Windows Analysis Report
http://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html

Overview

General Information

Sample URL: http://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html
Analysis ID: 1521684
Tags: openphish
Infos:

Detection

HTMLPhisher
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish64
HTML body contains low number of good links
HTML title does not match URL
Uses insecure TLS / SSL version for HTTPS connection

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: http://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social usering

Phishing
barindex
AI detected phishing page
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html LLM: Score: 9 Reasons: The legitimate domain for MetaMask is metamask.io., The provided URL (pub-0cc0980a246e413285127dab939f7379.r2.dev) does not match the legitimate domain., The URL contains a random string and uses a .dev domain, which is unusual for a well-known brand like MetaMask., The URL structure and domain name do not align with the typical format used by MetaMask., The instruction to paste a secret recovery phrase is highly suspicious and indicative of phishing. DOM: 0.1.pages.csv
Yara detected HtmlPhish64
Source: Yara match File source: 0.2.pages.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
Source: Yara match File source: 0.1.pages.csv, type: HTML
HTML body contains low number of good links
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html HTTP Parser: Title: MetaMask does not match URL
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html HTTP Parser: <input type="password" .../> found
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html HTTP Parser: No <meta name="author".. found
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html HTTP Parser: No <meta name="author".. found
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html HTTP Parser: No <meta name="author".. found
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html HTTP Parser: No <meta name="copyright".. found
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html HTTP Parser: No <meta name="copyright".. found
Source: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html HTTP Parser: No <meta name="copyright".. found
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49751 version: TLS 1.0
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49754 version: TLS 1.2
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49751 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: global traffic HTTP traffic detected: GET /index.html HTTP/1.1Host: pub-0cc0980a246e413285127dab939f7379.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-0cc0980a246e413285127dab939f7379.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-0cc0980a246e413285127dab939f7379.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /logo.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gibberish-detector.js/gibberish.min.js HTTP/1.1Host: gtomitsuka.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /confirm.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /full.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /eye-close.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tada.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-0cc0980a246e413285127dab939f7379.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gibberish-detector.js/gibberish.min.js HTTP/1.1Host: gtomitsuka.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /index.html HTTP/1.1Host: pub-0cc0980a246e413285127dab939f7379.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: pub-0cc0980a246e413285127dab939f7379.r2.dev
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: bestfilltype.netlify.app
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: gtomitsuka.github.io
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:08:18 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XHPM6D2YF2NTRDHED1JB1SContent-Length: 50Connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:08:18 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XHPM9D6XD8HS9JAACFVCSBContent-Length: 50Connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:08:19 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XHPN2HPXGCW38XWX6KV3Y2Content-Length: 50Connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:08:19 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XHPN2M2Z7073QN1T5PAFXCContent-Length: 50Connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:08:19 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XHPN2N53X6QA157BZRJB8VContent-Length: 50Connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:08:19 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XHPN2GY7MWRVD1Y476KWM5Content-Length: 50Connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:08:21 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XHPQ0ZDFB2AHD0C7W3X0VWContent-Length: 50Connection: close
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: http://jquery.org/license
Source: chromecache_73.2.dr, chromecache_71.2.dr String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_54.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_54.2.dr String found in binary or memory: https://bestfilltype.netlify.app/confirm.png
Source: chromecache_54.2.dr String found in binary or memory: https://bestfilltype.netlify.app/eye-close.png
Source: chromecache_54.2.dr String found in binary or memory: https://bestfilltype.netlify.app/eye-open.png
Source: chromecache_54.2.dr String found in binary or memory: https://bestfilltype.netlify.app/full.png
Source: chromecache_54.2.dr String found in binary or memory: https://bestfilltype.netlify.app/icon.png
Source: chromecache_54.2.dr String found in binary or memory: https://bestfilltype.netlify.app/logo.png
Source: chromecache_54.2.dr String found in binary or memory: https://bestfilltype.netlify.app/tada.png
Source: chromecache_54.2.dr String found in binary or memory: https://bexernoajind.publicvm.com/fr.php
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_54.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_54.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_54.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_54.2.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins:wght
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_63.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://jquery.com/
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://jquery.org/license
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_54.2.dr String found in binary or memory: https://metamask.io/
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://sizzlejs.com/
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_67.2.dr, chromecache_65.2.dr String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: classification engine Classification label: mal64.phis.win@17/39@20/12
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1968,i,12962784865209134176,3512103477153748555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1968,i,12962784865209134176,3512103477153748555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Confirm
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1521684 URL: http://pub-0cc0980a246e4132... Startdate: 29/09/2024 Architecture: WINDOWS Score: 64 26 Antivirus / Scanner detection for submitted sample 2->26 28 AI detected phishing page 2->28 30 Yara detected HtmlPhish64 2->30 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4 unknown unknown 6->14 16 192.168.2.6, 443, 49704, 49709 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 pub-0cc0980a246e413285127dab939f7379.r2.dev 172.66.0.235, 49716, 49717, 80 CLOUDFLARENETUS United States 11->20 22 www.google.com 142.250.186.36, 443, 49729, 49756 GOOGLEUS United States 11->22 24 7 other IPs or domains 11->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.17.24.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
142.250.186.36
 www.google.com United States
15169 GOOGLEUS false
162.159.140.237
 unknown United States
13335 CLOUDFLARENETUS false
185.199.109.153
 gtomitsuka.github.io Netherlands
54113 FASTLYUS false
18.192.94.96
 bestfilltype.netlify.app United States
16509 AMAZON-02US false
151.101.130.137
 unknown United States
54113 FASTLYUS false
151.101.2.137
 code.jquery.com United States
54113 FASTLYUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.66.0.235
 pub-0cc0980a246e413285127dab939f7379.r2.dev United States
13335 CLOUDFLARENETUS true
185.199.108.153
 unknown Netherlands
54113 FASTLYUS false

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name IP Active
gtomitsuka.github.io 185.199.109.153 true
bg.microsoft.map.fastly.net 199.232.210.172 true
code.jquery.com 151.101.2.137 true
cdnjs.cloudflare.com 104.17.24.14 true
pub-0cc0980a246e413285127dab939f7379.r2.dev 172.66.0.235 true
www.google.com 142.250.186.36 true
bestfilltype.netlify.app 18.192.94.96 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
windowsupdatebg.s.llnwi.net 87.248.205.0 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html true
    		unknown
    https://gtomitsuka.github.io/gibberish-detector.js/gibberish.min.js false
    • URL Reputation: safe
    		 unknown
    https://bestfilltype.netlify.app/full.png false
    • URL Reputation: safe
    		 unknown
    https://bestfilltype.netlify.app/confirm.png false
    • URL Reputation: safe
    		 unknown
    https://code.jquery.com/jquery-3.1.1.min.js false
    • URL Reputation: safe
    		 unknown
    https://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.html true
      		unknown
      https://code.jquery.com/jquery-3.3.1.js false
      • URL Reputation: safe
      		 unknown
      https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js false
      • URL Reputation: safe
      		 unknown
      https://bestfilltype.netlify.app/icon.png false
      • URL Reputation: safe
      		 unknown
      https://bestfilltype.netlify.app/logo.png false
      • URL Reputation: safe
      		 unknown
      https://bestfilltype.netlify.app/eye-close.png false
      • URL Reputation: safe
      		 unknown
      https://bestfilltype.netlify.app/tada.png false
      • URL Reputation: safe
      		 unknown