Windows Analysis Report
http://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7

Overview

General Information

Sample URL:	http://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7
Analysis ID:	1521688
Tags:	openphish
Infos:

Detection

HTMLPhisher

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected HtmlPhish20

Yara detected HtmlPhish44

Javascript uses Clearbit API to dynamically determine company logos

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Multi AV Scanner detection for domain / URL

Source: seoservicesiox.firebaseapp.com

Virustotal: Detection: 17%

Perma Link

Multi AV Scanner detection for submitted file

Virustotal: Detection: 16%

Perma Link

Phishing

AI detected phishing page

Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	LLM: Score: 9 Reasons: The brand 'Norton' is well-known and associated with cybersecurity products., The URL 'seoservicesiox.firebaseapp.com' does not match the legitimate domain 'norton.com'., The URL uses a Firebase subdomain, which is commonly used for hosting but not typically for well-known brands like Norton., The domain name 'seoservicesiox' is unrelated to Norton and appears suspicious., The presence of an email input field on a suspicious domain increases the risk of phishing. DOM: 0.0.pages.csv
Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	LLM: Score: 9 Reasons: The brand 'Norton' is well-known and associated with cybersecurity products., The URL 'seoservicesiox.firebaseapp.com' does not match the legitimate domain 'norton.com'., The use of 'firebaseapp.com' suggests the site is hosted on Firebase, which is a common platform for both legitimate and phishing sites., The subdomain 'seoservicesiox' is unrelated to Norton and is suspicious., The URL structure and domain name do not align with the typical Norton domain., The presence of input fields for email and password on a suspicious domain increases the risk of phishing. DOM: 0.3.pages.csv

Yara detected HtmlPhish20

Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_61, type: DROPPED

Javascript uses Clearbit API to dynamically determine company logos

Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c

HTTP Parser: document.write(unescape('%3c!doctype%20html%3e%0a%3chtml%3e%0a%0a%3chead%3e%0a%20%20%20%20%3cmeta%20http-equiv%3d%22content-type%22%20content%3d%22text%2fhtml%3b%20charset%3dwindows-1252%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22robots%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22googlebot%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3ctitle%3ewebmail%20portal%20login%3c%2ftitle%3e%0a%0a%20%20%20%20%3cstyle%3ehtml%2cbody%2cdiv%2cspan%2capplet%2cobject%2ciframe%2ch1%2ch2%2ch3%2ch4%2ch5%2ch6%2cp%2cblockquote%2cpre%2ca%2cabbr%2cacronym%2caddress%2cbig%2ccite%2ccode%2cdel%2cdfn%2cem%2cimg%2cins%2ckbd%2cq%2cs%2csamp%2csmall%2cstrike%2cstrong%2csub%2csup%2ctt%2cvar%2cb%2cu%2ci%2ccenter%2cdl%2cdt%2cdd%2col%2cul%2cli%2cfieldset%2cform%2clabel%2clegend%2ctable%2ccaption%2ctbody%2ctfoot%2cthead%2ctr%2cth%2ctd%2carticle%2caside%2ccanvas%2cdetails%2cembed%2cfigure%2cfigcaption%2cfooter%2cheader%2chgroup%2cmenu%2cnav%2coutput%2cruby%2csection%2csummary%2ctime%2cmark%2caudio...

Found iframes

Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: Iframe src: https://
Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: Iframe src: https://

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

HTTP Parser: Total embedded image size: 76190

HTML title does not match URL

HTTP Parser: Title: Webmail Portal Login does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: No <meta name="author".. found
Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: No <meta name="author".. found

Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: No <meta name="copyright".. found
Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49761 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: seoservicesiox.firebaseapp.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_67.2.dr, chromecache_72.2.dr	String found in binary or memory: http://materializecss.com)
Source: chromecache_70.2.dr, chromecache_63.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_67.2.dr, chromecache_72.2.dr	String found in binary or memory: https://raw.githubusercontent.com/Dogfalo/materialize/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49761 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.win@17/28@22/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1972,i,10370821174566270316,8788160185051802270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1972,i,10370821174566270316,8788160185051802270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
199.36.158.100	seoservicesiox.firebaseapp.com	United States	15169	GOOGLEUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.23.100	www.google.com	United States	15169	GOOGLEUS	false
151.101.66.137	unknown	United States	54113	FASTLYUS	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
code.jquery.com	151.101.130.137	true
seoservicesiox.firebaseapp.com	199.36.158.100	true
cdnjs.cloudflare.com	104.17.24.14	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
www.google.com	172.217.23.100	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	true		unknown
https://code.jquery.com/jquery-3.6.0.min.js	false	URL Reputation: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false	URL Reputation: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.js	false	0%, Virustotal, Browse	unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js	false	1%, Virustotal, Browse	unknown
https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/materialize.min.js	false	0%, Virustotal, Browse	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false	0%, Virustotal, Browse	unknown
http://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	false		unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 55	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 56	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 57	ASCII text, with very long lines (4143)	9BECC40FB1D85D21D0CA38E2F7069511	AE854B04025DB8B7F48FDD6DEDF41E77EAE44394	A9705DFC47C0763380D851AB1801BE6F76019F6B67E40E9B873F8B4A0603F7A9
Chrome Cache Entry: 58	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 59	ASCII text, with very long lines (14271)	70489D9432EF978DB53BEBDA3E9F4C14	F24D0BCC36027BCE45C86ACFBA57B248EDB6A3F9	24B9A49D375465E659DBAECB3FDA81FBF0D3EEDBF138E29CB5229E502D8A4FA1
Chrome Cache Entry: 60	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 61	HTML document, ASCII text, with very long lines (65536), with no line terminators	F3EDB2940F0AEBE7B8CD0A1A6649C4F7	AD74A3CD3CAC8FC5B597AF6ADCD446A1EF716B4E	E4CCF07F76548379E129443B6B8A9FABF7A258AFF843B4269E8F9506E2FE71FA
Chrome Cache Entry: 62	ASCII text, with very long lines (4143)	9BECC40FB1D85D21D0CA38E2F7069511	AE854B04025DB8B7F48FDD6DEDF41E77EAE44394	A9705DFC47C0763380D851AB1801BE6F76019F6B67E40E9B873F8B4A0603F7A9
Chrome Cache Entry: 63	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 64	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 65	ASCII text, with very long lines (65449)	FB192338844EFE86EC759A40152FCB8E	E55DF1F7D6C288EE73D439BAB26DD006FFEE7AF3	29296CCACAA9ED35ED168FC51E36F54FD6F8DB9C7786BBF38CC59A27229BA5C2
Chrome Cache Entry: 66	ASCII text, with very long lines (65449)	FB192338844EFE86EC759A40152FCB8E	E55DF1F7D6C288EE73D439BAB26DD006FFEE7AF3	29296CCACAA9ED35ED168FC51E36F54FD6F8DB9C7786BBF38CC59A27229BA5C2
Chrome Cache Entry: 67	ASCII text, with very long lines (65357)	87D84BF8B4CC051C16092D27B1A7D9B3	C8B4C65651921D888CF5F27430DFE2AD190D35BF	53F7070CC4C81C278C72F7A106FD71434E766CF49B26D6EE8B0E1003D7132B3D
Chrome Cache Entry: 68	ASCII text, with no line terminators	3CCFCCCDE92F1AB15129C0AE6DD7FFCB	5F8E8CEC5CAD6F478161F85CB2A505613D75CDB1	D0C55A62B21B19AB740407CE222EFA8552A691900DB832D2B188D9AC553520B6
Chrome Cache Entry: 69	ASCII text, with very long lines (14271)	70489D9432EF978DB53BEBDA3E9F4C14	F24D0BCC36027BCE45C86ACFBA57B248EDB6A3F9	24B9A49D375465E659DBAECB3FDA81FBF0D3EEDBF138E29CB5229E502D8A4FA1
Chrome Cache Entry: 70	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 71	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 72	ASCII text, with very long lines (65357)	87D84BF8B4CC051C16092D27B1A7D9B3	C8B4C65651921D888CF5F27430DFE2AD190D35BF	53F7070CC4C81C278C72F7A106FD71434E766CF49B26D6EE8B0E1003D7132B3D

AV Detection

Antivirus / Scanner detection for submitted sample

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Multi AV Scanner detection for domain / URL

Source: seoservicesiox.firebaseapp.com

Virustotal: Detection: 17%

Perma Link

Multi AV Scanner detection for submitted file

Virustotal: Detection: 16%

Perma Link

Phishing

AI detected phishing page

Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	LLM: Score: 9 Reasons: The brand 'Norton' is well-known and associated with cybersecurity products., The URL 'seoservicesiox.firebaseapp.com' does not match the legitimate domain 'norton.com'., The URL uses a Firebase subdomain, which is commonly used for hosting but not typically for well-known brands like Norton., The domain name 'seoservicesiox' is unrelated to Norton and appears suspicious., The presence of an email input field on a suspicious domain increases the risk of phishing. DOM: 0.0.pages.csv
Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	LLM: Score: 9 Reasons: The brand 'Norton' is well-known and associated with cybersecurity products., The URL 'seoservicesiox.firebaseapp.com' does not match the legitimate domain 'norton.com'., The use of 'firebaseapp.com' suggests the site is hosted on Firebase, which is a common platform for both legitimate and phishing sites., The subdomain 'seoservicesiox' is unrelated to Norton and is suspicious., The URL structure and domain name do not align with the typical Norton domain., The presence of input fields for email and password on a suspicious domain increases the risk of phishing. DOM: 0.3.pages.csv

Yara detected HtmlPhish20

Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_61, type: DROPPED

Javascript uses Clearbit API to dynamically determine company logos

Found iframes

Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: Iframe src: https://
Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: Iframe src: https://

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

HTTP Parser: Total embedded image size: 76190

HTML title does not match URL

HTTP Parser: Title: Webmail Portal Login does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: No <meta name="author".. found
Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: No <meta name="author".. found

Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: No <meta name="copyright".. found
Source: https://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49761 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: seoservicesiox.firebaseapp.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_67.2.dr, chromecache_72.2.dr	String found in binary or memory: http://materializecss.com)
Source: chromecache_70.2.dr, chromecache_63.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_62.2.dr, chromecache_57.2.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_67.2.dr, chromecache_72.2.dr	String found in binary or memory: https://raw.githubusercontent.com/Dogfalo/materialize/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49761 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.win@17/28@22/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1972,i,10370821174566270316,8788160185051802270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://seoservicesiox.firebaseapp.com/?err=b0qmbz0rr7j7jwfxwuge2mltlfh8thi44wlmqjgij0fh5stc48aquvtmcruyumz2niptbupveoc1ahjudxaismgkdfdtvx618o8ezh9u7tzegmvb8jrkdizlrvw37e9esh2ja0lqhmdk4d9nhba61p7aog7q7cajiv6ajsm2dmmibnnyz2a23ofr9c71ddkltw1hm90vgwp4idx8608jvjqhobitxvpl3lmkole2&dispatch=63dd06g4i54iii7bd08efj53g3kd9a&id=fde8bdb7958c"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1972,i,10370821174566270316,8788160185051802270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1521688
Product:	CloudBasic
Start time:	02:11:22
Start date:	29.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs