Windows Analysis Report
http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

Overview

General Information

Sample URL:	http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html
Analysis ID:	1521699
Tags:	openphish
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected HtmlPhish64

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Multi AV Scanner detection for submitted file

Source: http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

Virustotal: Detection: 18%

Perma Link

Phishing

Yara detected HtmlPhish64

Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

HTML body contains low number of good links

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

HTTP Parser: Title: MetaMask does not match URL

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="author".. found

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /index.html HTTP/1.1Host: pub-350a846a0e7e4389a5b4fd3d333108f4.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /confirm.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /full.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /eye-close.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tada.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /index.html HTTP/1.1Host: pub-350a846a0e7e4389a5b4fd3d333108f4.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: bestfilltype.netlify.app

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGJWB8D1AZ0ESQ3YA13W1Content-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGJWMWQZ561381FD0K8D5Content-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGK2Y6FGY22EQE5Z6QAD6Content-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGK3K9P5REHZ3XDD5A5B2Content-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGK3R1J64GSHWYQZB73AGContent-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGK3RBW71X0VH9WWDPPXRContent-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:31 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGMV3XND971E957JZZTPSContent-Length: 50Connection: close

Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_57.2.dr, chromecache_68.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_58.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/confirm.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/eye-close.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/eye-open.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/full.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/icon.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/logo.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/tada.png
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_58.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_58.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_58.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_58.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins:wght
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_58.2.dr	String found in binary or memory: https://ikulopinawaeniyan.publicvm.com/newes.php
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_58.2.dr	String found in binary or memory: https://metamask.io/
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@17/36@16/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2008,i,629292695956927927,3019262032975829470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2008,i,629292695956927927,3019262032975829470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
18.192.231.252	bestfilltype.netlify.app	United States	16509	AMAZON-02US	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.66.0.235	pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev	United States	13335	CLOUDFLARENETUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name	IP	Active
code.jquery.com	151.101.194.137	true
cdnjs.cloudflare.com	104.17.25.14	true
www.google.com	142.250.186.36	true
pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev	172.66.0.235	true
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.34	true
bestfilltype.netlify.app	18.192.231.252	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	true		unknown
https://bestfilltype.netlify.app/full.png	false	URL Reputation: safe	unknown
https://bestfilltype.netlify.app/confirm.png	false	URL Reputation: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false	URL Reputation: safe	unknown
https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	false		unknown
https://code.jquery.com/jquery-3.3.1.js	false	URL Reputation: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false	URL Reputation: safe	unknown
https://bestfilltype.netlify.app/icon.png	false	URL Reputation: safe	unknown
https://bestfilltype.netlify.app/logo.png	false	URL Reputation: safe	unknown
https://bestfilltype.netlify.app/eye-close.png	false	URL Reputation: safe	unknown
https://bestfilltype.netlify.app/tada.png	false	URL Reputation: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 51	ASCII text, with no line terminators	A3E7AA3E28B28351B30B4383BD31BF01	D161FC04259FE39E31ACFE6A45AAF8740FE7AA0C	80DB7AD5561A91B4AAF2AFBF98096BD917146E3A7DD02B61C14D9E57474AC779
Chrome Cache Entry: 52	ASCII text, with no line terminators	DAC2FF3C53CABCA570901594E536D9F3	56323C3828232007830A39159EB48643AFFBD634	DF16EA65025A489F3FFD8D44507AA9BAB44CA6E73C939BDE691CB50F95DE4336
Chrome Cache Entry: 53	Web Open Font Format (Version 2), TrueType, length 5552, version 1.0	AA42A9A3D4FC9951ED37945FF1AF85DC	6CD63D09CC1F526ABA20B654EF5B55F8104586C6	A526DAC26FCC645D428764B07FD6AE2AD3399129B75C22C8E149278157291189
Chrome Cache Entry: 54	ASCII text, with very long lines (1100), with no line terminators	8E4F858DC43CE5CD88CB1EB0C7FBBB00	66A55745B6E025FBD0D919858F04B87FBB977D6E	2158C29A6D4F27D87634D2EA188345FECEB5D744A666EF20B079F3DB00A06344
Chrome Cache Entry: 55	ASCII text	3B584B90739AC2DE5A21FF884FFE5428	DDAE0070CBC299E32AB0F61A3BDEFA3A4D4D07BE	B54469A21994F21A482F3A8E006B7F887A973E9519C3D7D55D379FF2ACD33C87
Chrome Cache Entry: 56	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 57	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 58	HTML document, Unicode text, UTF-8 text, with very long lines (2144), with CRLF line terminators	AB81CDC34E712E9F3FD75310F962FFEF	42904F427450D17438EFF772B7A45F79103139A8	70DF829F6FB0654778E3FBE61DBFD735F280C8E5C45A5701A88285AC36135015
Chrome Cache Entry: 59	ASCII text, with very long lines (32030)	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
Chrome Cache Entry: 60	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 61	ASCII text, with no line terminators	6D1358A9464BAFA3AE552A35F4ABDD4D	67133FDE074291F0C868F6E6F465E73EE39F686D	98B17DAA4A5F8678C9962555F039FDACBB1A2E77AB71D612336428C8359CDFEC
Chrome Cache Entry: 62	ASCII text	6A07DA9FAE934BAF3F749E876BBFDD96	46A436EBA01C79ACDB225757ED80BF54BAD6416B	D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
Chrome Cache Entry: 63	ASCII text	6A07DA9FAE934BAF3F749E876BBFDD96	46A436EBA01C79ACDB225757ED80BF54BAD6416B	D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
Chrome Cache Entry: 64	ASCII text, with no line terminators	0DFB013E37A638990BFB6463AA832E32	6D7757DFFD293ACC45D21635A9CE88B62B1AC0EA	5E911B2C413F46ED6D53FAF546327941159C231698B454B1C3F08BF202867233
Chrome Cache Entry: 65	ASCII text, with very long lines (32030)	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
Chrome Cache Entry: 66	ASCII text, with no line terminators	895042DE5DE5A55687A3ADD028CF58AA	662F0EDA8085B28F354E930836C00E2996000F21	9690945918E8CDDE1AF026C6036674C2EF14F469218DD6EDFD0003D3681593BB
Chrome Cache Entry: 67	ASCII text, with no line terminators	9BB50BAEE4AA569C174F1440B0F13865	A217B1DBAC3F3C342591074CC0FC41D30B5B3586	FF5209F9C142F0793C799AA92679111C58C1B23F517DB211CF491D1233112DB5
Chrome Cache Entry: 68	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 69	Web Open Font Format (Version 2), TrueType, length 7884, version 1.0	9212F6F9860F9FC6C69B02FEDF6DB8C3	AC6D71B4D5FDD2B3DABC9A06FF6C001E4251DA0B	7D93459D86585BFCDBB7E0376056226ADB25821EE54B96236FE2123E9560929F
Chrome Cache Entry: 70	Web Open Font Format (Version 2), TrueType, length 7816, version 1.0	25B0E113CA7CCE3770D542736DB26368	CB726212D5D525021752A1D8470A0FB593E0C49E	9338E65FC077355C7A87AE0D64CC101E23B9BF8AD78AE65F0F319C857311B526

