371026612921E7C8184BF4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:35:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F3D339E2B78D4E5E525C1C37810E48ED	57788C901E60F4C0F6DCE2CAEED0AEC3A4BAA4DA	757C32134D86874A9E6BFF905D5F35E07BA30A3210AD932B5DF037B1F971E089
Chrome Cache Entry: 81	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 82	HTML document, ASCII text, with very long lines (65536), with no line terminators	F3EDB2940F0AEBE7B8CD0A1A6649C4F7	AD74A3CD3CAC8FC5B597AF6ADCD446A1EF716B4E	E4CCF07F76548379E129443B6B8A9FABF7A258AFF843B4269E8F9506E2FE71FA
Chrome Cache Entry: 83	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 84	ASCII text, with very long lines (4143)	9BECC40FB1D85D21D0CA38E2F7069511	AE854B04025DB8B7F48FDD6DEDF41E77EAE44394	A9705DFC47C0763380D851AB1801BE6F76019F6B67E40E9B873F8B4A0603F7A9
Chrome Cache Entry: 85	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 86	ASCII text, with very long lines (14271)	70489D9432EF978DB53BEBDA3E9F4C14	F24D0BCC36027BCE45C86ACFBA57B248EDB6A3F9	24B9A49D375465E659DBAECB3FDA81FBF0D3EEDBF138E29CB5229E502D8A4FA1
Chrome Cache Entry: 87	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 88	ASCII text, with very long lines (4143)	9BECC40FB1D85D21D0CA38E2F7069511	AE854B04025DB8B7F48FDD6DEDF41E77EAE44394	A9705DFC47C0763380D851AB1801BE6F76019F6B67E40E9B873F8B4A0603F7A9
Chrome Cache Entry: 89	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 90	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 91	HTML document, ASCII text, with very long lines (65536), with no line terminators	F3EDB2940F0AEBE7B8CD0A1A6649C4F7	AD74A3CD3CAC8FC5B597AF6ADCD446A1EF716B4E	E4CCF07F76548379E129443B6B8A9FABF7A258AFF843B4269E8F9506E2FE71FA
Chrome Cache Entry: 92	ASCII text, with very long lines (65449)	FB192338844EFE86EC759A40152FCB8E	E55DF1F7D6C288EE73D439BAB26DD006FFEE7AF3	29296CCACAA9ED35ED168FC51E36F54FD6F8DB9C7786BBF38CC59A27229BA5C2
Chrome Cache Entry: 93	ASCII text, with very long lines (65449)	FB192338844EFE86EC759A40152FCB8E	E55DF1F7D6C288EE73D439BAB26DD006FFEE7AF3	29296CCACAA9ED35ED168FC51E36F54FD6F8DB9C7786BBF38CC59A27229BA5C2
Chrome Cache Entry: 94	ASCII text, with very long lines (65357)	87D84BF8B4CC051C16092D27B1A7D9B3	C8B4C65651921D888CF5F27430DFE2AD190D35BF	53F7070CC4C81C278C72F7A106FD71434E766CF49B26D6EE8B0E1003D7132B3D
Chrome Cache Entry: 95	ASCII text, with no line terminators	3CCFCCCDE92F1AB15129C0AE6DD7FFCB	5F8E8CEC5CAD6F478161F85CB2A505613D75CDB1	D0C55A62B21B19AB740407CE222EFA8552A691900DB832D2B188D9AC553520B6
Chrome Cache Entry: 96	ASCII text, with very long lines (14271)	70489D9432EF978DB53BEBDA3E9F4C14	F24D0BCC36027BCE45C86ACFBA57B248EDB6A3F9	24B9A49D375465E659DBAECB3FDA81FBF0D3EEDBF138E29CB5229E502D8A4FA1
Chrome Cache Entry: 97	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 98	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 99	ASCII text, with very long lines (65357)	87D84BF8B4CC051C16092D27B1A7D9B3	C8B4C65651921D888CF5F27430DFE2AD190D35BF	53F7070CC4C81C278C72F7A106FD71434E766CF49B26D6EE8B0E1003D7132B3D

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0	Avira URL Cloud: detection malicious, Label: phishing
Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

Yara detected HtmlPhish20

Source: Yara match

File source: 1.2.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match	File source: dropped/chromecache_82, type: DROPPED
Source: Yara match	File source: dropped/chromecache_91, type: DROPPED

Javascript uses Clearbit API to dynamically determine company logos

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48	HTTP Parser: document.write(unescape('%3c!doctype%20html%3e%0a%3chtml%3e%0a%0a%3chead%3e%0a%20%20%20%20%3cmeta%20http-equiv%3d%22content-type%22%20content%3d%22text%2fhtml%3b%20charset%3dwindows-1252%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22robots%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22googlebot%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3ctitle%3ewebmail%20portal%20login%3c%2ftitle%3e%0a%0a%20%20%20%20%3cstyle%3ehtml%2cbody%2cdiv%2cspan%2capplet%2cobject%2ciframe%2ch1%2ch2%2ch3%2ch4%2ch5%2ch6%2cp%2cblockquote%2cpre%2ca%2cabbr%2cacronym%2caddress%2cbig%2ccite%2ccode%2cdel%2cdfn%2cem%2cimg%2cins%2ckbd%2cq%2cs%2csamp%2csmall%2cstrike%2cstrong%2csub%2csup%2ctt%2cvar%2cb%2cu%2ci%2ccenter%2cdl%2cdt%2cdd%2col%2cul%2cli%2cfieldset%2cform%2clabel%2clegend%2ctable%2ccaption%2ctbody%2ctfoot%2cthead%2ctr%2cth%2ctd%2carticle%2caside%2ccanvas%2cdetails%2cembed%2cfigure%2cfigcaption%2cfooter%2cheader%2chgroup%2cmenu%2cnav%2coutput%2cruby%2csection%2csummary%2ctime%2cmark%2caudio...
Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0	HTTP Parser: document.write(unescape('%3c!doctype%20html%3e%0a%3chtml%3e%0a%0a%3chead%3e%0a%20%20%20%20%3cmeta%20http-equiv%3d%22content-type%22%20content%3d%22text%2fhtml%3b%20charset%3dwindows-1252%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22robots%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22googlebot%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3ctitle%3ewebmail%20portal%20login%3c%2ftitle%3e%0a%0a%20%20%20%20%3cstyle%3ehtml%2cbody%2cdiv%2cspan%2capplet%2cobject%2ciframe%2ch1%2ch2%2ch3%2ch4%2ch5%2ch6%2cp%2cblockquote%2cpre%2ca%2cabbr%2cacronym%2caddress%2cbig%2ccite%2ccode%2cdel%2cdfn%2cem%2cimg%2cins%2ckbd%2cq%2cs%2csamp%2csmall%2cstrike%2cstrong%2csub%2csup%2ctt%2cvar%2cb%2cu%2ci%2ccenter%2cdl%2cdt%2cdd%2col%2cul%2cli%2cfieldset%2cform%2clabel%2clegend%2ctable%2ccaption%2ctbody%2ctfoot%2cthead%2ctr%2cth%2ctd%2carticle%2caside%2ccanvas%2cdetails%2cembed%2cfigure%2cfigcaption%2cfooter%2cheader%2chgroup%2cmenu%2cnav%2coutput%2cruby%2csection%2csummary%2ctime%2cmark%2caudio...

Found iframes

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: Iframe src: https://

HTML body contains low number of good links

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: Total embedded image size: 76190

HTML title does not match URL

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: Title: Webmail Portal Login does not match URL

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: <input type="password" .../> found

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: No <meta name="author".. found

Source: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49755 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49752 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49755 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2

Source: global traffic	HTTP traffic detected: GET /&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0 HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/vue@2.6.12 HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/lodash@4.17.21/lodash.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0&err=am30dbsswi0&dispatch=8343ab8d0e5hj6i3adjgf985a2a224&id=3c92gcd9fcd73ch344898d8kfbfhk9bgjkg2h4hd7ib48 HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: seoservicesiox.firebaseapp.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

Source: chromecache_94.2.dr, chromecache_99.2.dr	String found in binary or memory: http://materializecss.com)
Source: chromecache_89.2.dr, chromecache_97.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_90.2.dr, chromecache_98.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_90.2.dr, chromecache_98.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_90.2.dr, chromecache_98.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_94.2.dr, chromecache_99.2.dr	String found in binary or memory: https://raw.githubusercontent.com/Dogfalo/materialize/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49752 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.win@16/36@22/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2008,i,13600479766280448322,827089129448480983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2008,i,13600479766280448322,827089129448480983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1502054
Product:	CloudBasic
Start time:	00:34:59
Start date:	31.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0