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Multi AV Scanner detection for submitted file

Source: http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

Virustotal: Detection: 18%

Perma Link

Phishing

Yara detected HtmlPhish64

Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

HTML body contains low number of good links

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

HTTP Parser: Title: MetaMask does not match URL

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="author".. found

Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /index.html HTTP/1.1Host: pub-350a846a0e7e4389a5b4fd3d333108f4.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /confirm.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /full.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /eye-close.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tada.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icon.png HTTP/1.1Host: bestfilltype.netlify.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /index.html HTTP/1.1Host: pub-350a846a0e7e4389a5b4fd3d333108f4.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: bestfilltype.netlify.app

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGJWB8D1AZ0ESQ3YA13W1Content-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGJWMWQZ561381FD0K8D5Content-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGK2Y6FGY22EQE5Z6QAD6Content-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGK3K9P5REHZ3XDD5A5B2Content-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGK3R1J64GSHWYQZB73AGContent-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:29 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGK3RBW71X0VH9WWDPPXRContent-Length: 50Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, max-age=0Content-Type: text/plain; charset=utf-8Date: Sun, 29 Sep 2024 00:22:31 GMTServer: NetlifyStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Nf-Request-Id: 01J8XJGMV3XND971E957JZZTPSContent-Length: 50Connection: close

Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_57.2.dr, chromecache_68.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_58.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/confirm.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/eye-close.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/eye-open.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/full.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/icon.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/logo.png
Source: chromecache_58.2.dr	String found in binary or memory: https://bestfilltype.netlify.app/tada.png
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_58.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_58.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_58.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_58.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins:wght
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_55.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_58.2.dr	String found in binary or memory: https://ikulopinawaeniyan.publicvm.com/newes.php
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_58.2.dr	String found in binary or memory: https://metamask.io/
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_62.2.dr, chromecache_63.2.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@17/36@16/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2008,i,629292695956927927,3019262032975829470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2008,i,629292695956927927,3019262032975829470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1521699
Product:	CloudBasic
Start time:	02:21:26
Start date:	29.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://pub-350a846a0e7e4389a5b4fd3d333108f4.r2.dev/index.html